session share between different war modules possible in jboss? - grails

Is there an easy way to share session between different war modules in jboss?
I have a Grails app running in jboss, but want to create a new Grails war module which looks & feels the same as the existing one (but, don't want user to login again). The domain will be same, for example, if I have war1 and war2, the domain should be
http://domain.com/war1 <-- login should be done here..
http://domain.com/war2
I searched through the web, but couldn't find an easy/or difficult way to do this.
Please help~.

No HTTP sessions are not shareable between servlets from different apps. What you really need is a Single Sign On solution. A poor man's SSO can be built with cookies but I wouldn't call it a very secure way. First session can set a cookie and the second session can read the same cookie - this will work as long as the domains are the same for both apps.
Good luck!

Related

Multi level sub Domains for a Multi-tenant Application

A project I am working on was once an internal intranet application, but now it is being ported over to a multi-tenant internet application. Usually, when deploying any web applications, we would use the format http://webapp.company.com which has existed long before I joined.
Since the project is now a multi tenant application, I am trying to decide between different architectures.
1) Using the client/tenant as part of the main host url
http://tenant.webapp.company.com
This approach requires additional ssl certificates and iis settings
2) Include the tenant as part of the routing and the tenant name will be included as a routing parameter
http://webapp.company.com/{tenant}/my/route/url/{param}
This approach, in my opinion, is 'messy' and I feel it is not the most-correct solution.
3) Keep the existing url of http://webapp.company.com and add specific bindings in IIS to point the requested url to the host location.
When the user enters the url http://tenant.company.com they will be served the application that resides at http://webapp.company.com The problem with this approach is that we may deploy additional applications and this is not scalable.
I am leaning towards approach number 1 as I have experience implementing it (without the extra domain). Is the 4th level domain ideal? Any ideas as to what approach is better than the other? Possibly a new approach? Any input is appreciated.
Using the client/tenant as part of the main host url
http://tenant.webapp.company.com
This approach requires additional ssl certificates and iis settings
Actually, you might be able to use a wildcard certificate for *.webapp.company.com, which would mean you can extend this scheme without additional IIS configuration.
In addition, this approach is the most elegant when it comes to routing. There is even a MVC-Subdomain-Routing project on GitHub that you can use for some direction (or as is if your requirements are met by the project).
Also see this question and this answer for some other approaches.

Umbraco AD integration for an intranet

Im wanting to build an intranet that will use Domain (AD) authentication and let the user not have to login. So Ive been looking at the AD package here and digging into the details a bit, it seems you have to configure a user & password in the web.config. Then I seen this example, which is seems to simply be using the AD membership provider and isnt putting any hard-coded username and password in the config file. Are those two approaches even talking about the same thing?
I just need simple pass-through authentication based on the identity of the user passed in from the browser. The question also comes up as to under which context will requests be made when the user uploads a file, edits content etc. Will it be Network Service or the passed in identity?
Since you have specified umbraco 7 in your question, I think you are much better of pursuing the option in your second link.
The first link was written for Umbraco 4.11, and an awful lot has changed since then. Can't tell you if the second link will simply work out-of-the-box, but imo, you have a better chance of being successful.

Architecture: worker/director (3 main roles) in one same rails app

I want to develop a rails app that does this:
a public front-end deployed on some place like Heroku
a private front-end that I can access (this would be someplace like my home/office where it is the only app running)
a private backend that collects and analyses data (the public front end can access the backend through an API,this would be someplace like my home/office where it is the only app running)
I want to keep the code base the same so I was thinking of modifying environment variables accordingly.
So, two things:
is this a good architecture for this?
how would I run a back ground worker thread/process on the private front/backend machine
thanks
This is one application.
My suggestion is that you use an authentication framework, my suggestion would be devise (https://github.com/plataformatec/devise) and an authorization framework like acl9 (https://github.com/be9/acl9) or cancan (https://github.com/ryanb/cancan).
The fact is smarter people than you and I have built fantastic frameworks to solve just this problem and there's no point reinventing the wheel when something already exists. Plus, writing authentications systems might seem easy but it's actually incredibly complicated.
I would also not recommend restful-authentication or acts_as_authenticated, especially if you're building a rails 3 application.
If you're planning on deploying on heroku using environment variables isn't going to work because:
The variables will be the same across all of your dynos.
If you want to run different apps you need to go for their new database offerings which are quite expensive.
Consolidate everything into one app, your life will be easier in the long run!
For background workers you can use resque and dynamically spin up workers (http://blog.darkhax.com/2010/07/30/auto-scale-your-resque-workers-on-heroku). Use different queues if you want for the public/private facing stuff if they have different SLAs.
I hope this helps, if you have any more questions leave a comment.
What about authorization? I'm using this plugin with Restful authentication for authentication.
With it I define roles and where it can access, and give a role to each user. The user log in and the controller (or the view) checks the user's permissions and respond properly (you'll need to code a bit, but it's the most elegant and safer way, I think).
You could perhaps use authentication to figure out who is accessing things, within the controller.
Couldn't you use a before_filter that authenticated access and authorised different levels of functionality, based on authenticated user?
For authentication, you could go for something simple like this (cheatsheet here):
http://cheat.errtheblog.com/s/acts_as_authenticated/
or a better one:
https://github.com/technoweenie/restful-authentication

Sharing session (or cookie) using Grails acegi plugin

Is it possible for two different Grails project, also having different domains, to share a session/cookie?
Let's say I have 2 sites: www.mycompany.com, and, www.othercompany.com. Assume that both sites are having same domains, and same database and records too. What I want to know is if this code:
authenticateService.userDomain()
or even the
authenticateService.isLoggedIn()
will behave and return exactly the same object/result whether it is called in either of the site.
Basically, what we need is a solution for sharing/identifying logged in user between two different sites. Need more details on how to implement this using acegi 0.5.2 and grails 1.2.1.
Hoping for any leads on this. Thank you.
Regarding cross-domain authentication the only thing that comes into my mind is using a single-sign-on service. There are a few open-source SSO implementations available, among them:
CAS
OpenSSO
Josso
Tomcat also has a SingleSingOn valve
This list is by far not complete. Speaking of CAS it definitly works with Grails and Acegi.

Single Account for Multiple Application login in Rails

I'm building some applications using rails.
All apps using restful auth plugin for User base and declarative authorization plugin for authorization rules.
But I need to merge all site's User accounts to one User base for providing login for all sites.
I.e like 37signals working on. Here is their work ;
http://37signals.com/accounts
How can I archieve this, any suggestions are welcome.
Thanks
A.Karr
From studying how 37signals was doing stuff - I think they're using RubyCAS http://github.com/gunark/rubycas-server
It's perfect for single sign-on, single sign-off and other related stuff - when you have multiple independent applications. Also, because CAS is a generic protocol, it exists for non-ruby/rails applications too. SO you can integrate legacy systems or client applications in Java etc.
I started building a set of how-tos on the subject here:
http://rubyglasses.blogspot.com/2009/12/rails-single-sign-on-with-rubycas.html
Have you thought about using open id?
If all your apps run on the same domain you shouldn't have any problems accessing the authentication cookie in all the apps, but you'll need to store the authentication state somewhere where all the applications can access it.

Resources