May 1st, 2012, 01:56 PM
Spring Security Session Clustering
I am curious if Spring Security has a way of doing session clustering, similar to how Shiro does it (http://shiro.apache.org/session-mana...sionClustering).
I want to share a session between multiple instances of 1 application. But, I also want to share it with instances of other web applications (thus causing a form of SSO).
The way I see it:
- I set a cookie with a domain covering all applications, containing a session id.
- When I reach the application, the session id gets read from the cookie and retrieved from a distributed cache (terracotta, EhCache, ...)
- Application flow continues.
I prefer not using a container specific solution, but I can if I need to.
Where do I start?
May 16th, 2012, 10:57 AM
Did you get it figured out? If so, are you willing to share?
I am trying to move away from JBoss Container-Managed security (which supports SSO and Session-replication/clustering), and I need Spring Security to do the same functionality as JBoss or I cannot make the move.
May 16th, 2012, 11:00 AM
This is still an open issue for us aswell. Lets hope someone else can help us out soon.