We are designing security for a web application using spring security . There are 3 separate wars(3 Apps)using separate login, deployed in a JBOSS Server.
The requirement is , If the user is authenticated in one app then he should be able to access other applications without login . Is it possible to share the security context between the web application( different wars not in a single EAR ).
We discussed about the SSO , but we are trying to achieve this with spring security and with support of the App server . Is there any way ? Please provide your valuable suggestions and inputs.
If you need more information, please let me know.
yes ,we can achieve with SSO. but we are trying for other options . Because all the wars deployed in the same server and using the same LDAP.
I think you did not read the post. If you look at the answer to the question, it explains how to subclass the Spring objects to derive a custom security provider configuration. This subclass technique has nothing to do with SSO as it uses the Spring Security classes to derive the authority.