Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Language IDEs » ServerTools (WTP) » Jetty Cross Context Session Sharing(setting up single sign-on for a platform with multiple WebAppContexts)
icon5.gif  Jetty Cross Context Session Sharing [message #1727526] Wed, 23 March 2016 14:23 Go to next message
Benjamin Vachon is currently offline Benjamin VachonFriend
Messages: 2
Registered: March 2016
Junior Member
Hi,

I'm working on making the transition from basic auth to form auth for our webapp platform. We have an embedded jetty server iterating through a list of web applications and serving them up.

The trouble is that simply adding a FormAuthenticator to each webapp and programmatically adding a servlet for a "/login" form will make it so that every webapp asks you to log in, and when you do, you get redirected to the base webapp at "/".

The problem is that each webapp is expecting a unique session.

So the WebAppContext instances should share sessions.

Assigning the same instance of SessionManager to each webapp results in exceptions due to the server trying to start the instance multiple times.

Some resources point to setting each webapp's SessionCookieConfig path to a shared root directory and setting useRequestedId to true in each's AbstractSessionManager, but this solution is for org.mortbay.jetty and AbstractSessionManager no longer has a method for setting useRequestedId.

If anybody has any experience or insight in setting up single sign-on with form authentication for multiple webapps served up through Jetty, please point me in the right direction.

[Updated on: Wed, 23 March 2016 20:26]

Report message to a moderator

Re: Jetty Cross Context Session Sharing [message #1727858 is a reply to message #1727526] Mon, 28 March 2016 15:28 Go to previous message
Benjamin Vachon is currently offline Benjamin VachonFriend
Messages: 2
Registered: March 2016
Junior Member
My solution was to extend the HashSessionManager so that it queries the SessionIdManager before creating a new session. The result is that WebAppContext instances share session contents instead of just session ids.
import java.util.Collection;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.eclipse.jetty.server.session.AbstractSession;
import org.eclipse.jetty.server.session.HashSessionIdManager;
import org.eclipse.jetty.server.session.HashSessionManager;

/**
 * Allows the WebAppContext to check the server's SessionIdManager before creating a new session
 * so that WebAppContext can share session contents for each client rather than just session ids.
 */
public class CrossContextSessionManager extends HashSessionManager {
  
  /**
   * Check for an existing session in the session id manager by the requested id.
   * If no session has that id, create a new HttpSession for the request.
   */
  @Override
  public HttpSession newHttpSession(HttpServletRequest request) {
    AbstractSession session = null;
    
    String requestedId = request.getRequestedSessionId();
    if (requestedId != null) {
      String clusterId = getSessionIdManager().getClusterId(requestedId);
      Collection<HttpSession> sessions = ((HashSessionIdManager) getSessionIdManager()).getSession(clusterId);
      for (HttpSession httpSession : sessions) {
        session = (AbstractSession) httpSession;
        break;
      }
    }
    
    if (session == null) {
      session = newSession(request);
      session.setMaxInactiveInterval(_dftMaxIdleSecs);
      addSession(session,true);
    }
    
    return session;
  }
}

[Updated on: Mon, 28 March 2016 21:08]

Report message to a moderator

Previous Topic:Problem with Javascript function inside objects on WTP 3.3.2
Next Topic:How to preview html page in browser
Goto Forum:
  


Current Time: Tue Apr 24 10:25:57 GMT 2018

Powered by FUDForum. Page generated in 0.02177 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software