authentication - Spring Security : sharing security between my CRM webapp and my Front webapp -

-

i've 2 distinct webapp:

  • a crm webapp show customer resume office users
  • a portal webapp customer users

my crm webapp use combination of ldapmanager , inmemorymanager basicauthenticationfilter , basicauthenticationentrypoint portal use classic jdbc manager standard usernamepasswordauthenticationfilter

now, need access transparently portal crm webapp.

for example, work in office on crm webapp. customer call me , ask explanations mentionned in portal.

i possible office user access portal customer http link in crm customer account page.

so bypass loginurlauthenticationentrypoint , access directly customer account.

edit after michael help, realize need keep trace of crm user access portal account :
questions :
- should use preauthenticatedmanager or runasmanager?
- need declare 2nd entrypoint?
- authenticationfilters?
- possible recover user basic authenticated crm webapp in new portal abstractpreauthenticatedprocessingfilter ?

i have following assumption / conclusion explanation:

1) crm user repository , portal user repository have different users

2) crm users should not know portal users passwords

i not think need use runasmanager. (when use runasmanager mean first authenticate crm user in portal , replace authentication portal user authentication. not think can authenticate crm user against portal user repository.)

i suggest create own “authenticateas” functionality: when crm user press on link in crm page of portal user authenticated in portal portal user without providing password.

how works?

1) when crm user presses link parameter encrypted portal user name added url.

2) when request encrypted portal user name access portal application, new created preauthenticatedprocessingfilter decrypt user name , authenticate user

that’s :)

couple of comments:

1) please use aes-258 algorithm encrypt / decrypt user name

2) please ensure key encrypt / decrypt can not accessed htttp

3) can extend abstractpreauthenticatedprocessingfilter preauthenticatedprocessingfilter

4) suggest create 2 roles in portal application: user_write_role , user_read_role. when crm user access using “authenticateas” authentication - should user_read_role. when portal user access using regular authentication - should user_ write_role.

5) should think how crm user perform logout portal user (otherwise work on first user). simplest way can think - preauthenticatedprocessingfilter should process each request (even authenticated) , if contains parameter user name clean portal user session , perform new authentication.

please tell me think suggestion , tell me if need additional clarifications.

best regards,

michael

p.s. added after question edited. simplest way track crm users on portal add additional encrypted parameter url crm user name


Comments

Post a Comment

Popular posts from this blog

how to insert data php javascript mysql with multiple array session 2 -

-
i have method method discussed , successful data entered 1 when more 1 can not database this programs my php form : <form class="form-horizontal" id="form-produk"> <div class="control-group" > <label class="control-label" for="kelas">kategori</label> <div class="controls"> <select class='form-control' name='id_kategori'> <?php $tampil=mysql_query("select * kategori order nama_kategori"); if ($id_kat==0){ echo "<option value=0 selected>- pilih kategori -</option>"; } while($w=mysql_fetch_array($tampil)){ if ($id_kat==$w[id_kategori]){ echo "<option value=$w[id_kategori] selected>$w[nama_kategori]</option>"; } else{ echo "<option value=$w[id_kategori]>$...
Read more

multithreading - Exception in Application constructor -

-
i wanna write snake game javafx , there exception don't know , want know how fix it. ( know it's not complete yet ) and want know , class extends application ( start override ) main in other programs? see , here not static void main bc didn't need, if want add main shoud do? it's exeption... exception in application constructor exception in thread "main" java.lang.nosuchmethodexception: main_snake.main([ljava.lang.string;) @ java.lang.class.getmethod(class.java:1819) @ com.intellij.rt.execution.application.appmain.main(appmain.java:125) and code : import javafx.animation.animationtimer; import javafx.application.application; import javafx.event.eventhandler; import javafx.scene.scene; import javafx.scene.canvas.canvas; import javafx.scene.canvas.graphicscontext; import javafx.scene.input.keyevent; import javafx.scene.layout.borderpane; import javafx.scene.paint.color; import javafx.stage.stage; import java.util.arraylist; /** * creat...
Read more

windows - CertCreateCertificateContext returns CRYPT_E_ASN1_BADTAG / 8009310b -

-
i realize similar post others (e.g. this one ), there details missing posts might significant case. to start with, here's simplified program: #include "stdafx.h" #include <windows.h> #include <wincrypt.h> int _tmain(int argc, _tchar* argv[]) { // usage: certextract certpath char keyfile[] = "c:\\certificates\\public.crt"; byte lp[65536]; security_attributes sa; handle hkeyfile; dword bytes; pccert_context certcontext; sa.nlength = sizeof(sa); sa.lpsecuritydescriptor = null; sa.binherithandle = false; hkeyfile = createfile(keyfile, generic_read, file_share_read, &sa, open_existing, file_attribute_normal, null); if (hkeyfile) { if (readfile(hkeyfile, lp, getfilesize(hkeyfile, null), &bytes, null) && bytes > 0) { certcontext = certcreatecertificatecontext(x509_asn_encoding, lp, bytes); if (certcontext) { printf("yay...
Read more