JBoss7 Web SSO (Non-Clustered)

问题

I am trying to configure Single-Sign-On in JBoss7.

security-domain in standalone.xml:

<security-domain name="my_auth">
   <authentication>
      <login-module code="Database" flag="required">
         <module-option name="dsJndiName" value="java:/comp/env/myDS"/>
         <module-option name="principalsQuery" 
            value="select password from usertable where login_id=?"/>
         <module-option name="rolesQuery" 
            value="select user_role from usertable where login_id=?"/>
         <module-option name="hashAlgorithm" value="MD5"/>
         <module-option name="hashEncoding" value="hex"/>
       </login-module>
   </authentication>
</security-domain>

virtual-server in standalone.xml

<virtual-server name="default-host" enable-welcome-root="true">
   <alias name="localhost"/>
   <sso/>
</virtual-server>

my webapp1 and webapp2's jboss-web.xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<jboss-web>
  <security-domain>my_auth</security-domain>
</jboss-web>

It works fine after configure. But it has a little problem:

When start the server and first time login to webapp1 or webapp2, another webapp is not logined. I logout from the first webapp, and login again, it works fine.

I tried to add attribute reauthenticate="false" to , still have the same problem.

I have no idea about this problem, could anyone have suggestions?

回答1:

I think you have to add the SSO Valve to your jboss-web.xml also.

The following worked for me (JBoss 7.1.1)

standalone.xml

<security-domain name="my_auth">
   <authentication>
      <login-module code="Database" flag="required">
         <module-option name="dsJndiName" value="java:/comp/env/myDS"/>
         <module-option name="principalsQuery" 
            value="select password from usertable where login_id=?"/>
         <module-option name="rolesQuery" 
            value="select user_role from usertable where login_id=?"/>
         <module-option name="hashAlgorithm" value="MD5"/>
         <module-option name="hashEncoding" value="hex"/>
       </login-module>
   </authentication>
 </security-domain>

 ...
  <virtual-server name="default-host" enable-welcome-root="false">
      ...
      <sso reauthenticate="false"/>
  </virtual-server>

jboss-web.xml:

<jboss-web>

    <security-domain flushOnSessionInvalidation="true">java:/jaas/my_auth</security-domain>
    <valve>
        <class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
    </valve>

</jboss-web>

来源：https://stackoverflow.com/questions/15471591/jboss7-web-sso-non-clustered

标签

jboss7.x

single-sign-on