thank you very much, peter. yes we're going to use session replication. That's good to know we don't need to do anything.
The following are the requirements for the project:
You're already anwsered the requirement 3.
1. User authentication persists across webserver restarts
-- no need for user to have to login again after a webserver restart.
2. User authentication persists for access to multiple webapp contexts running in the same Tomcat instance.
use Tomcat container single signon feature
3. User authentication persists for access to multiple webapp contexts running in different Tomcat instances.
prefer to use session-based authentication.
Is the requirment 2 same as the requirment 3? Do I need to use CAS for the SSO besides Tomcat container single singnon feature.
Is there a way to accomplish the requirment 1 in Spring security 3.0.
Sorry about those many questions.
Really appreciate your helps.