You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Charles Syperski <cs...@dupage88.net> on 2012/08/28 17:46:16 UTC
Problem with Session Replication and ShiroFilter
Hello and thanks for an awesome project!
Here is my problem, I am attempting to do the poor mans SSO by using
domain level cookies (so multiple web apps/contexts can use the same
session) with terracotta. I think I have everything working with the
exception that when I add ShiroFilter to my web.xml:
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
I can no longer use sessionCookieDomain= and sessionCookiePath= in my
applications context.xml to allow the cookie to be set at the domain
level. It seems that the Shiro filter is setting the JSESSIONID cookie
and not obeying the settings in the context tag. Is this correct, can I
get the Shiro Filter not set the context path or the sub domain?
I am running:
Tomcat 7.0.27, shiro-core-1.2.0.jar, shiro-ehcache-1.2.0.jar and
shiro-web-1.2.0.jar with openjdk 1.7 on Ubuntu 12.04
Any help would be greatly appreciated!
Thanks,
Chuck
Re: Problem with Session Replication and ShiroFilter
Posted by Les Hazlewood <lh...@apache.org>.
Hi Charles,
Yep, configuring the sessionIdCookie to be shared (via subdomains) is
the easiest way to share the session id across apps. Thanks for
posting a clear/clean solution!
--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk
Re: Problem with Session Replication and ShiroFilter
Posted by Charles Syperski <cs...@dupage88.net>.
I think I figured it out, with:
securityManager.sessionManager.sessionIdCookie.domain = yourdomain.tld
securityManager.sessionManager.sessionIdCookie.path = /
securityManager.sessionManager.sessionIdCookie.httpOnly = true
Thanks
On 08/28/2012 10:46 AM, Charles Syperski wrote:
> Hello and thanks for an awesome project!
>
> Here is my problem, I am attempting to do the poor mans SSO by using
> domain level cookies (so multiple web apps/contexts can use the same
> session) with terracotta. I think I have everything working with the
> exception that when I add ShiroFilter to my web.xml:
>
> <filter>
> <filter-name>ShiroFilter</filter-name>
> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
> </filter>
>
> <filter-mapping>
> <filter-name>ShiroFilter</filter-name>
> <url-pattern>/*</url-pattern>
> <dispatcher>REQUEST</dispatcher>
> <dispatcher>FORWARD</dispatcher>
> <dispatcher>INCLUDE</dispatcher>
> <dispatcher>ERROR</dispatcher>
> </filter-mapping>
>
> I can no longer use sessionCookieDomain= and sessionCookiePath= in my
> applications context.xml to allow the cookie to be set at the domain
> level. It seems that the Shiro filter is setting the JSESSIONID
> cookie and not obeying the settings in the context tag. Is this
> correct, can I get the Shiro Filter not set the context path or the
> sub domain?
>
> I am running:
>
> Tomcat 7.0.27, shiro-core-1.2.0.jar, shiro-ehcache-1.2.0.jar and
> shiro-web-1.2.0.jar with openjdk 1.7 on Ubuntu 12.04
>
> Any help would be greatly appreciated!
>
> Thanks,
> Chuck