美好的一天。我有一个场景,我们在同一台服务器上运行多个Web应用程序,我们希望一个登录服务所有应用程序。目前,如果您切换应用程序,则需要重新进行身份验证。尽我所能,我无法解决这个问题。
我浏览了会话管理页面,试图实现他们所谓的穷人的SSO(https://shiro.apache.org/session-management.html)
这是我的shiro.ini:
dataURL映射在自定义java IniWebEnvironment中完成,看起来像这样
[main]
contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory
contextFactory.url = ldap://1.2.3.4:389
contextFactory.systemUsername = me@testdomain.local
contextFactory.systemPassword = Password
realm = com.me.shared.security.shiro.meADRealm
realm.ldapContextFactory = $contextFactory
realm.searchBase = OU=ME,DC=testdomain,DC=local
securityManager.realms = $realm
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionIdCookie=org.apache.shiro.web.servlet.SimpleCookie
sessionIdCookie.name=sid
sessionIdCookie.maxAge=1800
sessionIdCookie.httpOnly=true
sessionManager.sessionIdCookie=$sessionIdCookie
sessionManager.sessionIdCookieEnabled=true
securityManager.sessionManager = $sessionManager
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO
sessionValidationScheduler = org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler
sessionValidationScheduler.interval = 3600000
securityManager.sessionManager.sessionValidationScheduler = $sessionValidationScheduler
cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
securityManager.cacheManager = $cacheManager
我有一个自定义的JSF bean,我执行这样的登录:
/faces/common/Login.xhtml = authc
/faces/common/unauthorized.xhtml = anon
/faces/secured/** = authc
/faces/myAdmin/** = roles[administrator]
/faces/myManagement/** = roles[administrator]
/faces/people/** = roles[administrator]
我愿意以不同的方式进行SSO,但这是一个内部应用程序并不需要太多。有任何想法吗?