I have been asked to do an integration of our webapp into a 3rd party webapp
So if you had both webapps in the same Tomcat instance from what I know you could enable the SSO widget and you'd get SSO across webapps but for a number of reasons we are running the webapps in their own Tomcat servers.
I've used Jasig CAS before to manage SSO services, but because the main webapp is not designed or maintained by us and there is only one entry point, I'm looking for a less invasive way of managing authentication across the services.
Would a Cookie suffice of should I be looking at something else?
After thinking about it, I can see 3 main possibilities :
CasAuthenticationProvider
can use the existing AuthenticationUserDetailsService
to load roles, will allow to first authentication on any application based on this cas server (even if not a current requirement) - Cons : maybe a heavy configuration for only 2 applications I would advice you to consider the 1st or 3rd solution, even if they require slight modification of spring security on a 3rd party application, because the 2nd sounds really a dirty hack
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.