Hi,
I have two questions:
1 Where does the tomcat client adapter store the user session ?
when a user logged into a application procted by a tomcat client adapter . there is
only “JSESSIONID=E1EAC81E52C97DD64FFB4C13A1231996” in the cookie。
But when I restart the tomcat , the user use the cookie still can login into the
application. obviously , the session isn’t store in the memory of tomcat , Where does the
tomcat client adapter store the user session?
2 Is there any settings about policy enforcer that can make unauthenticated user
access some resources in a application protected by a tomcat client adapter?
Set the enforcement-mode with value “DISABLED” still require the user be authenticated.
"policy-enforcer": {
"enforcement-mode": "PERMISSIVE",
"paths": [
{
"path": "/public/*",
"enforcement-mode": "DISABLED"
}
]
}
thanks ,
yizhou
Show replies by date