| Spring Security for Multiple Web Page [message #799695] |
Thu, 16 February 2012 02:40  |
Eclipse User |
|
|
|
Hi,
Following my previous post in http://www.eclipse.org/forums/index.php/mv/msg/230765/798845/#msg_798845
(unfortunately no reply yet)
I try to connect the security between 2 war files, one is my applicationA and the other is my applicationB.
I want the security to work such that if I have logged in in applicationA, I do not need to login again in applicationB.
Therefore my idea is to have only 1 authenticationManager in my security plugin and use it in both applicationA and applicationB.
I finally managed to use the custom authenticationmanager in my security plugin by replacing the Form_Login_Filter. But, the problem is I still need to login when I want to access applicationB.
<http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint">
<intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')" />
<intercept-url pattern="/secure/**" access="isAuthenticated()" />
<!-- Disable web URI authorization, as we're using <global-method-security>
and have @Secured the services layer instead <intercept-url pattern="/listAccounts.html"
access="isRememberMe()" /> <intercept-url pattern="/post.html" access="hasRole('ROLE_TELLER')"
/> -->
<intercept-url pattern="/images/**" access="permitAll" />
<intercept-url pattern="/login.jsp" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<logout logout-success-url="/login.jsp?loggedout=true"/>
<!-- replaced with custom FORM_LOGIN_FILTER
<form-login login-page="/login.jsp" default-target-url="/app/home.htm"/> -->
<remember-me />
<!-- Uncomment to enable X509 client authentication support <x509 /> -->
<!-- Uncomment to limit the number of sessions a user can have -->
<!--session-management invalid-session-url="/timeout.jsp"> <concurrency-control
max-sessions="1" error-if-maximum-exceeded="true" /> </session-management -->
<custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
</http>
<beans:bean id="authenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="myCustomAuthenticationManager" />
<beans:property name="authenticationFailureHandler"
ref="customAuthenticationFailureHandler" />
<beans:property name="authenticationSuccessHandler"
ref="customAuthenticationSuccessHandler" />
</beans:bean>
<!-- We just actually need to set the default failure url here -->
<beans:bean id="customAuthenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login.jsp?authfailed=true" />
</beans:bean>
<!-- We just actually need to set the default target url here -->
<beans:bean id="customAuthenticationSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/app/home.htm" />
</beans:bean>
<!-- The AuthenticationEntryPoint is responsible for redirecting the user
to a particular page, like a login page, whenever the server sends back a
response requiring authentication -->
<!-- See Spring-Security Reference 5.4.1 for more info -->
<beans:bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.jsp" />
</beans:bean>
<authentication-manager alias="authenticationManager" />
Is there any better way? I'm very new to the spring security and now quite lost.
Really appreciate any reply..
|
|
|
|
Powered by
FUDForum. Page generated in 0.03386 seconds
Home