• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Need suggestions on security design for a web application

 
SampathKumar chinnadurai
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

We are designing security for a web application using spring security . There are 3 separate wars(3 Apps)using separate login, deployed in a JBOSS Server.
The requirement is , If the user is authenticated in one app then he should be able to access other applications without login . Is it possible to share the security context between the web application( different wars not in a single EAR ).
We discussed about the SSO , but we are trying to achieve this with spring security and with support of the App server . Is there any way ? Please provide your valuable suggestions and inputs.
If you need more information, please let me know.

 
Roger Sterling
Ranch Hand
Posts: 426
Eclipse IDE Fedora Linux
 
SampathKumar chinnadurai
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Roger,

yes ,we can achieve with SSO. but we are trying for other options . Because all the wars deployed in the same server and using the same LDAP.

Thanks,
Sampath
 
Roger Sterling
Ranch Hand
Posts: 426
Eclipse IDE Fedora Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SampathKumar chinnadurai wrote:Hi Roger,

yes ,we can achieve with SSO. but we are trying for other options . Because all the wars deployed in the same server and using the same LDAP.

Thanks,
Sampath


I think you did not read the post. If you look at the answer to the question, it explains how to subclass the Spring objects to derive a custom security provider configuration. This subclass technique has nothing to do with SSO as it uses the Spring Security classes to derive the authority.

Hope you can read it with better comprehension.



 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic