I now have two webapplications that use shiro for authentication and
authorization. I would like my users not to have to log in separately
to each web application. Is there a way to achive "poor man's SSO"
without needing an LDAP server, or similar?
Basically I just need to have
Subject subject = SecurityUtils.getSubject()
return a valid, logged in subject, if I've already logged in, in the
other application.
Is this possible to achieve, if:
1. The applications are running in the same Java VM?
2. The applications are on the same web site (same hostname, same top
level local path)?
3. The applications are running from the same file system? (ie. they
can share files)?
Or do I need an extra servie of some sort? Like LDAP or CAS?
I've googled and found promising looking dead links to an article
written by a no longer existing company called Stormpath. Does anyone
know of a place where this article might be found?
Thanks!
- Steinar
