Re: "Poor man's SSO", howto...?

[Steinar Bang <sb...@dod.no>]

Just a late followup to this thread.

I succeeded in creating a "poor man's SSO" where several webapps running
in the same karaf instance behind an nginx reverse proxy, and share the
same realm and session
 https://github.com/steinarb/authservice/

The authservice also offers cookie-based authentication to the nginx
server itself.

The cookie path issue mentioned in a different thread is taken care of
by having the nginx reverse proxy rewrite the cookie path to be /.

The different apps get the "SSO" by using OSGi service injections of the
Realm and SessionDAO interfaces into DS components providing filter
services that plug into the web whiteboard, and by authservice having DS
components providing the Realm and SessionDAO services.

An example of a web whiteboard filter DS component receiving service injections:
 https://github.com/steinarb/ukelonn/blob/master/ukelonn.web.security/src/main/java/no/priv/bang/ukelonn/web/security/UkelonnShiroFilter.java#L41

The DS component providing a Realm service
 https://github.com/steinarb/authservice/blob/master/authservice.web.security.dbrealm/src/main/java/no/priv/bang/authservice/web/security/dbrealm/AuthserviceDbRealm.java#L25

The DS component providing a SessionDAO service:
 https://github.com/steinarb/authservice/blob/master/authservice.web.security.memorysession/src/main/java/no/priv/bang/authservice/web/security/memorysession/MemorySession.java#L23