tomcat session 共享、 傻瓜式SSO

        前阵用SSH2写了一个自己用的程序(A), 有一部分是重用的已有一个系统(B： SSI)的核心功能。 为了能在自己写的系统(A)中框架中直接引入另一系统(B)的功能页面。考虑过合并A B，但工作量估计也不小。于是考虑用共享SESSION达到效果。 两个应用同用的同一数据库。

    (1)于是把两个应用放在同一tomcat下，虚拟路径设置了session共享；

  
 <Context path="/a"  reloadable="true" crossContext="true"></Context>
 <Context path="/b"  reloadable="true" crossContext="true"></Context>

 

    (2)在B系统中加了一个过滤器取得A系统的相关信息，按B系统的要求重新注入session相关的信息。核心代码如下：

A系统某过滤器：

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
        HttpSession session = ((HttpServletRequest) request).getSession();
        User user = (User) session.getAttribute(Constants.SESSION_USER_KEY);
        if (user != null) {
            ...
        } else { 
            ...

        }
       
        User aUser = (User)session.getAttribute( "A_SESSION_USER" );
        if( aUser == null && user != null ) {
         UserDepartment aUserDept = new UserDepartment();
         try{
          aUser = new  User();
           ......               

            } catch( Exception e ) {
             e.printStackTrace();
            }
            session.setAttribute( "A_SESSION_USER_DEPT", aUserDept );
            session.setAttribute( "A_SESSION_USER", aUser );
         ServletContext ContextMybase = session.getServletContext();
         ContextMybase.setAttribute( "ASession", session );
        }
        super.doFilter(request, response, filterChain);
    }

 

B系统某过滤器：

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
        HttpSession session = ((HttpServletRequest) request).getSession();
        User user = (User) session.getAttribute(Constants.SESSION_USER_KEY);
       
       
        if( user == null ) {

            ServletContext context = session.getServletContext().getContext( "/a" );
            HttpSession spmsSession = (HttpSession)context.getAttribute( "ASession" );
            Object spmsUser = spmsSession.getAttribute( "A_SESSION_USER" );
            Object spmsUserDept = spmsSession.getAttribute( "A_SESSION_USER_DEPT" );
            UserDepartment userDept = new UserDepartment();
         
            user = new User();
            try{

                BeanUtils.copyProperties( user, spmsUser ); 
                BeanUtils.copyProperties( userDept, spmsUserDept ); 
                user.setMainDept( userDept );
            } catch( Exception e ) {
             e.printStackTrace();
            }
           
            session.setAttribute( Constants.SESSION_USER_KEY, user );
        }        
        ...
        super.doFilter(request, response, filterChain);
    }