We are designing security for a web application using spring security . There are 3 separate wars(3 Apps)using separate login, deployed in a JBOSS Server.
The requirement is , If the user is authenticated in one app then he should be able to access other applications without login . Is it possible to share the security context between the web application( different wars not in a single EAR ).
We discussed about the SSO , but we are trying to achieve this with spring security and with support of the App server . Is there any way ? Please provide your valuable suggestions and inputs.
If you need more information, please let me know.
yes ,we can achieve with SSO. but we are trying for other options . Because all the wars deployed in the same server and using the same LDAP.
I think you did not read the post. If you look at the answer to the question, it explains how to subclass the Spring objects to derive a custom security provider configuration. This subclass technique has nothing to do with SSO as it uses the Spring Security classes to derive the authority.
Hope you can read it with better comprehension.
subject: Need suggestions on security design for a web application