Reputation: 983
Single sign on for multiple web applications in Java
I have multiple web applications with angularjs in the frontend and servlets in the backend. Requests are made using ajax call. Servlets then initializes java objects which fetches data using JDBC connection and returns the result.
- How can I implement single sign on for multiple applications?
- Do I need to add authentication code to existing projects or shall I implement separate project for authentication and use it across application?
Upvotes: 2
Views: 1654
Answers (1)
Reputation: 19547
Just curious, have you seen the Stormpath Java SDK? There is also a feature called ID Site that gives you a single login location for the apps you build (if you want to use it - it's optional).
A Stormpath Java SDK update will be released shortly that automates this even further for servlet-based web apps, including token authentication via OAuth 2. For example:
- User enters username/password in your AngularJS login panel.
- The username/password is sent to your Java webapp that has the Stormpath SDK inside it.
- The SDK authenticates the user and returns a secure identity token (which is actually a JWT) in the response body or cookie (or both).
- Your Angular app takes that token and sends it on all future requests to your web app.
- The SDK authenticates the token and looks up the corresponding user account.
- The user account is attached to the ServletRequest for access any time during the request's processing (for example,
Account account = request.getAttribute("account");
No server-side coding required to enable this :)
If you want early access to try this out, here is the branch: https://github.com/stormpath/stormpath-sdk-java/tree/servlet-module
And a sample application showing how to enable it: https://github.com/stormpath/stormpath-sdk-java/tree/servlet-module/examples/servlet
The SDK is 100% open source via the business-friendly Apache 2 license.
Disclosure: I'm Stormpath's CTO, but also an open-source security advocate - whether you use Stormpath or not, I'd like to see that everyone can easily secure apps.
Upvotes: 2
Related Questions
- Single Sign On [SSO] across different domains using Java
- Restrict Multiple Login of same user across 2 Web Applications
- Multiple login-config for Java webapp
- Tomcat: Multiple authentication schemes for a single web application?
- How to implement single sign on across multiple JVM based applications using Spring Security
- I have two java applications with different domain names. How can i authenticate to both with one login
- Authentication Via Servlet
- Login via Java Webapp
- Authentication Between Two Separate Web Applications
- Multiple java servlet authentication methods