Before I press on much further with the applications I'm working on, I
thought I'd just sound people out here as to whether there is some
fundamental flaw in the way I'm planning to use Shiro. The normal way
Shiro works is that when a user goes to a certain URL, a check is made
to see whether the user is logged in, etc., and if not, they are
redirected to a login page.
My tweak on this is that I actually have multiple web applications - a
central admin app, where user authentication etc. is handled, plus a
bunch of product-specific applications. I have got session clustering
working via Redis, so sessions will be shared across the various
applications. The plan is that when a user goes to a URL in one of the
product-specific apps, if they are found not to be logged in (via
session sharing) they will be redirected to the admin app, where they
will log in and then be redirected back to the original URL. My
assumption behind this is that I should be able to specify an absolute
login URL instead of a relative one and as far as the browser and Shiro
is concerned, this should make no difference (although I wonder how it
would handle the redirect back to the original URL as an absolute one?).
I imagine a bit of URL rewriting will be necessary, which will be
straightforward enough as the requests will probably all be going
through a reverse proxy server.
Have I misunderstood something fundamental, or does this sound as if it
should work?
- Redirect to different app? John Moore
-
