You are not logged in.
Pages: 1
Topic closed
Hello,
We have a java web application running on wildfly. Also Reportserver is being deployed to the same app server. We are going to integrate this application with ReportServer. So in the main menu, there will be a link called 'Reports' that will take the users to ReportServer. Of course we dont want to have our users having to login again. Instead, we would like to have a shared session between our app and reportserver.
Does anybody have any idea how we can do it ?
Many thanks in advance.
Regards,
Marcos
Offline
Hi Marcos,
sharing session data across contexts is not supported by any application server I know of. You could probably set the path for the session cookie to / and access the session variables via reflection, but this does not really sound like a great idea.
If all you want to do is bypass the duplicate authentication you should implement some simple SSO scheme in your application that allows ReportServer to establish a users status. The communication flow in this case would be
* the user accesses ReportServer
* the user is redirected to your application
* credentials are verified (either by checking for an existing session or asking fuer user/password)
* your application redirects the user back to ReportServer and passes a ticket
* ReportServer validates the ticket with your application
If you don't want to implement this yourself you can of course just use some preexisting SSO product. CAS is one we know works with ReportServer and is easy to integrate. Look at http://en.wikipedia.org/wiki/Central_Au … on_Service for more details.
Additional information on the implementation of the ReportServer specific part can be found in my blogpost on integrating ReportServer with ActiveDirectory http://blog.datenwerke.net/2013/08/Repo … ation.html
Cheers,
Thorsten
Offline
Hi Thorsten,
Thanks for replying.
Yes, we want to work with some sort of SSO. I'll work with my team and let you know the solution.
Thanks a lot.
Marcos
Offline
Hello guys,
getting back to this subject, we are going to try to use wildfly 9 to share the session between our system and reportserver.
Wildfly will support this from the next version on:
https://issues.jboss.org/browse/WFLY-1891
The implementation seems to be very easy:
https://docs.jboss.org/author/display/W … ence+Guide
However we need to have reportserver and our system in the same ear. We are going to do some tests and let you know how it goes.
In our application we are implementing Apache Shiro to manager the web session. Now we wonder if reportserver will support Apache Shiro in a later version. Is there any chance it can be done?
Thanks.
Regards,
Marcos
Offline
Hi Marcos,
It's good to hear from you.
The wildfly ear/session sharing sounds like exactly the thing you were asking for. I think that should work nicely.
As for shiro: I don't think it very likely we will make major changes like this to ReportServers Authentication/Authorization modules.
Anyway the shiro website states:
Transparent web use - Shiro's web support implements the HttpSession interface and all of it's associated APIs. This means you can use Shiro sessions in existing web applications and you don't need to change any of your existing web code.
As we do nothing with sessions that's particulary fancy, I'd say it might just suffice to have this on the classpath to have ReportServer use it as a session manager.
Cheers,
Thorsten
Offline
Pages: 1
Topic closed