Web Application and REST services SSO in tomcat and spring-security -


i using 2 different web application deployed in same tomcat instance. 1 of web application , 1 rest services. when user logged web application , calls rest service, rest should authenticate user logged in using web application. how can implement sso in tomcat> if have implemented it, please mw.

update: have implemented spring security , j2eepreauthentication mechanism in first web application. application invokes second application (rest services) using dojo (javascript framework).

update: have found solution. please read answer below.

we can implement sso between traditional web application , non web based application restful web services. example shows sample code implementing sso between web application , restful web services. following configuration in spring-security.xml file

<security:http create-session="never" use-expressions="true"                     auto-config="false"                     entry-point-ref="preauthenticatedprocessingfilterentrypoint" >          <security:intercept-url pattern="/**" access="permitall"/>         <security:intercept-url pattern="/admin/**" access="hasrole('tomcat')"/>         <security:intercept-url pattern="/**" access="hasrole('tomcat')"/>         <security:custom-filter position="pre_auth_filter" ref="preauthfilter"/>         <!-- required tomcat, prompt username / password twice otherwise -->         <security:session-management session-fixation-protection="none"/>     </security:http>      <bean id="preauthenticatedprocessingfilterentrypoint"                 class="org.springframework.security.web.authentication.http403forbiddenentrypoint"/>      <bean id="preauthfilter"                 class="org.springframework.security.web.authentication.preauth.j2ee.j2eepreauthenticatedprocessingfilter">         <property name="authenticationmanager" ref="appcontrolauthenticationmanager"/>         <property name="authenticationdetailssource"                         ref="j2eebasedpreauthenticatedwebauthenticationdetailssource"/>     </bean>       <security:authentication-manager alias="appcontrolauthenticationmanager">         <security:authentication-provider ref="preauthenticatedauthenticationprovider"/>     </security:authentication-manager>      <bean id="preauthenticatedauthenticationprovider"                 class="org.springframework.security.web.authentication.preauth.preauthenticatedauthenticationprovider">         <property name="preauthenticateduserdetailsservice" ref="inmemoryauthenticationuserdetailsservice"/>     </bean>      <bean id="j2eebasedpreauthenticatedwebauthenticationdetailssource"                 class="org.springframework.security.web.authentication.preauth.j2ee.j2eebasedpreauthenticatedwebauthenticationdetailssource">         <property name="mappablerolesretriever" ref="webxmlmappableattributesretriever"/>         <property name="userroles2grantedauthoritiesmapper" ref="simpleattributes2grantedauthoritiesmapper"/>     </bean>      <bean id="webxmlmappableattributesretriever"                 class="org.springframework.security.web.authentication.preauth.j2ee.webxmlmappableattributesretriever"/>      <bean id="simpleattributes2grantedauthoritiesmapper"                 class="org.springframework.security.core.authority.mapping.simpleattributes2grantedauthoritiesmapper">         <property name="attributeprefix" value=""/>     </bean>      <bean id="inmemoryauthenticationuserdetailsservice"                 class="com.org.inmemoryauthenticationuserdetailsservice"/>

the above code in web application. same code can in rest project's spring security xml file. add following code web.xml file:

<security-constraint>         <web-resource-collection>             <web-resource-name>wildcard means whole app requires authentication</web-resource-name>             <url-pattern>/*</url-pattern>             <http-method>get</http-method>             <http-method>post</http-method>         </web-resource-collection>         <auth-constraint>             <role-name>tomcat</role-name>         </auth-constraint>          <user-data-constraint>             <!-- transport-guarantee can confidential, integral, or none -->             <transport-guarantee>none</transport-guarantee>         </user-data-constraint>     </security-constraint>     <login-config>         <auth-method>form</auth-method>         <form-login-config>             <form-login-page>/login.jsp</form-login-page>             <form-error-page>/error.jsp</form-error-page>         </form-login-config>     </login-config>

the above code should in normal web application. enable sso valve in tomcat's server.xml file. tomcat uses cookie based sso login. session ids stored in cookies. if browser disabled cookie, sso not work.

hope explanation helps.


Comments

Post a Comment

Popular posts from this blog

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more

php - Controller/JToolBar not working in Joomla 2.5 -

relevant code: jtoolbarhelper::custom('savecategories', 'save', '', 'save', false, false); ... <input type="hidden" name="controller" value="easyblogcontroller"> according can dig docs , own previous questions, should call savecategories() function in easyblogcontroller . i've tried setting value easyblog , easyblog.php (file name) current easyblogcontroller (class name). clicking on save button refreshes page. not redirect, echo or var_dump test code put in savecategories() function. var_dump ing jrequest::getvar('controller') , 'task' return correct values. creating controller object , using $controller->execute('task'); works. the values going depend on location of controller trying call, , have couple options here. typically there controller in base folder of component (likely components/com_easyblog) in file called controller.php , class name inside ...
Read more