Hi Imre, Actually your scenario is probably the easiest to do with Shiro. You can use the same technique using Shiro's session id and ensuring you use Shiro's native session management ( and not the servlet container sessions).
You will need to inject a custom SessionDAO into Shiro's SessionManager. The SessionDAO will use an enterprise clustered cache of Session instances (e.g. by using TerraCotta or Coherence or GigaSpaces, etc). You can use the EnterpriseCacheSessionDAO ( http://incubator.apache.org/shiro/static/current/apidocs/org/apache/shiro/session/mgt/eis/EnterpriseCacheSessionDAO.html) implementation. It needs to be injected with a CacheManager that talks to your clustered cache. For example in INI configuration: [main] ... sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO sessionDAO.cacheManager = $myClusteredCacheManager securityManager.sessionMode = native securityManager.sessionManager.sessionDAO = $sessionDAO # it is also recommended to use this cache manager for # other Shiro caching as well: securityManager.cacheManager = $myClusteredCacheManager ... Then, each time an http request comes in with a session ID cookie, that id will be resolved by the sessionDAO, which talks to your clustered cache to retrieve the corresponding persisted Session. Any request can come in on any of your web servers, and they will be able to 'see' the same session because of the nature of a distributed clustered cache. HTH, Les 2010/6/21 Imre Fazekas <[email protected]> > Dear All, > > > I'm rookie now, just began working with Shiro. :) > SSO functionality is needed in a multithreaded environment meaning > different application server instances. In our home-made SSO, the result of > the user's authentication was a sessionID brought with every request that > the client initiated. This means, that the user may call different services > on different places, the SSO knew if the user has authenticated him/herself > and was able to get the caller subject. > > How can i achieve such functionality in Shiro? The manual thread binding is > a little different thing i guess... > > Thank you in advance! > > > Best regards, > > Imre > > Imre Fazekas > Ygomi Kft. > 4034 Debrecen, Vágóhíd u. 2. > Office: +36 52 887 500 / 8789 > Cell: +36-70-514 8550 > Fax: +36 52 887 505 > Email: [email protected] <[email protected]> > > > > > >
