Skip to content

Instantly share code, notes, and snippets.

View JChrist's full-sized avatar
🤦‍♂️
Always

Ioannis Christodoulou JChrist

🤦‍♂️
Always
View GitHub Profile
@tdakanalis
tdakanalis / A Guide For Session Persistence With JAAS On Tomcat.md
Last active August 29, 2015 14:23
Tomcat - Session Persistence With JAAS Realm

In Tomcat you can use the PersistentManager in order to swap active (but idle) sessions out to a persistent storage mechanism, as well as to save all sessions across a normal restart of Tomcat. Moreover, the JAASRealm is an implementation of the Tomcat Realm interface that authenticates users through the Java Authentication & Authorization Service (JAAS) framework.

However, the problems start when the PersistentManager deserializes the persisted sessions but the built in JAAS authenticators are not able to find any user principal in those sessions and as a result the user is asked to provide their credentials. The cause of the problem is that as it has been documented in the org.apache.catalina.session.StandardSession class:

/**
 * The authenticated Principal associated with this session, if any.
 * <b>IMPLEMENTATION NOTE:</b>  This object is <i>not</i> saved and
 * restored across session serializations!
 */