Hey! Take a look at https://shiro.apache.org/session-management.html#SessionManagement-SessionClustering But these techniques are typically tied to applications running on the same domain.
On Sat, Nov 10, 2018 at 7:19 AM Steinar Bang <[email protected]> wrote: > I now have two webapplications that use shiro for authentication and > authorization. I would like my users not to have to log in separately > to each web application. Is there a way to achive "poor man's SSO" > without needing an LDAP server, or similar? > > Basically I just need to have > Subject subject = SecurityUtils.getSubject() > return a valid, logged in subject, if I've already logged in, in the > other application. > > Is this possible to achieve, if: > 1. The applications are running in the same Java VM? > 2. The applications are on the same web site (same hostname, same top > level local path)? > 3. The applications are running from the same file system? (ie. they > can share files)? > > Or do I need an extra servie of some sort? Like LDAP or CAS? > > I've googled and found promising looking dead links to an article > written by a no longer existing company called Stormpath. Does anyone > know of a place where this article might be found? > > Thanks! > > > - Steinar >
