0

I'm new to Spring 3.1 and I've been using Java EE Web Container Authentication so far for security (the <jee> tag has come in quite handy). However, the project that I'm working on has a few separate applications that need to have access to the current user's information without logging in multiple times.

Not wanting to reinvent the wheel, I've struggled with using CAS over the past couple of days and have finally got it working with the example that comes with the package. Now, what I would like to do is use the web container setup that I've created in an individual system and use it in CAS. Is this possible or do I need to be looking into some other form of gathering the user's roles?

4

1 回答 1

1

由于您使用 Java EE 身份验证,因此您的 SSO 框架应该支持 Java EE 代理。在您的情况下,SSO 框架应该支持 WebSphere。不幸的是,像 CAS 和 JOSSO ( http://www.josso.org/confluence/display/JOSSO1/Setup+JOSSO+Agent+%28SP%29 ) 这样的开源提供商不支持 WebSphere。可能您需要使用商业 SSO 框架,虱子 SiteMinder: https: //supportcontent.ca.com/cadocs/0/CA%20SiteMinder%20Agent%20for%20WebSphere%20r12%20SP2-ENU/Bookshelf_Files/HTML/index.htm? toc.htm?941171.html

另一种方法是放弃 Java EE 身份验证并在所有应用程序中使用 SpringSecurity 身份验证。在这种情况下,您将能够使用 CAS 或 JOSSO。

于 2013-04-25T03:17:06.800 回答