Sharing security context between few web applications

Question

I need to have web application which actually consist from few separate wars unified into same navigration bar on UI, i need to have all system secured but have authenticati

Answer 1

This can be achieved by following approach. In Spring, SecurityContext by default is stored in HttpSession. Instead you can configure it to store in some shared repository.

So, configuration should be changed to use your own SecurityContextRepository implementation instead of HttpSessionSecurityContextRepository. Once configured, the security framework will look at the Repository which is available to all your web applications.

The Repository can be either a database or a cached server.

Answer 2

Spring Security stores the login data in the http session. So what I would try is to share the session between the applications.

It seams that this is possible (in Tomcat) by using the Single Sing On attribute.

But be warned, sharing the session between two applications is not without danger. See this Stack Overflow question.