how to keep user authentication across multiple Tomcat instances

[enterjavareg]

Hello Everyone,

I'm new to Spring Security and have no idea what features are available for keeping user authentication across multiple Tomcat instances.

I've read the documentation and some tutorials and still got nothing.

This new assignment has to be accomplished soon.

Please give me advises where I can find information about that.

Really appreciate any helps.

[pmularien]

Multiple instances of the same application (i.e. load balanced)? Or different applications?

[enterjavareg]

thank you, Peter.

It's the same application in differenct tomcat instances.

[pmularien]

If you are using session replication already (which I assume you are), you shouldn't have to do anything. Spring Sec stuffs authentication information in the HTTP session, and that's how it maintains state.

[enterjavareg]

thank you very much, peter. yes we're going to use session replication. That's good to know we don't need to do anything.

The following are the requirements for the project:

Code:

1. User authentication persists across webserver restarts 
   -- no need for user to have to login again after a webserver restart.

2. User authentication persists for access to multiple webapp contexts running in the same Tomcat instance.
  use Tomcat container single signon feature
  
3. User authentication persists for access to multiple webapp contexts running in different Tomcat instances.

prefer to use session-based authentication.

You're already anwsered the requirement 3.
Is the requirment 2 same as the requirment 3? Do I need to use CAS for the SSO besides Tomcat container single singnon feature.
Is there a way to accomplish the requirment 1 in Spring security 3.0.

Sorry about those many questions.
Really appreciate your helps.

[patdgonzalez@yahoo.com]

Seems to me that as long as you are doing session replication

and single sign-on (SSO) via kerberos spnego, ntlm, etc.,

you should be able to meet all of your requirements.