Menu
I have such task - integrate my web application with external Single Sign-On service. It's custom non-standard implementation of SSO which is based on setting specific cookie and redirecting back to application. SSO and app are on the same domain.
Currently I'm using Spring Security filter to check this cookie on specific URL. This works just fine for scenario :
Web App -> SSO[ Supplied with callback url] -> Redirect back to my app.
But it obviously fails when user visits app which provides auth service and then "jumps" to any url of my app (and cookie is not checked because "special" url was not triggered).
What is recommended approach to solve such problem with Spring Security?
Thanks!
535
The simplest way to solve your problem is to implement your own PreAuthenticatedProcessingFilter: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6167
The question if your authentication provider provides a user name in a cookie. If it provides it – you can use this filter: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6295
Please tell me if you need any additional clarifications.
Best regards,
Michael
142
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
