I have 3 wars: a.war, b.war and restful.war, they are in the same tomcat.
restful.war is a spring boot, spring mvc project, it provides restful call for a.war and b.war.
a.war and b.war are independent webapps, they all have their own login system, their users are stored in different database tables, e.g. the users of a.war are stored in tableA, the users of b.war are stored in tableB.
for a.war and b.war, there are two places to call restful.war:
restful.war from java code in a.war, b.war via org.apache.http.impl.client.DefaultHttpClient.execute()restful.war from html/jsp page of a.war,b.war via ajaxwhat I want is : only the user who login a.war or b.war can call restful.war, how can I do that?
Implement basic authentication in 'restful' application and call its endpoint from 'a' and 'b' with proper "Authorization" header. So this will solve problem where if 'restful' gets a call from 'a' or 'b' it will respond or else it will throw 403 forbidden error.