Dear Les,
Thank you for your fast reply. Using native sessionMode i receive this, i'm using 1.1 snapshot: "Property 'sessionMode' does not exist for object of type org.apache.shiro.mgt.DefaultSecurityManager." I haven't found this property in the 1.0 either... :( Do you know a best practise how to retrieve the user's Subject object by the SessionID on the SSO server side? Best regards, Imre On 2010.06.21., at 18:22, Les Hazlewood wrote: > Hi Imre, > > Actually your scenario is probably the easiest to do with Shiro. You can use > the same technique using Shiro's session id and ensuring you use Shiro's > native session management ( and not the servlet container sessions). > > You will need to inject a custom SessionDAO into Shiro's SessionManager. The > SessionDAO will use an enterprise clustered cache of Session instances (e.g. > by using TerraCotta or Coherence or GigaSpaces, etc). You can use the > EnterpriseCacheSessionDAO > (http://incubator.apache.org/shiro/static/current/apidocs/org/apache/shiro/session/mgt/eis/EnterpriseCacheSessionDAO.html) > implementation. It needs to be injected with a CacheManager that talks to > your clustered cache. > > For example in INI configuration: > > [main] > ... > sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO > sessionDAO.cacheManager = $myClusteredCacheManager > > securityManager.sessionMode = native > securityManager.sessionManager.sessionDAO = $sessionDAO > # it is also recommended to use this cache manager for > # other Shiro caching as well: > securityManager.cacheManager = $myClusteredCacheManager > ... > > Then, each time an http request comes in with a session ID cookie, that id > will be resolved by the sessionDAO, which talks to your clustered cache to > retrieve the corresponding persisted Session. Any request can come in on any > of your web servers, and they will be able to 'see' the same session because > of the nature of a distributed clustered cache. > > HTH, > > Les > > 2010/6/21 Imre Fazekas <[email protected]> > Dear All, > > > I'm rookie now, just began working with Shiro. :) > SSO functionality is needed in a multithreaded environment meaning different > application server instances. In our home-made SSO, the result of the user's > authentication was a sessionID brought with every request that the client > initiated. This means, that the user may call different services on different > places, the SSO knew if the user has authenticated him/herself and was able > to get the caller subject. > > How can i achieve such functionality in Shiro? The manual thread binding is a > little different thing i guess... > > Thank you in advance! > > > Best regards, > > Imre > > Imre Fazekas > Ygomi Kft. > 4034 Debrecen, Vágóhíd u. 2. > Office: +36 52 887 500 / 8789 > Cell: +36-70-514 8550 > Fax: +36 52 887 505 > Email: [email protected] > > > > > > Imre Fazekas Ygomi Kft. 4034 Debrecen, Vágóhíd u. 2. Office: +36 52 887 500 / 8789 Cell: +36-70-514 8550 Fax: +36 52 887 505 Email: [email protected]
