在不同的 Web 应用程序之间共享 Session 对象

Question

Okay this is the problem

I have a Java application running on top of Apache Tomcat & I have this other application too with its own war file running on the same server.

Now I want to authenticate user once & pass that session to the other application.

We can say cross domain session sharing on same Apache Tomcat .. how should I go about it ....?

Thank you

Answer 1

Tomcat provides Single Sign On functionality via a valve specified within Host element in Tomcat's configuration:

<Host name="localhost" ...>
  <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
</Host>

There are certain restrictions applied, take a look at the above link (scroll to Single Sign On section) for details.

Answer 2

Create a unique token for the session and put in in a db table that both apps access.
Store the token in the users's cookie.
This avoids the session sharing issue and is also more scalable.

Answer 3

Here is how you can code it I have been doing it for another bit of work I am working on ....

First update

/etc/tomcatx/server.xml

For each context that requires to be shared

<Context path="/servlets" crossContext="true"..
 <Context path="/solutions2" crossContext="true"..

Add the crossContext=true tag to each context now for the code to create and send shared session info

..................................

The code to alter it..

//Context 1 : Sending Servlet Add below
//So this is AuthSuccess - Within The master context doing authentication
//Given examples of vectors sessions and request from
//All the information now allows you to put those new
// provider and providerName session values back into AuthSuccess
//that is executed on other Context -
//In theory once it authenticates you can just store the output i.e.
//email/display/logged in and put it into other context - or...
//as it is process list etc on other context


//Vector example
Vector roles=new Vector();
roles.addElement("COOOGOOO");

 //Redirect url
 String redir="http://mydomain.com/solutions2/AuthSuccess";

 //Get session id
 String sessionid = session.getId();

HttpSession session = req.getSession(true);
session.putValue("provider2","provider_session_info");
session.putValue("providerName2","providerName");
 //Start new shared servlet context
 ServletContext myContext = getServletContext();

//Shared sessioname is obvious and it sends the session id followed by:


// objects,string,sessions,whatever that matches other end
myContext.setAttribute("MYSHAREDSESSION", sessionid);
myContext.setAttribute("GOOFY",roles);

//Send session directly
myContext.setAttribute("SharedSession",session);

//send HttpRequest
myContext.setAttribute("SharedRequest",request);

   //Redirect to new context/domain/subdomain
  Redirect(out,red,response);

//-------------------------------------------------------------

// Now within ther servlets of solution2 within 
// AuthSuccess call back the session info
// and process as per normal

 //Add this to new context path 
   //So it looks in the first context now
  ServletContext firstOne = getServletContext().getContext("/servlets");

  //returns previous session id
  String jsessionid= (String)firstOne.getAttribute("MYSHAREDSESSION");

  //Returns Session as was
  Session ProviderName=(Session)firstOne.getAttribute("SharedSession");
  //Returns session strings we need
  String g1=(String)ProviderName.getValue("provider2");
  String g2=(String)ProviderName.getValue("providerName2");
  pout +="---
 "+g1+"
"+g2;

 //Grab previous request to do req processing if required
 HttpServletRequest nrequest=(HttpServletRequest)firstOne.getAttribute("SharedRequest");

//retrieve vector
Vector goo= (Vector)firstOne.getAttribute("MYVECTOR");
 if (goo.size()>0) {
  for (int a=0; a";

  }
 }