Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Virgo » Spring Security for Multiple Web Page(How to connect spring security username/password between different web application)
Spring Security for Multiple Web Page [message #799695] Thu, 16 February 2012 02:40 Go to next message
Groovy Groovy is currently offline Groovy Groovy
Messages: 2
Registered: February 2012
Junior Member
Hi,

Following my previous post in http://www.eclipse.org/forums/index.php/mv/msg/230765/798845/#msg_798845
(unfortunately no reply yet)

I try to connect the security between 2 war files, one is my applicationA and the other is my applicationB.
I want the security to work such that if I have logged in in applicationA, I do not need to login again in applicationB.

Therefore my idea is to have only 1 authenticationManager in my security plugin and use it in both applicationA and applicationB.

I finally managed to use the custom authenticationmanager in my security plugin by replacing the Form_Login_Filter. But, the problem is I still need to login when I want to access applicationB.

<http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint">
		<intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')" />
		<intercept-url pattern="/secure/**" access="isAuthenticated()" />
		<!-- Disable web URI authorization, as we're using <global-method-security> 
			and have @Secured the services layer instead <intercept-url pattern="/listAccounts.html" 
			access="isRememberMe()" /> <intercept-url pattern="/post.html" access="hasRole('ROLE_TELLER')" 
			/> -->
		<intercept-url pattern="/images/**" access="permitAll" />
		<intercept-url pattern="/login.jsp" access="permitAll" />
		<intercept-url pattern="/**" access="isAuthenticated()" />

		<logout logout-success-url="/login.jsp?loggedout=true"/>
		<!-- replaced with custom FORM_LOGIN_FILTER
		<form-login login-page="/login.jsp" default-target-url="/app/home.htm"/> -->
		
		<remember-me />
		<!-- Uncomment to enable X509 client authentication support <x509 /> -->
		<!-- Uncomment to limit the number of sessions a user can have -->
		<!--session-management invalid-session-url="/timeout.jsp"> <concurrency-control 
			max-sessions="1" error-if-maximum-exceeded="true" /> </session-management -->
		<custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
	</http>

	<beans:bean id="authenticationFilter"
		class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
		<beans:property name="authenticationManager" ref="myCustomAuthenticationManager" />
		<beans:property name="authenticationFailureHandler"
			ref="customAuthenticationFailureHandler" />
		<beans:property name="authenticationSuccessHandler"
			ref="customAuthenticationSuccessHandler" />
	</beans:bean>

	<!-- We just actually need to set the default failure url here -->
	<beans:bean id="customAuthenticationFailureHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
		<beans:property name="defaultFailureUrl" value="/login.jsp?authfailed=true" />
	</beans:bean>

	<!-- We just actually need to set the default target url here -->
	<beans:bean id="customAuthenticationSuccessHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
		<beans:property name="defaultTargetUrl" value="/app/home.htm" />
	</beans:bean>

	<!-- The AuthenticationEntryPoint is responsible for redirecting the user 
		to a particular page, like a login page, whenever the server sends back a 
		response requiring authentication -->
	<!-- See Spring-Security Reference 5.4.1 for more info -->
	<beans:bean id="authenticationEntryPoint"
		class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
		<beans:property name="loginFormUrl" value="/login.jsp" />
	</beans:bean>

	<authentication-manager alias="authenticationManager" />
	


Is there any better way? I'm very new to the spring security and now quite lost.

Really appreciate any reply..
Re: Spring Security for Multiple Web Page [message #800577 is a reply to message #799695] Fri, 17 February 2012 03:39 Go to previous message
Glyn Normington is currently offline Glyn Normington
Messages: 1222
Registered: July 2009
Senior Member
You could ask on the Spring forum as Virgo has no logic specific to Spring security, so the same issues would presumably apply when using Spring security in any OSGi environment.
Previous Topic:Example of Embedding Kernel
Next Topic:JMX Mbean registration and configuration artifacts
Goto Forum:
  


Current Time: Thu Apr 17 08:49:26 EDT 2014

Powered by FUDForum. Page generated in 0.01605 seconds