shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jleleu <>
Subject Re: SSO using Shiro
Date Thu, 12 Apr 2012 10:32:07 GMT

If your unsecured webapps are across the planet, I wouldn't recommend using

For me, the easiest way would be to create a hash / token for each user
authenticated in your Shiro-secured web application, store the association
in the Shiro-secured web application and pass this hash / token along with
the requests to the other unsecured webapps (request parameter called
"token" for exeample).

Each unsecured webapp could have a specific filter to extract this request
parameter and create a specific Shiro authentication token. This kind of
token would be handled by a specific Realm which makes a HTTP call to
verifiy the token and get the user authenticated (this HTTP call could be
protected by a simple basic auth with application login / password).

Best regards,

View this message in context:
Sent from the Shiro Developer mailing list archive at

View raw message