How to share session across two web applications deployed in two different tomcat instances
https://stackoverflow.com/questions/11229963
-
17-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianВопрос
I have two different web applications running on two different instances of tomcat. I need to be having a common page with links to both the applications. But I should be able to log in only once and should be able to access links in the other application without being asked to login again. Is there a way to do it ?
Решение
You can use a token parameter, where the token could be the username/some credentials encrypted. You can verify the credentials are correct in the 2 apps.
An alternative, if your applications are under the same domain would be set cookies and recreate the session from them.
Другие советы
Check out josso which you can use to create a single sign on solution across your applications
Thanks for the replies. We finally decided to use Pre authentication Filter provided by Spring security to fulfill this requirement along with authentication token for validation
The easiest way is to provide Central Authentication Service (CAS) : Single Sign On. It provides centralized access control and authentication for your applications. And Spring Security has a CAS module that integrates with CAS seamlessly. For that you need to setup a CAS server.
More Info on how CAS works and implementation see the documentation.
Another way of doing is to create a Tomcat cluster and maintain the session replication between the 2 nodes under the cluster. Please refer the Tomcat manual how to create the Tomcat cluster and enable the session replication. You can use Spring RMI to update the each other nodes App context about the session info etc...
