> What happens if AppOne store com.john.appone.Person in the session and AppTwo > attempts to load that session? > My guess is there would be a class not found exception in AppTwo, would that > be correct?
Yes > If so, is there any way around this? > I found a SO post which says to break up session but I'm not sure how > possible this is. The simplest fix will be to store only classes which all apps can understand in the Session. You might be able to do something clever by overriding the serialization / deserialization code by providing a custom implementation of Session (see SimpleSession.readObject / SimpleSession.writeObject). > It looks as though "poor mans" Single Sign On is possible with Shiro using > native sessions with Ehcache and Terracotta. I had a look at the Ehcache + Terracotta solution recently, and it looked to me like it would be very inefficient in practice, and it looked like it would not be remotely threadsafe. This might not be a problem if you have low traffic and you are sure that your users will only make one request at a time. I ended up implementing a DB-backed "CachingSessionDAO" and removing Ehcache. I can't share the code here, sorry, but it wasn't very much work in the end. GL Rich -----Original Message----- From: johnrellis [mailto:[email protected]] Sent: 06 April 2016 16:03 To: [email protected] Subject: Questions about "poor mans" SSO Hey folks, It looks as though "poor mans" Single Sign On is possible with Shiro using native sessions with Ehcache and Terracotta. This sounds good as all our apps are using Shiro so it is an avenue I would like to explore. There is one problem though that is stopping me from implementing this solution. If I have two applications, AppOne and AppTwo What happens if AppOne store com.john.appone.Person in the session and AppTwo attempts to load that session? My guess is there would be a class not found exception in AppTwo, would that be correct? If so, is there any way around this? I found a SO post which says to break up session but I'm not sure how possible this is. Many thanks, John -- View this message in context: http://shiro-user.582556.n2.nabble.com/Questions-about-poor-mans-SSO-tp7581009.html Sent from the Shiro User mailing list archive at Nabble.com. Richard Bradley Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575 softwire Sunday Times Best Small Companies - UK top 25 six years running Web : www.softwire.com<http://www.softwire.com/> | Follow us on Twitter : @SoftwireUK<https://twitter.com/SoftwireUK> Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL Softwire Technology Limited. Registered in England no. 3824658. Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley, London. N3 2FG
