You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Stephen McCants <st...@hcs.us.com> on 2013/09/05 21:05:25 UTC
Shiro SSO with dynamic permissions
Hello All,
We have multiple WAR files deployed under one Tomcat instance. To allow
for Single Sign On (SSO), we have our own Session DAO that broadcasts to
all war files when the Sessions are changed and this is working well.
Our next problem is with changing permissions. If an administrator
wants to change a user's permissions we want that to take effect
immediately, not after logout/login. The WebApp that changes the
permission flushes the Realm AuthorizationInfo cache for that user.
My current plan is to broadcast AuthorizationInfo changes like we do
Session changes, but I figured I'd ask if there was a standard way to do
this or maybe something I've overlooked?
Thanks in advance!
Sincerely,
Stephen McCants
--
Stephen McCants
Senior Software Engineer
Healthcare Control Systems
1-877-877-8795 x116
Re: Shiro SSO with dynamic permissions
Posted by Stuart Broad <st...@moogsoft.com>.
Hi Stephen,
Sorry for the brief message. I'm on my way out the door but hopefully this
will be helpful.
My understanding is the options are either:
1) Combine all the war's.
2) Do you own broadcasting of changes (in what ever manner is good for your
application e.g. call a rest api)
3) Use something like ehcache between all the wars (ehcach basically
multicasts changes)
4) Perhaps some servlets could look up in the db every time (rather than
actually having a 'full apache shiro').
Cheers,
Stuart
On Thu, Sep 5, 2013 at 8:05 PM, Stephen McCants
<st...@hcs.us.com>wrote:
> Hello All,
>
> We have multiple WAR files deployed under one Tomcat instance. To allow
> for Single Sign On (SSO), we have our own Session DAO that broadcasts to
> all war files when the Sessions are changed and this is working well.
>
> Our next problem is with changing permissions. If an administrator wants
> to change a user's permissions we want that to take effect immediately, not
> after logout/login. The WebApp that changes the permission flushes the
> Realm AuthorizationInfo cache for that user.
>
> My current plan is to broadcast AuthorizationInfo changes like we do
> Session changes, but I figured I'd ask if there was a standard way to do
> this or maybe something I've overlooked?
>
> Thanks in advance!
>
> Sincerely,
> Stephen McCants
>
> --
> Stephen McCants
> Senior Software Engineer
> Healthcare Control Systems
> 1-877-877-8795 x116
>
>