Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Virgo » Spring Security for Multiple Web Page(How to connect spring security username/password between different web application)
Spring Security for Multiple Web Page [message #799695] Thu, 16 February 2012 07:40 Go to next message
Groovy Groovy is currently offline Groovy GroovyFriend
Messages: 2
Registered: February 2012
Junior Member
Hi,

Following my previous post in http://www.eclipse.org/forums/index.php/mv/msg/230765/798845/#msg_798845
(unfortunately no reply yet)

I try to connect the security between 2 war files, one is my applicationA and the other is my applicationB.
I want the security to work such that if I have logged in in applicationA, I do not need to login again in applicationB.

Therefore my idea is to have only 1 authenticationManager in my security plugin and use it in both applicationA and applicationB.

I finally managed to use the custom authenticationmanager in my security plugin by replacing the Form_Login_Filter. But, the problem is I still need to login when I want to access applicationB.

<http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint">
		<intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')" />
		<intercept-url pattern="/secure/**" access="isAuthenticated()" />
		<!-- Disable web URI authorization, as we're using <global-method-security> 
			and have @Secured the services layer instead <intercept-url pattern="/listAccounts.html" 
			access="isRememberMe()" /> <intercept-url pattern="/post.html" access="hasRole('ROLE_TELLER')" 
			/> -->
		<intercept-url pattern="/images/**" access="permitAll" />
		<intercept-url pattern="/login.jsp" access="permitAll" />
		<intercept-url pattern="/**" access="isAuthenticated()" />

		<logout logout-success-url="/login.jsp?loggedout=true"/>
		<!-- replaced with custom FORM_LOGIN_FILTER
		<form-login login-page="/login.jsp" default-target-url="/app/home.htm"/> -->
		
		<remember-me />
		<!-- Uncomment to enable X509 client authentication support <x509 /> -->
		<!-- Uncomment to limit the number of sessions a user can have -->
		<!--session-management invalid-session-url="/timeout.jsp"> <concurrency-control 
			max-sessions="1" error-if-maximum-exceeded="true" /> </session-management -->
		<custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
	</http>

	<beans:bean id="authenticationFilter"
		class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
		<beans:property name="authenticationManager" ref="myCustomAuthenticationManager" />
		<beans:property name="authenticationFailureHandler"
			ref="customAuthenticationFailureHandler" />
		<beans:property name="authenticationSuccessHandler"
			ref="customAuthenticationSuccessHandler" />
	</beans:bean>

	<!-- We just actually need to set the default failure url here -->
	<beans:bean id="customAuthenticationFailureHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
		<beans:property name="defaultFailureUrl" value="/login.jsp?authfailed=true" />
	</beans:bean>

	<!-- We just actually need to set the default target url here -->
	<beans:bean id="customAuthenticationSuccessHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
		<beans:property name="defaultTargetUrl" value="/app/home.htm" />
	</beans:bean>

	<!-- The AuthenticationEntryPoint is responsible for redirecting the user 
		to a particular page, like a login page, whenever the server sends back a 
		response requiring authentication -->
	<!-- See Spring-Security Reference 5.4.1 for more info -->
	<beans:bean id="authenticationEntryPoint"
		class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
		<beans:property name="loginFormUrl" value="/login.jsp" />
	</beans:bean>

	<authentication-manager alias="authenticationManager" />


Is there any better way? I'm very new to the spring security and now quite lost.

Really appreciate any reply..

Report message to a moderator

Re: Spring Security for Multiple Web Page [message #800577 is a reply to message #799695] Fri, 17 February 2012 08:39 Go to previous message
Glyn Normington is currently offline Glyn NormingtonFriend
Messages: 1222
Registered: July 2009
Senior Member
You could ask on the Spring forum as Virgo has no logic specific to Spring security, so the same issues would presumably apply when using Spring security in any OSGi environment.

Report message to a moderator

Previous Topic:Example of Embedding Kernel
Next Topic:JMX Mbean registration and configuration artifacts
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Apr 23 16:39:43 GMT 2024

Powered by FUDForum. Page generated in 0.03107 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly