Repost due to forum not forwarding to mailing list:
I'm new to Shiro, and trying to setup a simple example of SingleSignOn
in one tomcat container across multiple web apps (without resorting to
terracota).
I can't figure out how to make the web apps share the login/session info.
I configured the ehcache for caching, and it appears both web apps are
using ehcache for session info, and only one
'shiro-activeSessionCache.data' file is created in the tomcat temp folder.
Also tried using my own EhCacheManager subclass, but not surprisingly
the behavior is unchanged.
A small test project is on github here:
[email protected]:bhamail/shiro-test-dan.git
I found the following post:
http://shiro-user.582556.n2.nabble.com/Shiro-and-multiple-wars-within-the-same-Servlet-Container-td5560737.html#a5563334
but it seems it should be easier to setup session info sharing across
web apps in a single container.
Is using LDAP or Database as a SSO backing store easier?
Thanks, and apologies in advance for missed obviousness.
Dan
bhamail Reply | Threaded | More
Aug 14, 2012; 7:31pm Re: SSO on single tomcat container
2 posts
Some more info (and questions):
In my simple two web app example, I noticed each webapp is always using
a different JSESSIONID cookie value.
So I'm wondering how Shiro would be able to re-use any subject info
across the sessions of two different web apps? (Are the session cookies
supposed to be different for SSO across web apps?)
I'm debugging my example case (and even created my own Cache: public
class MyCrudeCacheImpl implements Cache...using a disk based hashtable).
I still don't see how the sessions in the different web apps would ever
be linked up, given they always have different sessionIds. Can you give
me some pointers on how this plumbing between the sessions is supposed
to work? (Does Shiro look into the separate session objects and examine
something there? If so, what?). Once I understand how these should link,
maybe I can figure out what I'm missing.
