问题
The default behaviour of tomcat sessions is to persist them on shutdown and restore them after startup. This works on my simple test application as expected. But when I add form based authentication the user login (User principal) won't get restored on tomcat restart.
Even the example application located under /examples/jsp/security/protected/index.jsp does not restore the login.
Is there any way to achieve session/authentication restoration without clustering/replication as suggested elsewhere?
I am using Tomcat 7.
回答1:
You will not archive that with tomcat and standard form based authentication at the example (it uses UserDatabaseRealm). Take a look at the notes: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html
"The cached user is not saved and restored across sessions serialisations." with all realm implementations but "JAASRealm", or so says documentation.
So you can implement your own JAAS login module to be used with forms authentication in tomcat or you can use a framework as "spring security", there are very simple tutorials on the web, for example http://www.mkyong.com/spring-security/spring-security-form-login-example/
I have successfuly tested that example (the session login is remembered after tomcat restart).
I hope this help you.
Regards, José
来源:https://stackoverflow.com/questions/23825731/restore-user-login-after-tomcat-7-restart