[keycloak-user] where does the tomcat client adapter save the session
Yizhou Jiang(Yizhou)
yizhoujiang at hengtiansoft.com
Wed Jul 19 01:07:48 EDT 2017
Hi,
I have two questions:
1 Where does the tomcat client adapter store the user session ?
when a user logged into a application procted by a tomcat client adapter . there is only “JSESSIONID=E1EAC81E52C97DD64FFB4C13A1231996” in the cookie。
But when I restart the tomcat , the user use the cookie still can login into the application. obviously , the session isn’t store in the memory of tomcat , Where does the tomcat client adapter store the user session?
2 Is there any settings about policy enforcer that can make unauthenticated user access some resources in a application protected by a tomcat client adapter?
Set the enforcement-mode with value “DISABLED” still require the user be authenticated.
"policy-enforcer": {
"enforcement-mode": "PERMISSIVE",
"paths": [
{
"path": "/public/*",
"enforcement-mode": "DISABLED"
}
]
}
thanks ,
yizhou
More information about the keycloak-user
mailing list