I need to have web application which actually consist from few separate wars unified into same navigration bar on UI, i need to have all system secured but have authentication only to main web application and after automatic propagation of this security context to sub web applications. I'm using spring security, could someone help me with advice? thanks

Spring Security stores the login data in the http session. So what I would try is to share the session between the applications.

It seams that this is possible (in Tomcat) by using the Single Sing On attribute.

But be warned, sharing the session between two applications is not without danger. See this Stack Overflow question.

This can be achieved by following approach. In Spring, SecurityContext by default is stored in HttpSession. Instead you can configure it to store in some shared repository.

So, configuration should be changed to use your own SecurityContextRepository implementation instead of HttpSessionSecurityContextRepository. Once configured, the security framework will look at the Repository which is available to all your web applications.

The Repository can be either a database or a cached server.