You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by larsmjoh <la...@gmail.com> on 2012/05/10 09:39:42 UTC

SSO between webapp and web start client

Hello,

We are implementing Shiro ontop of an existing enterprise application. The
web part has been, more or less, straight forward.
But, at one point, the webapp launches a local web start application/client
that connects back to the server. The user (who is logged into the webapp)
should not be requred to log in again in the client app.
How do we go about providing the java client with an authentication token or
such? I cant really find any documentation on SSO for Shiro..?

Kind regards,
Lars

--
View this message in context: http://shiro-user.582556.n2.nabble.com/SSO-between-webapp-and-web-start-client-tp7545835.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: SSO between webapp and web start client

Posted by Les Hazlewood <lh...@apache.org>.

The easiest way is to use Shiro's native session management and not the
default servlet container sessions:

http://shiro.apache.org/web.html#Web-sessionManagement

Then all you have to do is to (securely, over SSL) transmit the session ID
to the Web Start application, e.g. as part of its initialization and ensure
the web start app sends it with every request.  Then the Web Start app and
the browser will share the same session.

Shiro even has a sample app that shows this setup:

http://svn.apache.org/repos/asf/shiro/trunk/samples/spring-client/

It is written for Spring environments and it is fairly old (i.e. hasn't
been tested in a while), but it should still be able to give you some good
ideas for your own project.

HTH,

--
Les Hazlewood
CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog:
http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>

On Thu, May 10, 2012 at 12:39 AM, larsmjoh <la...@gmail.com>wrote:

> Hello,
>
> We are implementing Shiro ontop of an existing enterprise application. The
> web part has been, more or less, straight forward.
> But, at one point, the webapp launches a local web start application/client
> that connects back to the server. The user (who is logged into the webapp)
> should not be requred to log in again in the client app.
> How do we go about providing the java client with an authentication token
> or
> such? I cant really find any documentation on SSO for Shiro..?
>
> Kind regards,
> Lars
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/SSO-between-webapp-and-web-start-client-tp7545835.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>