Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
I'm starting to work on a SSO solution for 3 different webapps we've produced and still maintain for the same client.
Thing is, all 3 store their users and login information in the same place through a fourth separate application which provides just basic restful api services. Which basically means that when one tries to log into, we actually call the rest service asking whether this username and password are correct.
In a way this fourth restful thingie already does at least half of the job we need.
What we need now is a way to let users log into webapp A, then follow a link (or simply type its url) to webapp B (or simply type its url) and get there already logged (or viceversa).
I've been reading a lot about CAS and openID or even oauth but can't really make up my mind about it. Is this pattern centralized? Decentralized?
My ten-thousand foot view suggests I would somehow just need to add this "missing feature" to our restful api server.
But how?
ps: these 3 are completely separated. deployed on different machines (2 of them run on glassfish, the other one runs on tomcat). different domains too.
pps: they're all spring-driven webapps (hence they use spring-security)
ppps: as of today, there are other webapps using our restul api (non spring, non java). this sso solution might have to be ready to handle those too.
![Prime Path[POJ3126] [SPFA/BFS]](https://oscimg.oschina.net/oscnet/e1200f32e838bf1d387d671dc8e6894c37d.jpg "Prime Path[POJ3126] [SPFA/BFS]")
