I have web spring MVC web application that is running in Tomcat 8. This application is calling third party for form submission and do some processing on other server. After coming back from those third party server process, my user session is gone & my application is being redirected to login page again.
I want solution that how can I maintain my user session?
Is there any solution using spring security?
I get the solution related my problem here, but WAR could not deployed on the server.
Related
I have to make an application in tomcat which core responsibility is to redirect all request coming from browser application to API server. It works like proxy server between browser application and API application. Have to write it on tomcat. How can i achieve this, do i have write a REST API application on tomcat too?
Project Description
Requirement is like we have two application one is developed on React, its a web-portal and the other one is on spring-boot as a backend application (json apis).
spring-boot application is going to be deployed on secure zone and web-portal is in DMZ. web-portal in on internet, backend application is on intranet. As web-portal is a CSR application so the api's calls from web-portal contains backend application IP/URI but it cannot be accessible from internet.
So i am planning to write an application on DMZ zone and it will be deployed on apache tomcat, so like when request comes at tomcat it redirect it to backend application server which is on intranet with all headers/payload and redirect response from backend server to web-portal.
You want to set up a reverse proxy which is a standard pattern. Take a look at the answers at Reverse Proxy Java or just search the web for "reverse proxy java".
If you are not bound to implement it in java take a look at Nginx which we use in many projects to transfer the request from the web app to the REST backend.
I have A SSO environment configured through CAS. When I log into one application and try to access the other application login it will successfully authenticate without credentials. Or, if I make a rest call to the other application when logged in through any of the SSO configured application , I am getting the result while using an application like POSTMAN. But the problem is when I am making a REST call from java back end. Instead of generating a token CAS is redirecting me to the login page... Please, let me know how to proceed.
For web application to backend communication, I will recommend using the proxy mechanism: https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough
The way to configure everything properly depends on the CAS client you use.
I have two websphere servers.One server has java web application deployed and other has BPM processes.I have configured SSO between two servers,both servers admin console is opening with SSO.
I have to open IBM BPM coach inside my web application with SSO, What should i do in my web application to open coach directly without given user and password.
For establishing SSO between multiple Websphere servers, all you have to do is enable SSO at server level, ensure that LTPA token is generated on successful login to your webapplication. Once LTPA is created, the same is propogated to the 2nd webapp/any other webapp which you access since the cookie created by the Websphere exists in browser and can be consumed by any Websphere server that participates in this SSO.
I am as well trying to setup the SSO between 2 websphere servers but i am unable to get the admin console apps logged in seamlessly.
Can you confirm the steps that you followed? I hope you are using custom standalone registry(referring to user.props & group.props for eg)
I have 2 different web applications that uses spring and are running on the same tomcat (maybe later to be separated to different tomcat for each)
My first webapp is a straight forward web application that users can login, create account, and do stuff.
The other webapp is actually executing periodically http requests (rest api) towards the first app.
My problem is i must ensure that these requests are actually legitimately being executed from webapp#2 and not from another hostile requestor.
1) How can i do that?
How can i make sure in webapp #1 that it must serve only requests from webapp #2?
I don't want to rely on IP address alone.
2) Does spring security can help me achieving this?
3) Does authenticating from web app #2 against webapp#1 via the standard spring security authentication mechanism is a viable solution? (username/pass that is only known to both webapps)
For a login you can use a service all form most facing web portal, and once authentication is successfully done than you can transfer on a spring login authenticated page and its pass access for user as well
I have developed a web application (say webapp1) running on server (say server1 ).
I have another web application (say webapp2) running on different server(say server2).
Only registered users on webapp1 must be able to log in to webapp2 using username and password from webapp1 session.
webapp1 using active directory to authenticate users. Some users of webapp1 can access webapp2 by internally going through active directory.
I want to access webapp1 fron webapp2. How can I do that?
I think you question is something like this. You have two web apps and when a request comes in your first webapp1 does some processing and other part to be done by second webapp.
This can be done by redirecting/forwarding the request to the second webapp, let the second webapp complete the remaining part of work and return it to user or to the first webapp again.
You'd want to create an API to do this.
See a similar question (for PHP but the basic concept still applies): create api using php
Build RESTful web services with Java technology:
http://www.ibm.com/developerworks/training/kp/j-kp-rest/index.html