{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 等我变得足够好 的问题《Sharing security context between few web applicati》','https://www.manongdao.com/q-1208285.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I need to have web application which actually consist from few separate wars unified into same navigration bar on UI, i need to have all system secured but have authentication only to main web application and after automatic propagation of this security context to sub web applications. I'm using spring security, could someone help me with advice? thanks
相关问题
- java.lang.IllegalArgumentException: Cannot set to
- “Zero out” sensitive String data in Swift
- Spring Data MongoDB - lazy access to some fields
- Declaring an explict object dependency in Spring
- Decoding body parameters with Spring
This can be achieved by following approach. In Spring,
SecurityContextby default is stored inHttpSession. Instead you can configure it to store in some shared repository.So, configuration should be changed to use your own
SecurityContextRepositoryimplementation instead ofHttpSessionSecurityContextRepository. Once configured, the security framework will look at theRepositorywhich is available to all your web applications.The
Repositorycan be either a database or a cached server.Spring Security stores the login data in the http session. So what I would try is to share the session between the applications.
It seams that this is possible (in Tomcat) by using the Single Sing On attribute.
But be warned, sharing the session between two applications is not without danger. See this Stack Overflow question.