Announcement Announcement Module
Collapse
No announcement yet.
Common login page for all web apps Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Common login page for all web apps

    I am new in SPRING development and need some help.
    I was able to create a configuration with custom login form that asks for user credentials and managing access to web pages within one web application.

    Now I want to extend this login form to all web applications on my tomcat server. I tried something like:

    <sec:form-login login-page="/login.html"
    login-processing-url="http://localhost:8080/login/"
    authentication-failure-url="/login.html?login_fail=1"
    />

    or

    <bean id="authenticationEntryPoint"
    class="org.springframework.security.web.authentica tion.LoginUrlAuthenticationEntryPoint">
    <property name="loginFormUrl" value="http://localhost:8080/login/login.html"/>
    </bean>

    But looks like, all URIs are relative and instead of opening login page from
    http://localhost:8080/login/login.html. other applications trying to find it
    within their own root directories.
    http://localhost:8080/other_app/login.html

    What should I do to obtain authentication information within same website
    with multiple web applications from a single authentication point?

    If it is impossible and I have to use a copy of login page in every servlet,
    how can I propagate authentication information without entering login information again?


    Thank you

    Mike
    Last edited by mvteplitsky; Feb 8th, 2010, 02:53 PM.

  • #2
    Since nobody answered, this is a solution I finally implemented.

    I created a filter which is called on any HTTP request. If Authentication is not found, user is redirected to the login site. Login servlet creates authentication object and a unique token and pass it back to the first page. The first page can keep the token in a Cookie and fetch Authentication at any time using some remote interface.

    This is the idea an it works. Login and taget sites can be even in different domains.

    This solution is much lighter and easier to implement than CAS service.

    Comment


    • #3
      Hi,
      i'm interested in your solution because i'm searching the same solution ... can u share some code ?!?

      Thanks

      Comment


      • #4
        Maybe we can use the Pre-Authentication?!?

        Comment

        Working...
        X