This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes Need suggestions on security design for a web application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Need suggestions on security design for a web application" Watch "Need suggestions on security design for a web application" New topic
Author

Need suggestions on security design for a web application

SampathKumar chinnadurai
Ranch Hand

Joined: Jul 05, 2006
Posts: 44
Hi All,

We are designing security for a web application using spring security . There are 3 separate wars(3 Apps)using separate login, deployed in a JBOSS Server.
The requirement is , If the user is authenticated in one app then he should be able to access other applications without login . Is it possible to share the security context between the web application( different wars not in a single EAR ).
We discussed about the SSO , but we are trying to achieve this with spring security and with support of the App server . Is there any way ? Please provide your valuable suggestions and inputs.
If you need more information, please let me know.


Cleared SCJP 6 (87%), SCWCD 5 (94%), SCBCD 5.0(95%), PMP ,preparing SCDJWS ,OCUP
Roger Sterling
Ranch Hand

Joined: Apr 06, 2012
Posts: 426

See this thread : http://stackoverflow.com/questions/5365054/integrate-single-sign-on-using-spring-security
SampathKumar chinnadurai
Ranch Hand

Joined: Jul 05, 2006
Posts: 44
Hi Roger,

yes ,we can achieve with SSO. but we are trying for other options . Because all the wars deployed in the same server and using the same LDAP.

Thanks,
Sampath
Roger Sterling
Ranch Hand

Joined: Apr 06, 2012
Posts: 426

SampathKumar chinnadurai wrote:Hi Roger,

yes ,we can achieve with SSO. but we are trying for other options . Because all the wars deployed in the same server and using the same LDAP.

Thanks,
Sampath


I think you did not read the post. If you look at the answer to the question, it explains how to subclass the Spring objects to derive a custom security provider configuration. This subclass technique has nothing to do with SSO as it uses the Spring Security classes to derive the authority.

Hope you can read it with better comprehension.



 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Need suggestions on security design for a web application
 
Similar Threads
stateless webservers and security
Customize logs for access with Spring Security
Building a scalable performant web application
Secure Web/App Servers
What does using JAAS buy me?