Reputation: 1360
Multiple Spring Projects, shared authentication
I've around 10 Spring-MVC projects which are deployed on a Wildfly server at home. These projects have been running for quite a while and have always been private.
However a few friends of mine have requested access, and I'm willing to give it to them. I'm planning on doing this by building a web application with AngularJS. This application will communicate with the Spring-MVC projects by calling RESTful endpoints. However some people may have access to a subset of services. I want people to register and login with those details or login by using OpenID.
This results in having to add authentication and authorization to those projects. Which can be done with Spring Security. However I don't want to implement this logic in each service.
Is it possible to create an extra service and let people login or register on this service? And let the other services check the authentication status by using this service?
Which Spring-Security security model would be smart to use (OAuth 1.0, OAuth 2.0, Basic Authentication etc)?
Is there an alternative way to implement my requirements?
Upvotes: 7
Views: 3727
Answers (4)
Reputation: 548
CAS authentication seems to be a valid choice, and there's a sample supported by Spring officially. CAS claims "CAS supports the CAS1, CAS2, and SAML protocols allowing for simple single sign-on as well as n-tier delegated authentication." Another advantage is the different platform CAS supports, in case you will build other apps other than Java Spring:
- Apache HTTP Server
- Drupal
- IIS
- Java
- PAM
- PHP
- Perl
- PL/SQL
- Ruby
- .NET
Upvotes: 0
Reputation: 12942
You have to check OAuth 2.0, it can help you to manage Authentication and Authorization of REST services. check my presentation and code in below:
https://docs.google.com/presentation/d/1wiOJTMnGWL51P6NyFTCbpJz7-TsrYYrTd6_Siv_9Sfo/edit?usp=sharing
https://github.com/bassemZohdy/Spring_REST_OAuth_Demo
Upvotes: 3
Reputation: 43087
The usual solution is to put all the servers behind a common authenticating proxy, that serves to users a common-looking login page. The authenticating proxy checks the identity of the user by comparing the username and password against values registered in an LDAP or database table, or via OpenId.
If the authentication is successful, the proxy will start redireting the users requests to the server to which the user was authenticated.
Each request forwarded from the proxy to the end server carries a pre-authentication header containing credentials that prove to the applications that the redirected request came indeed from the proxy, and that it's not a forged request.
Each Spring application is setup not to serve a login page, but to check the pre-authentication header instead. This is the Spring documentation to setup Pre-Authentication.
Have a look at this example of integration with the Siteminder authentication proxy.
The core of this solution is that the users don't make requests directly to the end servers, it all goes through the proxy that in your case needs to support OpenId.
Upvotes: 6
Reputation: 8057
Since all apps are running on the same server, you could use regular server based Java EE security may be in some coordination with spring security.
Upvotes: 0
Related Questions
- How to provide multiple Authentication providers with java configuration of spring security
- using Spring Security across different webapps
- Spring Boot project structure with Authentication
- Spring Security multiple dao authentication
- Spring Security with Multi-Tenant Architecture
- Shared authentication and SSO between two webapps
- How to implement single sign on across multiple JVM based applications using Spring Security
- Combining multiple spring applications into one
- Spring Security - multiple authentication-providers
- Authentication Between Two Separate Web Applications