I am using two different web application deployed in the same tomcat instance. One of web application and another one is REST services. When user logged into the web application and calls the REST service, REST should authenticate with the user logged in using the web application. How can i implement SSO in tomcat> If anyone have implemented it, please help mw.
Update:
I have implemented the Spring Security and J2EEPreAuthentication mechanism in my first web application. THis application invokes the second application (REST services) using the DOJO (JavaScript Framework).
Update:
I have found the solution. Please read my answer below.
Best Answer
We can implement the SSO between traditional web application and non web based application like the RESTful web services. This example shows the sample code for implementing the SSO between web application and RESTful web services. The following is the configuration in the
spring-security.xml
fileThe above code is in the web application. Also the same code can be in the REST project's spring security xml file. Add the following code into the
web.xml
file:The above code should be only in the normal web application. Then enable the SSO valve in the tomcat's
server.xml
file. Tomcat uses the cookie based SSO login. The session ids are stored in the cookies. If your browser disabled the cookie, then SSO will not work.Hope this explanation helps.