Single sign-on and RBAC permissions issues when combined

Category: Java EE
2013-08-13 01:39:40

Sponsored Links
I am now a total of three projects, one of which is a single sign-on login system (only verify the user name and password), the other two is the general system System A and B systems (RBAC).

I want to achieve is:
my A system (or system B) log call log, verify whether the landing after jumps back through the system A (or B system), Get logged on user permissions. When A system after a successful login will be able to directly access the B system (single sign-on).

now I have to achieve a single sign-on. After logging in, but can not get to the authority, how to solve ah? Heroes to the point.
I RBAC is also understood only in the Spring_Security on. Spring_Security comes with a RBAC, when I log on if the call comes will be able to obtain this permission. But now after separation login system, this Spring_Security access permissions function how to achieve it?

Sponsored Links

2013-08-13 01:58:35
landlord is using Spring Security to manage user authentication and authorization it.
Spring Security's RBAC I have not used, but for Spring Security's CAS fairly familiar (the current project is being used), it works roughly like this:
when entering the application system (such as where A and B systems systems), If the user has not logged in, it will jump to the CAS authentication page (equivalent to the landlord login system) login authentication, CAS is only responsible for determining whether the correct user name and password, if login is successful, the system will return to the application for authorization (assign permissions) treatment; failure, of course, needless to say. . .
configure Spring Security-CAS at the same time to configure the appropriate authorization processing bean (specifically delegated acts like your application is certainly relevant, it has to complete the preparation of the code)

~ ~
2013-08-13 02:09:09
is this drop, single sign-on, just certification.
assign permissions for each subsystem is still doing.

This is what you said, lost the single sign-on meaning. If you want to assign permissions and put that host, you have to assign permissions so that part of the subsystem and permissions checking section and remote shared data, the easiest is directly connected to a database Caesar.
2013-08-13 02:20:30
UP, expert help, I have not stated clearly in the following questions
2013-08-13 02:28:51
or who explain Spring_Security implement RBAC permissions on when those corresponding to where?
is not in memory? That's how it saved to memory?
2013-08-13 02:40:08
UP ...

2013-08-13 02:59:13
with Spring's ah. . . I drifted across the
2013-08-13 03:04:59
UP ...

heroes passing enlighten, Online ing ...
2013-08-13 03:19:10
I have come to learn. . .
2013-08-13 03:30:50
UP ...

2013-08-13 03:43:09
is there no pointing or two what?
I now use a more stupid way to achieve it. But only cope with what first complete set. Will not last. I hope master guiding instructions.

My approach is: get url determine whether each system path (such as A system path :: 8080/ASystem /), if A system path, in passing from the registry after system verification calls itself Spring_Security obtain permission action.
login system so that each registrant would go get permission.

but actually did lose a single sign of significance, because the call Spring_Security access privileges when they conducted a hidden login.

how to do and be able to log in again to obtain landing permission to do those?
2013-08-13 03:52:30
expectations. . . . . .
2013-08-13 03:57:16
landlord can talk about your single sign-on implementations do?
2013-08-13 04:13:19

recently been busy writing his thesis, the system is a success of it, that performance is not ye.
Do not talk nonsense.
my way to achieve single sign-on, and I have a separate login system, each time a user requests a page, regardless of whether already logged in, the system must jump to the login authentication method in the authentication (Filter intercept jump). By then jump back to verify that the user requests a page.

login verification system does not pass then skip the login page, the user login is successful formation of a cookie to store the user name information, and set the user name is logged, if the cookie is not destroyed, the next verification returns through.

basic way, speaking very clearly
Domain and server ip had changed since 8/23/2013. Suspend the user registration and posts for program maintenance.