You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by NabbleSometimesSucks <bi...@yahoo.com> on 2013/03/19 00:25:05 UTC

Two web applications, taglib only works in one of them

We have two web applications. One is our auth-server which has all the Shiro
configuration and objects. It also has a Spring Controller with REST uris
for login, logout. The other web app is our Game website.

Both websites login and logout via the REST apis in the auth-server. Using
JQuery I make ajax calls to /login and /logout.

So the auth-server has the login and logout code. The auth-server also has
webpages to login and logout that do AJAX calls to itself to login and
logout. I have the taglib <shiro:guest> and
<shiro:user>/<shiro:authenticated> in those web pages. When I login through
those webpages it refreshes the page and I see the login drop down change to
the "Welcome userA" message. Great.

The game website has an exact copy of the same Javascript code to do the
AJAX calls to the auth-server's REST api. It also uses the Shiro taglibs
<shiro:guest> and <shiro:user>/<shiro:authenticated> in its web pages.

When I login with our login form(submitted via AJAX REST only) in the game
website. It calls the auth-server's REST api and I get back a success JSON
message of being logged in. However, it doesn't really log them in. I do not
see a Session cookie at all and the taglib is still only evaluating to
<shiro:guest>

Now if I login through the web-page of the auth-server, it logs in, and if I
switch my tab to the game website and refresh the page, then the taglib
works in the game website.

Why isn't it working correctly. I should be able to login with the game
website's login form and everything work. SSO. I have my Cache, the
EnterpriseCacheSessionDAO.

Thanks

Mark

--
View this message in context: http://shiro-user.582556.n2.nabble.com/Two-web-applications-taglib-only-works-in-one-of-them-tp7578437.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Two web applications, taglib only works in one of them

Posted by NabbleSometimesSucks <bi...@yahoo.com>.

Here is one thing that I notice.

1) If I login via the web page in the game website. No cookie is created. No
cookie with SessionID. However, there is an entry in the SessionCache. 

2) If I login via the web page in the auth-server website. Cookie is created
and entry in the SessionCache.

So in 1) It comes back as it says it successfully logged in, but it hasn't
really. If I try some other URL that is secured or code that we have with
user.isAuthenticated it is false. But with 2) it is true in both websites
now.

Thanks

Mark



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Two-web-applications-taglib-only-works-in-one-of-them-tp7578437p7578438.html
Sent from the Shiro User mailing list archive at Nabble.com.