Pass user authentication between different contexts

Asked

Viewed 84 times

0

I have three java web(.War) projects with different contexts within the same EAR.

I need the user to authenticate in an application and then I traffic this information from it among the other projects.
Researching a little I found some well elaborated approaches as Single Sign On, but I do not know if it is necessary to use something so complex for this type of problem.
I would like your opinion on what approach to use.

Ambience: JSF applications using Javaee and Wildfly server

  • Since it will use in different projects, it would not be the case to save this information in a physical location, database for example?

  • I thought of an approach that would not involve bank dependency, like creating a @applicationscoped bean to control this, since it would be visible among all projects.

  • application scoped do not know if it is the best choice, it is very expensive processing and memory consumption. I have not had good experiences with this context. even more if you have many users connected.

1 answer

1

Do you know how Single Sign On works? I will speak according to the Oauth and SAML protocols, both in version 2.0. Come on, you’ll have a third person involved, an identity server, or at the time of authentication the user will not inform your credentials for your application but for the third party involved (your identity server), The same will validity credentials, function ? if yes it should generate a token (unique identification key), and return these token to the user, from now on whenever you need the user data just send this token to the identity server, ready any application that has this token will receive the user data, in this vc ensures that the user inform his credentials only once.

Have a very good product to do this, WSO2 IS from a researcher there. And remember, quality always.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.