I consider following architecture: web application running on Tomcat 6, users are authenticated and authorized through Spring Security 3 and CAS (Central Authentication Service). From web application users call remotely standalone application through Spring Integration 2 and JMS broker. I want such calls to be authenticated and authorized by CAS too.
My questions are:
1. Is there such architecture possible?
2. How are user credentials (or security context) passed to remote application?
3. How should be Spring Security filter chain configured there?
Thanks for any opinion,