1

I have a Spring based application that exposes 3 authentication choices for the user. Form based, Facebook Connect and a single-sign on from an external application. I'm not sure of the proper way to authenticate the last option.

Application A (Spring Security based) Application B (non-spring based legacy app)

Security Flow: -when a secured resource in application A is requested and the user is not authenticated, application A will redirect to application B where the user will be prompted with a login form and flow through application B's security flow. Application B will then do a HTTP POST to application A (via a callback url param sent with initial request) that consists of XML that will be validated in application A for its validity and if it passes the user should be authenticated in application A. What is the best approach for this scenario using Spring Security?

c12
  • 9,557
  • 48
  • 157
  • 253

1 Answers1

2

Please see Configuring Spring Security 3.x to have multiple entry points. Just like what @limc did in that question, you can build two different tokens and two providers to handle authentication. But I think you will be fine with one provider and in that case you have to pass different details in auth token (because I assume there won't be password in XML) and based on data in details, the provider will authenticate the user (without password).

Community
  • 1
  • 1
Ritesh
  • 7,472
  • 2
  • 39
  • 43
  • @colin. no problems. As mentioned by several members in this forum, the stackoverflow style of saying thank you is to either accept answer or vote it up. Your other questions are also waiting for acceptance. :) – Ritesh Feb 25 '11 at 13:40