好的,这是问题
我有一个运行在Apache Tomcat&之上的Java应用程序。我也有这个其他应用程序,它在同一台服务器上运行自己的war文件。
现在我想验证用户一次&将该会话传递给其他应用程序。
我们可以说在同一个Apache Tomcat上进行跨域会话共享..我应该怎么做......?
谢谢
答案 0 :(得分:4)
为会话创建一个唯一的令牌,并将其放入两个应用程序都可访问的数据库表中 将令牌存储在用户的cookie中 这可以避免会话共享问题,并且还具有更高的可扩展性。
答案 1 :(得分:3)
Tomcat通过Tomcat配置中Host元素内指定的阀门提供单点登录功能:
<Host name="localhost" ...>
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
</Host>
应用了某些限制,请查看上面的链接(滚动到单点登录部分)了解详细信息。
答案 2 :(得分:1)
以下是您可以编写代码的方法我一直在为我正在进行的另一项工作做准备....
首次更新
/etc/tomcatx/server.xml
对于需要共享的每个上下文
<Context path="/servlets" crossContext="true".. <Context path="/solutions2" crossContext="true"..
现在为每个上下文添加crossContext = true标记,以便创建和发送共享会话信息的代码
..................................
改变它的代码..
//Context 1 : Sending Servlet Add below
//So this is AuthSuccess - Within The master context doing authentication
//Given examples of vectors sessions and request from
//All the information now allows you to put those new
// provider and providerName session values back into AuthSuccess
//that is executed on other Context -
//In theory once it authenticates you can just store the output i.e.
//email/display/logged in and put it into other context - or...
//as it is process list etc on other context
//Vector example
Vector roles=new Vector();
roles.addElement("COOOGOOO");
//Redirect url
String redir="http://mydomain.com/solutions2/AuthSuccess";
//Get session id
String sessionid = session.getId();
HttpSession session = req.getSession(true);
session.putValue("provider2","provider_session_info");
session.putValue("providerName2","providerName");
//Start new shared servlet context
ServletContext myContext = getServletContext();
//Shared sessioname is obvious and it sends the session id followed by:
// objects,string,sessions,whatever that matches other end
myContext.setAttribute("MYSHAREDSESSION", sessionid);
myContext.setAttribute("GOOFY",roles);
//Send session directly
myContext.setAttribute("SharedSession",session);
//send HttpRequest
myContext.setAttribute("SharedRequest",request);
//Redirect to new context/domain/subdomain
Redirect(out,red,response);
//-------------------------------------------------------------
// Now within ther servlets of solution2 within
// AuthSuccess call back the session info
// and process as per normal
//Add this to new context path
//So it looks in the first context now
ServletContext firstOne = getServletContext().getContext("/servlets");
//returns previous session id
String jsessionid= (String)firstOne.getAttribute("MYSHAREDSESSION");
//Returns Session as was
Session ProviderName=(Session)firstOne.getAttribute("SharedSession");
//Returns session strings we need
String g1=(String)ProviderName.getValue("provider2");
String g2=(String)ProviderName.getValue("providerName2");
pout +="---
"+g1+"
"+g2;
//Grab previous request to do req processing if required
HttpServletRequest nrequest=(HttpServletRequest)firstOne.getAttribute("SharedRequest");
//retrieve vector
Vector goo= (Vector)firstOne.getAttribute("MYVECTOR");
if (goo.size()>0) {
for (int a=0; a";
}
}