Session sharing Reactjs and JSP / Spring SecurityHow do servlets work? Instantiation, sessions, shared variables and multithreadingHow to avoid Java code in JSP files?What's the difference between @Component, @Repository & @Service annotations in Spring?sharing session attribute between two subdomains in tomcatHow long is Spring temporary CSRF token expiration time?Spring social ProviderSignInController creates a session whereas we are using oauth2Filter ordering with spring security and spring bootSpring Security and Session in RedisSpring Security .permitAll() no longer effective after upgrading to Spring Boot 2.0.2oAuth2 workflow on Spring Security for Stateless Web services using JWT or likewise?

What does it mean to describe someone as a butt steak?

How to format long polynomial?

What is a clear way to write a bar that has an extra beat?

Client team has low performances and low technical skills: we always fix their work and now they stop collaborate with us. How to solve?

Can you really stack all of this on an Opportunity Attack?

If human space travel is limited by the G force vulnerability, is there a way to counter G forces?

What defenses are there against being summoned by the Gate spell?

Can I ask the recruiters in my resume to put the reason why I am rejected?

How is the claim "I am in New York only if I am in America" the same as "If I am in New York, then I am in America?

Does an object always see its latest internal state irrespective of thread?

Rock identification in KY

Could an aircraft fly or hover using only jets of compressed air?

Why doesn't Newton's third law mean a person bounces back to where they started when they hit the ground?

How do I deal with an unproductive colleague in a small company?

Languages that we cannot (dis)prove to be Context-Free

Character reincarnated...as a snail

Why is Minecraft giving an OpenGL error?

meaning of に in 本当に?

Why does Kotter return in Welcome Back Kotter?

Can a vampire attack twice with their claws using Multiattack?

What's the point of deactivating Num Lock on login screens?

strTok function (thread safe, supports empty tokens, doesn't change string)

Codimension of non-flat locus

How to determine what difficulty is right for the game?

Session sharing Reactjs and JSP / Spring Security

How do servlets work? Instantiation, sessions, shared variables and multithreadingHow to avoid Java code in JSP files?What's the difference between @Component, @Repository & @Service annotations in Spring?sharing session attribute between two subdomains in tomcatHow long is Spring temporary CSRF token expiration time?Spring social ProviderSignInController creates a session whereas we are using oauth2Filter ordering with spring security and spring bootSpring Security and Session in RedisSpring Security .permitAll() no longer effective after upgrading to Spring Boot 2.0.2oAuth2 workflow on Spring Security for Stateless Web services using JWT or likewise?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

I am a novice in Spring Security, but trying to figure how to handle the situation I have -

I have a site hosted at bigmonolithjavaapp.example.com - this is a big java app, with spring security and jsp's.

We are in the process of creating a new site based on reactjs that we want to embed as a page in the java JSP app. The reactjs site will be hosted at say - reactjs.example.com.

We need the reactjs.example.com to be able to access the bigmonolithjavaapp.example.com/api endpoint to share the same backend APIs. These endpoints are protected by spring security and because of that when I try to call the bigmonolithjavaapp.example.com/api endpoint from the reactjs.example.com pages, I am being redirected to the login page as there is no session sharing between these 2 domains.

Is there a way to extend the spring security session between both the domains?

To add to the mix, I have another restriction that I cannot change the document.domain on the pages for the bigmonolithjavaapp.example.com as there is a lot of business logic that happens on the page depending on the subdomain.

I see that there is CSRF Tokens, JSESSIONID (HttpOnly) and a bunch of other cookies in use today for the bigmonolithjavaapp.example.com

Is there a pattern or example on how to achieve this integration?

Update:
As I am reading more through the internet, I am now starting to think if JWT is a good fit for this or not?

User comes into bigmonolithjavaapp.example.com and authenticates himself.

User navigates to bigmonolithjavaapp.example.com/coolpage.html where I can embed the reactjs.example.com?token=<jwt_token> in an iframe.

reactjs.example.com can use the jwt token to access the secured api resources from bigmonolithjavaapp.example.com.

Does this approach sound valid?

edited Mar 22 at 0:03

asked Mar 21 at 22:24

Satya

4731021

add a comment |

I am a novice in Spring Security, but trying to figure how to handle the situation I have -

I have a site hosted at bigmonolithjavaapp.example.com - this is a big java app, with spring security and jsp's.

We are in the process of creating a new site based on reactjs that we want to embed as a page in the java JSP app. The reactjs site will be hosted at say - reactjs.example.com.

Is there a way to extend the spring security session between both the domains?

I see that there is CSRF Tokens, JSESSIONID (HttpOnly) and a bunch of other cookies in use today for the bigmonolithjavaapp.example.com

Is there a pattern or example on how to achieve this integration?

Update:
As I am reading more through the internet, I am now starting to think if JWT is a good fit for this or not?

User comes into bigmonolithjavaapp.example.com and authenticates himself.

User navigates to bigmonolithjavaapp.example.com/coolpage.html where I can embed the reactjs.example.com?token=<jwt_token> in an iframe.

reactjs.example.com can use the jwt token to access the secured api resources from bigmonolithjavaapp.example.com.

Does this approach sound valid?

edited Mar 22 at 0:03

asked Mar 21 at 22:24

Satya

4731021

add a comment |

I am a novice in Spring Security, but trying to figure how to handle the situation I have -

I have a site hosted at bigmonolithjavaapp.example.com - this is a big java app, with spring security and jsp's.

We are in the process of creating a new site based on reactjs that we want to embed as a page in the java JSP app. The reactjs site will be hosted at say - reactjs.example.com.

Is there a way to extend the spring security session between both the domains?

I see that there is CSRF Tokens, JSESSIONID (HttpOnly) and a bunch of other cookies in use today for the bigmonolithjavaapp.example.com

Is there a pattern or example on how to achieve this integration?

Update:
As I am reading more through the internet, I am now starting to think if JWT is a good fit for this or not?

User comes into bigmonolithjavaapp.example.com and authenticates himself.

User navigates to bigmonolithjavaapp.example.com/coolpage.html where I can embed the reactjs.example.com?token=<jwt_token> in an iframe.

reactjs.example.com can use the jwt token to access the secured api resources from bigmonolithjavaapp.example.com.

Does this approach sound valid?

edited Mar 22 at 0:03

asked Mar 21 at 22:24

Satya

4731021

I am a novice in Spring Security, but trying to figure how to handle the situation I have -

I have a site hosted at bigmonolithjavaapp.example.com - this is a big java app, with spring security and jsp's.

We are in the process of creating a new site based on reactjs that we want to embed as a page in the java JSP app. The reactjs site will be hosted at say - reactjs.example.com.

Is there a way to extend the spring security session between both the domains?

I see that there is CSRF Tokens, JSESSIONID (HttpOnly) and a bunch of other cookies in use today for the bigmonolithjavaapp.example.com

Is there a pattern or example on how to achieve this integration?

Update:
As I am reading more through the internet, I am now starting to think if JWT is a good fit for this or not?

User comes into bigmonolithjavaapp.example.com and authenticates himself.

User navigates to bigmonolithjavaapp.example.com/coolpage.html where I can embed the reactjs.example.com?token=<jwt_token> in an iframe.

reactjs.example.com can use the jwt token to access the secured api resources from bigmonolithjavaapp.example.com.

Does this approach sound valid?

java spring reactjs spring-security jwt

edited Mar 22 at 0:03

asked Mar 21 at 22:24

Satya

4731021

edited Mar 22 at 0:03

asked Mar 21 at 22:24

Satya

4731021

edited Mar 22 at 0:03

asked Mar 21 at 22:24

Satya

4731021

asked Mar 21 at 22:24

Satya

4731021

asked Mar 21 at 22:24

Satya

4731021

add a comment |

0

active

oldest

votes

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55290147%2fsession-sharing-reactjs-and-jsp-spring-security%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

0

active

oldest

votes

0

active

oldest

votes

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Styjun

0

Your Answer

Post as a guest

0

0

Post as a guest

Popular posts from this blog

Kamusi Yaliyomo Aina za kamusi | Muundo wa kamusi | Faida za kamusi | Dhima ya picha katika kamusi | Marejeo | Tazama pia | Viungo vya nje | UrambazajiKuhusu kamusiGo-SwahiliWiki-KamusiKamusi ya Kiswahili na Kiingerezakuihariri na kuongeza habari

0

Your Answer

Sign up or log in

Post as a guest

Post as a guest

0

0

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog

Kamusi Yaliyomo Aina za kamusi | Muundo wa kamusi | Faida za kamusi | Dhima ya picha katika kamusi | Marejeo | Tazama pia | Viungo vya nje | UrambazajiKuhusu kamusiGo-SwahiliWiki-KamusiKamusi ya Kiswahili na Kiingerezakuihariri na kuongeza habari