This week's book giveaway is in the Java in General forum.
We're giving away four copies of Helidon Revealed: A Practical Guide to Oracle’s Microservices Framework and have Michael Redlich on-line!
See this thread for details.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Using spring security across multiple apps

 
Ranch Hand
Posts: 123
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello All,
I have an ear file which deals with user managment. basically this application is responsible for user signin, user creation etc.. In this webapp we have spring security defined where we have mentioned url like /account/create.html should be accessible to only ROLE_ADMIN and /myaccount.html etc is allowed for ROLR_USEr etc... This work ok. when a user logs in a cookie is created for my domain xyz.com. this app has its applicationContextSecurity.xml file which has the protected URL resources.

Now there are some other ear hosted which deals with other parts of our website for example www.xyz.com/writereview.html etc... Until now we are using java script method to see if the user cookie exists in browser then allow user to write a review. Now in order to make /writereview.html secure, they should have their url as protected in their appcontextsecurity.xml file appliction. Do they need to write their own authentication provider again, i am sure there should be a cleaner way.

i was wondering is this the correct approach, does each webapp which has their resources as protected need to implement spring security and define protected url, is there any centralized place i could do that.

Thansk
darniz




 
Darvesh Niz
Ranch Hand
Posts: 123
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
any upate please
 
ranger
Posts: 17347
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We had something similar at a job I used to have.

You can customize Spring Security such that your other apps just look for the cookie and that is by implementing the RememberMeServices interface and configure Spring Security to use your custom remember me service.

Mark
 
Politics n. Poly "many" + ticks "blood sucking insects". Tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic