Am 27.07.2018 13:36, schrieb Tim K:
Hello,
I'm creating a new app under Tomcat 9.0.8 (local dev: windows, live
servers: linux).
I have successfully created a custom JAAS authentication, which works
just
fine.
I have SSO enabled at the moment, but not sure if I really need it.
I left the default StandardManager config in place, I do see
the SESSIONS.ser get created upon a shutdown and I see it get removed
upon
startup, so I'm assuming it's reading it in...
I'm expecting that once a user authenticates with the JAAS module one
time,
and has a valid session, if I restart tomcat on the backend, that user
will
NOT need to re-authenticate, but it appears to be kicking them back to
the
login screen after the restart, and it's not accepting their JSESSIONID
cookie value, it's giving them a new one upon hitting a secured
resource.
From what I've read, I believe that JAAS can cache an authenticated
session, but it doesn't appear to be working for me. Is there
something
I'm missing? Also, I'm using form-login.
Are your Principal classes serializable?
Do you see any Exceptions in the log files when you restart Tomcat?
Regards,
Felix
Thank you,
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org