I've got 3 web application runnning into Tomcat 7: login.war , admin.war and stuff.war
I want to secure admin.war and stuff.war by redirecting to a form-login page in login.war when accessing to protected resource
So, if I access to a protected resource in admin.war
, Spring Security redirects to login.war , ( http://localhost:8080/login/) , checks user/password/role and , if success , AuthenticationSuccessHandler bean determines URL to redirect by browser.
In this case, http://localhost:8080/admin/protected/file.properties
I tried it but when browser performs the last redirection, admin.war checks that this resource requires validation. And redirect to form-login page in login.war again.
So, admin.war doesn't know that user was valid.
Is there any way to implement a global authentication between many web applications?
This "global authentication" implies SSO but I would like to implement without CAS o external libraries/servers.
I means, I want to make something like a 'standard realm' for all web applications running under a same virtual host.
What is the right way in Spring security to perform these steps?