Skip to main content Skip to navigation


The sso-client.jar contains all the code that deals with logging in, logging out and retrieving the logged in users information. This is all done with multiple redirects and a lot of encryption, but this is all abstracted away by the SSOClientFilter, ShireServlet and LogoutServlet.

When configured in a web.xml like this:


SSOClientFilter, once it has done all of its work just puts a User object in the request scope under a certain key (usually SSO_USER, but configurable in the sso-config.xml). If the user is logged i it will be a logged in user, if not, it will be anonymous. Simple as that.