0

I have an embedded jetty server with multiple wars. Each war is one part of one web application. The goal is to add the same security to all wars. My preferred security mechanism would be spring security.

There might be two solutions:

a) Define security in each war.

I could define a servlet filter in each web.xml. Problem: How can I use the same security among the different wars? Redundancy: I would have to add the same config to all web.xml.

b) Define security filter for path /*

How can I set the spring security to filter everything on the jetty?

Tristan
  • 309
  • 1
  • 3
  • 6

1 Answers1

0

What about using Apache Shiro. See Shiro vs. SpringSecurity for further information.

Super Simple Application Security with Apache Shiro by Les Hazlewood is a great introductory screencast.

Community
  • 1
  • 1
zellus
  • 9,617
  • 5
  • 39
  • 56
  • That would match solution a. But still, how can I use the same shrio in all my wars? – Tristan Jun 13 '12 at 11:37
  • @Tristan : I haven't setup a multi war setup by myself. For further references have a look at [Global HTTP Session Sharing](http://www.gigaspaces.com/wiki/display/SBP/Global+Http+Session+Sharing) and [Shiro and multiple wars within the same Servlet Container](http://shiro-user.582556.n2.nabble.com/Shiro-and-multiple-wars-within-the-same-Servlet-Container-td5560737.html) – zellus Jun 13 '12 at 14:02