shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jleleu <lel...@gmail.com>
Subject Re: SSO using Shiro
Date Thu, 12 Apr 2012 10:32:07 GMT
Hi,

If your unsecured webapps are across the planet, I wouldn't recommend using
EhCache.

For me, the easiest way would be to create a hash / token for each user
authenticated in your Shiro-secured web application, store the association
in the Shiro-secured web application and pass this hash / token along with
the requests to the other unsecured webapps (request parameter called
"token" for exeample).

Each unsecured webapp could have a specific filter to extract this request
parameter and create a specific Shiro authentication token. This kind of
token would be handled by a specific Realm which makes a HTTP call to
verifiy the token and get the user authenticated (this HTTP call could be
protected by a simple basic auth with application login / password).

Best regards,
Jérôme


--
View this message in context: http://shiro-developer.582600.n2.nabble.com/SSO-using-Shiro-tp7367470p7458960.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Mime
View raw message