TokenBasedRememberMeServices with Spring for single sign on across domain - 16 Dec 2012



The business requirements I have been working with dictate that users should be able to work across various deployed webapp contexts in our ecosystem with a single password-based login after registering. The databases are a convoluted collection of write-optimized administration tables and read-only datamart tables. The (horizontally scaled) Tomcat 7 application servers sit upstream nginx 1.2.6 in a single VPC.

For now I chose to use the TokenBasedRememberMeServices instead of the suggested PersistentTokenBasedRememberMeServices to make things more straightforward for a first-run through.

Remember-Me Authentication may not be the best way to go about intra-domain auto-authentication, but sharing a single cookie for example.com across app1.example.com and secure.example.com/app2/ is much easier to set-up and maintain for now.

the code

I created a complete example project at jzerbe / spring-security-gwt-template. For this blog post, the important files to take a look at are the spring-security.xml and RememberMeProvider.java files.

158 words. Post tags: Spring Security, SSO, and Token.

Post content is written by Jason Zerbe and licensed CC BY-NC 3.0.