Hi, If your unsecured webapps are across the planet, I wouldn't recommend using EhCache.
For me, the easiest way would be to create a hash / token for each user authenticated in your Shiro-secured web application, store the association in the Shiro-secured web application and pass this hash / token along with the requests to the other unsecured webapps (request parameter called "token" for exeample). Each unsecured webapp could have a specific filter to extract this request parameter and create a specific Shiro authentication token. This kind of token would be handled by a specific Realm which makes a HTTP call to verifiy the token and get the user authenticated (this HTTP call could be protected by a simple basic auth with application login / password). Best regards, Jérôme -- View this message in context: http://shiro-developer.582600.n2.nabble.com/SSO-using-Shiro-tp7367470p7458960.html Sent from the Shiro Developer mailing list archive at Nabble.com.
