Spring security, AJAX and SiteMinder -
i implementing spring security login , trying understand something, here scenario want implement:
- for initial login show login page , let user in.
- if after inactivity session expired , user makes action show him popup window authenticate (js-based popup in browser). continue action there no login form.
implementing form easy, how make popup work - let's make request protected url after session expired, how make sure it's not forwarded login page, login handler shows popup window?
another issue - need integrate siteminder, need read login/password combination , after it's read, forward siteminder authentication, after that's done want return without forwarding.
answer siteminder issue: siteminder installed on webserver behind servlet container. also, siteminder manages authentication , application not have access user password @ all. integrate siteminder use filter: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6295.
answer login popup issue: since need integrate siteminder, not recommend implement login via popup.
Comments
Post a Comment