Wildfly 在 EAR 之间共享会话? [英] Wildfly share session between EARs?

问题描述

我在 2 个独立的 EAR 中有 2 个 WAR 应用程序，我想将它们部署在 Wildfly 10/JBoss 7 EAP 的单个实例中.如何在两场战争之间共享会话/身份验证?

I have 2 WAR applications in 2 independent EARs that I want to deploy in a single instance of Wildfly 10/JBoss 7 EAP. How can I share sessions/authentication between the 2 wars?

例如:

EAR1:
- WAR1
- EJB
- libs


EAR2:
- WAR2
- libs

明确地说，我希望用户通过 WAR1 登录和验证，并在他访问 WAR2 时让该会话对象可用，这样他就不需要重新登录系统.

To be clear, I would like the user to login and authenticate via WAR1, and have that session object available when he accesses WAR2 so that he does not need to log back into the system.

我怎样才能做到这一点?我找不到与实现此目标所需的配置相关的文档.

How can I accomplish this? I cannot find documentation relating to what configuration is required to achieve this.

推荐答案

如果您只需要单点登录和 Wildlfy 中的应用程序会话共享，则不需要任何专用的 SSO 机制 - 服务器已经拥有您需要的一切.首先，您需要通过 WEB-INF/jboss-web.xml 使用一些现有的安全域来保护您的应用程序.示例:

If you only need single sign on and session sharing for apps within wildlfy, you don't need any dedicated SSO mechanism - server already has everything you need. First, you need to secure you applications using some existing security-domain via WEB-INF/jboss-web.xml. Example:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>   
    <security-domain>my-sec-domain</security-domain>    
</jboss-web>

接下来您需要在 Undertow(Jboss/Wildfly Web 服务器)中启用 SSO 处理.您可以使用 CLI 或手动更新相应的配置来完成.Cli 命令(用于独立模式):

Next you need to enable SSO handling in Undertow(Jboss/Wildfly web server). You can do it with CLI or by manualy updating the corresponding config. Cli command(for standalone mode):

/subsystem=undertow/server=default-server/host=default-host/setting=single-sign-on:add(path=/)

或者，如果您手动编辑配置，请将 添加到如下配置中:

Or if you edit the config manually, add <single-sign-on path="/" /> to undertow config like so:

<subsystem xmlns="urn:jboss:domain:undertow:3.1">
   <buffer-cache name="default"/>
   <server name="default-server">
    <ajp-listener name="ajp" socket-binding="ajp"/>
    <http-listener name="default" max-post-size="20485760" socket-binding="http" redirect-socket="https"/>
    <host name="default-host" alias="localhost">
       <location name="/" handler="welcome-content"/>
       <filter-ref name="server-header"/>
       <filter-ref name="x-powered-by-header"/>
       <single-sign-on/>
   </host>
</server>

现在我们需要启用会话复制/共享机制.在wildfly 中，它是使用infinispan 子系统和Web 缓存完成的.您将需要使用 full-ha 配置文件(standalone-full-ha.xml)或手动将该子系统添加到您的配置中.这里 awe 正在寻找名为 web 的缓存容器.如果它在那里，你应该很高兴去.
现在，当您在浏览器中访问 APP-A 时，您应该会获得两个会话 cookie JSESSIONID 和 JSESSIONIDSSO.切换到APP-B后，应该会自动登录.
快乐黑客

Now we need to enable mechanism for session replication/sharing. In wildfly, it is done using the infinispan subsystem and web cache. You will either need to use full-ha configuraiton profile(standalone-full-ha.xml) or manualy add that subsystem to your config. Here awe are looking for cache container named web. If its there, you should be good to go.
Now when you visit APP-A in your browser, you should get two session cookies JSESSIONID and JSESSIONIDSSO. After switching to APP-B, you should be automatically logged in.
Happy Hacking

这篇关于Wildfly 在 EAR 之间共享会话?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！