You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by ajoslin103 <al...@gmail.com> on 2013/09/10 20:29:38 UTC
Can I do Shiro without Sessions ?
Hi There,
We are trying to implement SSO across multiple WARs across multiple
servers
Shiro is a perfect fit for us as we have to support multiple
authentication-only realms and a single authorization scheme
We would like to do this with cookies only
What is the best way to serialize & reconstitute a Shiro subject in
support of this ?
Thanks!
Al;
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Can-I-do-Shiro-without-Sessions-tp7579120.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Can I do Shiro without Sessions ?
Posted by Stuart Broad <st...@moogsoft.com>.
Hi Al,
Been thinking about your question a little more and have an alternative
answer:
You could define your own realm (to validate the information from the
cookie token) and token (built from the cookie). You would still have a
session under the covers but it could simply be an in memory session that
you don't really care about (other than for the duration of the invocation).
Cheers,
Stuart
On Wed, Sep 11, 2013 at 3:47 PM, Stuart Broad <st...@moogsoft.com> wrote:
> Hi Al,
>
> I would think you still need sessions (even if they never expire...or at
> last a long time!). Sounds more like your problem is building a subject
> with some information from a cookie (in most cases this cooke information
> would essentially be the session id).
>
> I think what you need is:
>
> 1) Subject requestSubject = new
> Subject.Builder().sessionId(sessionId).buildSubject();
>
> -or-
>
> 2) Subject requestSubject = new
> Subject.Builder(aSessionManager).sessionId(sessionId).buildSubject();
>
> Cheers,
>
> Stuart
>
>
> On Tue, Sep 10, 2013 at 7:29 PM, ajoslin103 <al...@gmail.com>wrote:
>
>> Hi There,
>>
>> We are trying to implement SSO across multiple WARs across multiple
>> servers
>>
>> Shiro is a perfect fit for us as we have to support multiple
>> authentication-only realms and a single authorization scheme
>>
>> We would like to do this with cookies only
>>
>> What is the best way to serialize & reconstitute a Shiro subject in
>> support of this ?
>>
>> Thanks!
>>
>> Al;
>>
>>
>>
>>
>> --
>> View this message in context:
>> http://shiro-user.582556.n2.nabble.com/Can-I-do-Shiro-without-Sessions-tp7579120.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>
Re: Can I do Shiro without Sessions ?
Posted by ajoslin103 <al...@gmail.com>.
Yes,
I had come to that understanding over the last day or so
I am working on a subclass of AbstractSessionDAO
I'm going to use a memchached postgre table to store the values
I struggled w/EhCache for a few days to no avail before I wrote this note - and it's deprecated anyway as of 4/2013
It's good to know my understanding of shiro is starting to converge
Thanks
al;
On Sep 11, 2013, at 10:48 AM, Stuart Broad [via Shiro User] <ml...@n2.nabble.com> wrote:
> Hi Al,
>
> I would think you still need sessions (even if they never expire...or at last a long time!). Sounds more like your problem is building a subject with some information from a cookie (in most cases this cooke information would essentially be the session id).
>
> I think what you need is:
>
> 1) Subject requestSubject = new Subject.Builder().sessionId(sessionId).buildSubject();
>
> -or-
>
> 2) Subject requestSubject = new Subject.Builder(aSessionManager).sessionId(sessionId).buildSubject();
>
> Cheers,
>
> Stuart
>
>
> On Tue, Sep 10, 2013 at 7:29 PM, ajoslin103 <[hidden email]> wrote:
> Hi There,
>
> We are trying to implement SSO across multiple WARs across multiple
> servers
>
> Shiro is a perfect fit for us as we have to support multiple
> authentication-only realms and a single authorization scheme
>
> We would like to do this with cookies only
>
> What is the best way to serialize & reconstitute a Shiro subject in
> support of this ?
>
> Thanks!
>
> Al;
>
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Can-I-do-Shiro-without-Sessions-tp7579120.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
>
>
> If you reply to this email, your message will be added to the discussion below:
> http://shiro-user.582556.n2.nabble.com/Can-I-do-Shiro-without-Sessions-tp7579120p7579121.html
> To unsubscribe from Can I do Shiro without Sessions ?, click here.
> NAML
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Can-I-do-Shiro-without-Sessions-tp7579120p7579123.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Can I do Shiro without Sessions ?
Posted by Stuart Broad <st...@moogsoft.com>.
Hi Al,
I would think you still need sessions (even if they never expire...or at
last a long time!). Sounds more like your problem is building a subject
with some information from a cookie (in most cases this cooke information
would essentially be the session id).
I think what you need is:
1) Subject requestSubject = new
Subject.Builder().sessionId(sessionId).buildSubject();
-or-
2) Subject requestSubject = new
Subject.Builder(aSessionManager).sessionId(sessionId).buildSubject();
Cheers,
Stuart
On Tue, Sep 10, 2013 at 7:29 PM, ajoslin103 <al...@gmail.com> wrote:
> Hi There,
>
> We are trying to implement SSO across multiple WARs across multiple
> servers
>
> Shiro is a perfect fit for us as we have to support multiple
> authentication-only realms and a single authorization scheme
>
> We would like to do this with cookies only
>
> What is the best way to serialize & reconstitute a Shiro subject in
> support of this ?
>
> Thanks!
>
> Al;
>
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Can-I-do-Shiro-without-Sessions-tp7579120.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>