This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Spring and the fly likes Using spring security across multiple apps Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Using spring security across multiple apps" Watch "Using spring security across multiple apps" New topic

Using spring security across multiple apps

Darvesh Niz
Ranch Hand

Joined: May 12, 2008
Posts: 120
Hello All,
I have an ear file which deals with user managment. basically this application is responsible for user signin, user creation etc.. In this webapp we have spring security defined where we have mentioned url like /account/create.html should be accessible to only ROLE_ADMIN and /myaccount.html etc is allowed for ROLR_USEr etc... This work ok. when a user logs in a cookie is created for my domain this app has its applicationContextSecurity.xml file which has the protected URL resources.

Now there are some other ear hosted which deals with other parts of our website for example etc... Until now we are using java script method to see if the user cookie exists in browser then allow user to write a review. Now in order to make /writereview.html secure, they should have their url as protected in their appcontextsecurity.xml file appliction. Do they need to write their own authentication provider again, i am sure there should be a cleaner way.

i was wondering is this the correct approach, does each webapp which has their resources as protected need to implement spring security and define protected url, is there any centralized place i could do that.


Darvesh Niz
Ranch Hand

Joined: May 12, 2008
Posts: 120
any upate please
Mark Spritzler

Joined: Feb 05, 2001
Posts: 17271

We had something similar at a job I used to have.

You can customize Spring Security such that your other apps just look for the cookie and that is by implementing the RememberMeServices interface and configure Spring Security to use your custom remember me service.


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link:
subject: Using spring security across multiple apps
It's not a secret anymore!