can spring support multi applications sharing membership?

Question

Does the spring framework support multi applications sharing a common user base?

e.g. 2 separate web applications somehow hook into a single database to get user related information (username, password, and maybe even roles)

The idea is this, something similiar to asp.net membership

it works like this, you can have 10 websites, all pulling their membership API from the same datasource. Security (roles) and site mappings are all peformed via this membership API.

Usually what happens is you release a application. Then you release another application, and then your clients ask if you can merge the users etc. The asp.net membership solves this problem from the get-go.

update

I am not asking for single-sign on in the sense that you can go to any website by just logging in once. But rather you have the same login credentials that can be used on all sites.

Answer 1

A single database can be accessed by multiple applications, including Spring applications. Just provide access to this database to each applications, typically through a datasource (and yes, a Java application can use several datasources).

[EDIT] The intent of the OP is actually not clear. According to some comments, it seems that the question might be about SSO. In that case, I'd suggest to have a look at Spring Security, or a CAS implementation like JA-SIG CAS, or Spring Security with CAS.

PS: I don't mean to be rude but you should learn How To Ask Questions The Smart Way. For example here, you should expose your goal instead of asking for a specific solution (see Describe the goal, not the step). First, readers can't guess what you don't tell them and it is very frustrating (even if I'm happy to help). Second, you'll get much better answers (and avoid frustration on both sides). Seriously, read that paper, it's really worth it.

Answer 2

Yes ... sort of. Take a look at SpringSecurity.

I say "sort of" because Spring currently does not offer an off-the-shelf solution to the problem of user account management. You have the choice of hooking into an existing solution (e.g. LDAP) or rolling your own "user details service" and tools for account management.

Also, SpringSecurity doesn't yet (AFAIK) have a true "single-sign-on" solution.

But certainly, once you have implemented a SpringSecurity based solution to authentication / access control, it should be easy to apply it across multiple websites, with a unified user account-base ... or not.

EDIT in response to comments, when I say that SpringSecurity + LDAP is not an off-the-shelf solution to user account management, I mean that it is not something (like the OP) can simply add to his Spring-based webapps and deploy in Tomcat / whatever. Instead, he would have to

1. research how LDAP works,
2. select and LDAP implementation,
3. install an LDAP implementation,
4. configure and tailor LDAP as required,
5. integrate with SpringSecurity,
6. figure out to implement extensions to his web-apps so that remote users can self register, change their passwords, change their profiles, etcetera.

To my mind SpringSecurity + LDAP is a good solution if you already have a corporate LDAP setup (or if you have extensive LDAP expertise), but it is not a good match to the OP's requirement for a simple solution.

Answer 3

Sure you can. Look at Terracota with Spring. It allows the use of distributed cache. i.e. you can write to a hashmap and it gets transparently replicated to a hashmap on another instance of JVM(i.e. application).

http://www.springsource.org/node/279

also google "cluster spring".

You can put anything into a data structure: user info, roles, etc. It also you give you a nice little clustering solution where you can easily load balance sessions between multiple instances of an application.