EAR之间的Wildfly分享会话? [英] Wildfly share session between EARs?

问题描述

我在2个独立的EAR中有2个WAR应用程序，我希望将它们部署在Wildfly 10/JBoss 7 EAP的单个实例中.如何在两次大战之间共享会话/身份验证?

I have 2 WAR applications in 2 independent EARs that I want to deploy in a single instance of Wildfly 10/JBoss 7 EAP. How can I share sessions/authentication between the 2 wars?

例如:

EAR1:
- WAR1
- EJB
- libs


EAR2:
- WAR2
- libs

为清楚起见，我希望用户通过WAR1登录并进行身份验证，并在访问WAR2时使该会话对象可用，这样他就无需重新登录系统.

To be clear, I would like the user to login and authenticate via WAR1, and have that session object available when he accesses WAR2 so that he does not need to log back into the system.

我该怎么做?我找不到与实现此功能所需的配置有关的文档.

How can I accomplish this? I cannot find documentation relating to what configuration is required to achieve this.

推荐答案

如果您只需要对Wildlfy内的应用程序进行单点登录和会话共享，则不需要任何专用的SSO机制-服务器已经拥有所需的一切.首先，您需要通过WEB-INF/jboss-web.xml使用一些现有的安全域来保护应用程序的安全.示例:

If you only need single sign on and session sharing for apps within wildlfy, you don't need any dedicated SSO mechanism - server already has everything you need. First, you need to secure you applications using some existing security-domain via WEB-INF/jboss-web.xml. Example:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>   
    <security-domain>my-sec-domain</security-domain>    
</jboss-web>

接下来，您需要在Undertow(Jboss/Wildfly Web服务器)中启用SSO处理.您可以使用CLI或通过手动更新相应的配置来完成此操作. CLI命令(用于独立模式):

Next you need to enable SSO handling in Undertow(Jboss/Wildfly web server). You can do it with CLI or by manualy updating the corresponding config. Cli command(for standalone mode):

/subsystem=undertow/server=default-server/host=default-host/setting=single-sign-on:add(path=/)

或者，如果您手动编辑配置，则将<single-sign-on path="/" />添加到underwow配置中，如下所示:

Or if you edit the config manually, add <single-sign-on path="/" /> to undertow config like so:

<subsystem xmlns="urn:jboss:domain:undertow:3.1">
   <buffer-cache name="default"/>
   <server name="default-server">
    <ajp-listener name="ajp" socket-binding="ajp"/>
    <http-listener name="default" max-post-size="20485760" socket-binding="http" redirect-socket="https"/>
    <host name="default-host" alias="localhost">
       <location name="/" handler="welcome-content"/>
       <filter-ref name="server-header"/>
       <filter-ref name="x-powered-by-header"/>
       <single-sign-on/>
   </host>
</server>

现在，我们需要启用会话复制/共享机制.在wildfly中，它是使用infinispan子系统和Web缓存来完成的.您将需要使用full-ha配置文件(standalone-full-ha.xml)或手动将该子系统添加到您的配置中.在这里敬畏地寻找名为web的缓存容器.如果它在那里，那么您应该很好.
现在，当您在浏览器中访问APP-A时，应该获得两个会话cookie JSESSIONID和JSESSIONIDSSO.切换到APP-B后，您应该会自动登录.
快乐黑客

Now we need to enable mechanism for session replication/sharing. In wildfly, it is done using the infinispan subsystem and web cache. You will either need to use full-ha configuraiton profile(standalone-full-ha.xml) or manualy add that subsystem to your config. Here awe are looking for cache container named web. If its there, you should be good to go.
Now when you visit APP-A in your browser, you should get two session cookies JSESSIONID and JSESSIONIDSSO. After switching to APP-B, you should be automatically logged in.
Happy Hacking

这篇关于EAR之间的Wildfly分享会话?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！