Search:

Thank you Dave!

I'm not afraid to write some code, just wanted to ensure that I'm not doubling an existing functionality. Thanks again.

Hi all,

is it possible to make oauth2 authentication using out of the box spring-security-oauth? I'm looking for functionality like this:

https://notebook.zoho.com/

where you can login in...

Yet another solution, if anyone is interested.

We can proxy all requests thru any of applications on the same server. This approach gives us a full-fledged shared sessions, not a simultaneous...

I came up with a solution.

Full sample project is here.

I've decided not to use remember-me and not to intrude to SSO workflow (like CAS tickets storing). It works like this:
1. While user...

Marten, thank you for help anyway.

It's not a valid use case for me. Imagine a forum as first application, for example. Anyone can read it, doesn't matter, is [s]he registered at all. There is no "Secure resources" on this...

Marten, I understand that I'm bothering you by (maybe stupid) questions, but.

All the literature you'd mentioned relies on two assumptions:
1. I can only authenticate user at ONE application at...

Hmm.. I think I'm beginning to understand. If app1 takes the ticket and (by some magic way) shares it with others on the same server, any application now can request user's credentials from CAS....

Wow... Is it really true? Our clients often have high load applications, so make a request to CAS per every page is too expensive. Is it really better solution, than use remember-me and have only one...

arthomps, I'd love to! But I haven't found any CAS solution that lets me do the simplest thing: render the user name (or login invitation) on every site page.

It's because of:
- applications have...

Partially resolved by switching back to <remember-me /> tag and using attributes (like services-ref in an example), so I can use own RememberMeServices implementation:




...
<http...

Done this part, thank you guys for help. I've tried CAS, OAuth for Spring Security and Remember-me cookie alone as SSO solutions. All works perfect, but has its own pros and cons.

Next step I want...

Marko, could you please share your solution? Thanks in advance.

I am not a Spring Security specialist, but maybe you should try first short patterns (/Login* instead of http://localhost:8080/MySite/Login), just like in the documentation example and than test if...

Guys, wanted to determine (step-by-step) how remember-me works, but I can't make working configuration to start with. Minimal config (just <remember-me />) works great, but full - not, I haven't any...

titiwangsa, thanks alot for your reply.

With your solution I've found even simpler method (strange, but it was obvious :)) - just use request.getContextPath(). Something like this works perfect (I...

Hmm. I tried this class. Looks very nice! Source thread here.

Maybe more "standard" spring methods exist?

Hi guys and sorry for stupid question (can't handle it for an hour yet):

is there an equivalent for
<jstl:url value="${myURL}" />
but for use in controllers? I need an application part too (e....

Guys,

according to this:
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/cas.html
and this:...

Sorry for my bad language. I mean "no 'server-specific'", because the only reasonable SSO solution that I can find - is to use SSO Valve for Tomcat/JBoss. So it will be great to find more versatile...

Hi Marten,

thanks for reply. Do you know any non-server specific SSO solution(-s)? I will be grateful for the links.

Hi,

can you please give me a hint, how to authorize user on few web applications at the same time?

I have:

- EAR
- - WAR 1 (example.com/)
- - WAR 2 (example.com/shop/)
- - ...