我用OSGI和Shiro开发一个java应用程序,使用Jetty作为Web容器。 在浏览我的应用程序时,我认识到对于不同的路径/ osgi模块,我得到了不同的JSESSIONID。我花了几个小时搜索网页和调试,找不到任何解决方案。 我的SecurityManager在具有osgi服务的模块之间共享。
我的Shiro配置:
[main]
shiro.loginUrl = /security/ui/redirect?redirectTo=login
shiro.successUrl = /UserManagement.html
credentialsMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
credentialsMatcher.storedCredentialsHexEncoded = false
credentialsMatcher.hashIterations = 1024
upRealm = com.sap.sse.security.UsernamePasswordRealm
upRealm.credentialsMatcher = $credentialsMatcher
oauthRealm = com.sap.sse.security.OAuthRealm
securityManager.realms = $upRealm, $oauthRealm
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO
cacheManager = com.[...].SecurityCacheManager
securityManager.cacheManager = $cacheManager
[urls]
/Login.html = anon
我尝试了不同的SessionDAO和不同的CacheManager,但这也无济于事。
SecurityManager加载了以下代码(shiroConfiguration是加载的Ini文件)
Factory<SecurityManager> factory = new WebIniSecurityManagerFactory(shiroConfiguration);
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
如何避免使用多个JSESSIONID?