Jetty Cross Context Session Sharing [message #1727526] |
Wed, 23 March 2016 14:23 |
Benjamin Vachon Messages: 2 Registered: March 2016 |
Junior Member |
|
|
Hi,
I'm working on making the transition from basic auth to form auth for our webapp platform. We have an embedded jetty server iterating through a list of web applications and serving them up.
The trouble is that simply adding a FormAuthenticator to each webapp and programmatically adding a servlet for a "/login" form will make it so that every webapp asks you to log in, and when you do, you get redirected to the base webapp at "/".
The problem is that each webapp is expecting a unique session.
So the WebAppContext instances should share sessions.
Assigning the same instance of SessionManager to each webapp results in exceptions due to the server trying to start the instance multiple times.
Some resources point to setting each webapp's SessionCookieConfig path to a shared root directory and setting useRequestedId to true in each's AbstractSessionManager, but this solution is for org.mortbay.jetty and AbstractSessionManager no longer has a method for setting useRequestedId.
If anybody has any experience or insight in setting up single sign-on with form authentication for multiple webapps served up through Jetty, please point me in the right direction.
[Updated on: Wed, 23 March 2016 20:26] Report message to a moderator
|
|
|
Re: Jetty Cross Context Session Sharing [message #1727858 is a reply to message #1727526] |
Mon, 28 March 2016 15:28 |
Benjamin Vachon Messages: 2 Registered: March 2016 |
Junior Member |
|
|
My solution was to extend the HashSessionManager so that it queries the SessionIdManager before creating a new session. The result is that WebAppContext instances share session contents instead of just session ids.
import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.eclipse.jetty.server.session.AbstractSession;
import org.eclipse.jetty.server.session.HashSessionIdManager;
import org.eclipse.jetty.server.session.HashSessionManager;
/**
* Allows the WebAppContext to check the server's SessionIdManager before creating a new session
* so that WebAppContext can share session contents for each client rather than just session ids.
*/
public class CrossContextSessionManager extends HashSessionManager {
/**
* Check for an existing session in the session id manager by the requested id.
* If no session has that id, create a new HttpSession for the request.
*/
@Override
public HttpSession newHttpSession(HttpServletRequest request) {
AbstractSession session = null;
String requestedId = request.getRequestedSessionId();
if (requestedId != null) {
String clusterId = getSessionIdManager().getClusterId(requestedId);
Collection<HttpSession> sessions = ((HashSessionIdManager) getSessionIdManager()).getSession(clusterId);
for (HttpSession httpSession : sessions) {
session = (AbstractSession) httpSession;
break;
}
}
if (session == null) {
session = newSession(request);
session.setMaxInactiveInterval(_dftMaxIdleSecs);
addSession(session,true);
}
return session;
}
}
[Updated on: Mon, 28 March 2016 21:08] Report message to a moderator
|
|
|
Powered by
FUDForum. Page generated in 0.03812 seconds