I have done web developments using servlets few years ago without any frameworks, so I'm familiar with web services. Now my job requires me to modify 3 existing Spring MVC apps to combine 3 login screens into one. One app runs on Tomcat 5, two run on different versions of Tomcat 6.
And the company decides to use .net to replace Java, so it hired a .net company to write an interface [ frame ] to have a single login screen, but the content inside the frame is still produced by the 3 old Java spring apps. This is their first step to replace the Java apps.
So after the change, users will login from the front page which is in .net, and it uses user Id/password to get the roles and other info from the DB, different roles [ customer, employee, agent ] will be shown different menus and contents, then the .net app will call Java to pass the info it has [ user name, role, uid, GUID .. ], and the java program will call different existing Spring apps to display the content.
So my question is : how to use the info [ user name, role, uid, GUID .. ] I got from the .net app to store into the Spring apps, so when they check for user role for instance, they can find it. In other word, in the old Spring apps, each will check with the DB to get this info and store it in some object, now the .net will do this step for them, so which objects should I generate to simulate the spring security steps ?
See chart for details :
I've checked out the following questions, but none of them answer my question :
Spring Security 2.0.6 what calls the loadUserByName method of an UserDetailService
Spring Security : Bypass login form
But one word stands out : UserDetailsService !
Is that the object I should generate ? If so where should I store it so the Spring apps can find it ?
Correct me if im wrong but what i deduct here is that:
3 Spring Applications using Spring Security to authenticate users
NEW .NET interface that calls Spring Applications that needs to bypass Spring Security module.
If thats the case all you have to do is modify your Spring Security module for each application to remove authentication since that will be done by .NET interface.
Here is example of how authentication is setup in Spring Security:
http://spring.io/guides/gs/securing-web/
And here is the Reference Documentation that will help you achieve remove authentication on spring and implement it the way you need.
http://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/
Hope that helps.