问题
I have a Spring based application that exposes 3 authentication choices for the user. Form based, Facebook Connect and a single-sign on from an external application. I'm not sure of the proper way to authenticate the last option.
Application A (Spring Security based) Application B (non-spring based legacy app)
Security Flow: -when a secured resource in application A is requested and the user is not authenticated, application A will redirect to application B where the user will be prompted with a login form and flow through application B's security flow. Application B will then do a HTTP POST to application A (via a callback url param sent with initial request) that consists of XML that will be validated in application A for its validity and if it passes the user should be authenticated in application A. What is the best approach for this scenario using Spring Security?
回答1:
Please see Configuring Spring Security 3.x to have multiple entry points. Just like what @limc did in that question, you can build two different tokens and two providers to handle authentication. But I think you will be fine with one provider and in that case you have to pass different details in auth token (because I assume there won't be password in XML) and based on data in details, the provider will authenticate the user (without password).
来源:https://stackoverflow.com/questions/5087261/spring-security-and-external-application-for-authentication-single-sign-on