Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Single Sign On in Jetty 7

I am having a problem moving an authentication method I wrote for Jetty 6 to Jetty 7. The method involved using an SSORealm to store SSO information in a Memcache server to facilitate shared authentication between Jetty and an Apache server. The method would store the user's name, roles, and remote ip in memcache, and use his hashed session id as the key. The key would be stored in a cookie on the user's machine, to allow for single sign on between servers. The method also had the ability to remove the user from memcache when he signed off. 

In Jetty 7, realms have been rewriten as loginServices, and they no longer have methods which have httprequest and httpresponse parameters so as to be able to lookup and set cookies. And from what I can tell SSORealms have been removed. I found an SSO module in the form of the CrossContextPsuedoRealm, but the only class which referenced it (FormAuthModule) had been deprecated.

I tried writing a middle-man class that would be called by the FormAuthenticator's validateRequest class instead of directly calling the loginService's methods. And then this class would handle the communication with memcache and then pass off to the loginService as normal. However, with this method, on logout, memcache would not be able to remove the user's entry, nor remove the cookie from the user's machine. In addition, I cannot access a user's roles to be able to post them to memcache.

I am wondering if there is a way to implement a single sign on method in Jetty 7 similar to the SSOREalm in Jetty 6? If not, I would like to know how Jetty 7 handles single sign ons? I am looking for methods aside from JSESSIONID in order for the method to work with Apache.

Thank you for your time,

Back to the top