 protected void associate(String ssoId,
Session session) {
// ------------------------------------------------------------- Properties
// --------------------------------------------------------- Public Methods
// ------------------------------------------------------ Protected Methods
if (ourSSO == null)
return;
ourSSO.associate(ssoId, session);
}
Associate the specified single sign on identifier with the
specified Session.
IMPLEMENTATION NOTE: Overrides the superclass version solely by
using a org.jboss.web.tomcat.tc4.authenticator.SingleSignOn
instead of an org.apache.catalina.authenticator.SingleSignOn |
protected boolean reauthenticateFromSSO(String ssoId,
HttpRequest request) {
if (ourSSO == null || ssoId == null)
return false;
boolean reauthenticated = false;
SingleSignOnEntry entry = ourSSO.lookup(ssoId);
if (entry != null && entry.getCanReauthenticate())
{
Principal reauthPrincipal = null;
Container parent = getContainer();
if (parent != null)
{
Realm realm = getContainer().getRealm();
String username = entry.getUsername();
if (realm != null && username != null)
{
reauthPrincipal =
realm.authenticate(username, entry.getPassword());
}
}
if (reauthPrincipal != null)
{
associate(ssoId, getSession(request, true));
request.setAuthType(entry.getAuthType());
request.setUserPrincipal(reauthPrincipal);
reauthenticated = true;
if (debug >= 1)
{
log(" Reauthenticated cached principal '" +
entry.getPrincipal().getName() + "' with auth type '" +
entry.getAuthType() + "'");
}
}
}
return reauthenticated;
} Attempts reauthentication to the Realm using
the credentials included in argument entry. |
protected void register(HttpRequest request,
HttpResponse response,
Principal principal,
String authType,
String username,
String password) {
if (debug >= 1)
log("Authenticated '" + principal.getName() + "' with type '" +
authType + "'");
// Cache the authentication information in our request
request.setAuthType(authType);
request.setUserPrincipal(principal);
Session session = getSession(request, false);
// Cache the authentication information in our session, if any
if (cache)
{
if (session != null)
{
session.setAuthType(authType);
session.setPrincipal(principal);
if (username != null)
session.setNote(Constants.SESS_USERNAME_NOTE, username);
else
session.removeNote(Constants.SESS_USERNAME_NOTE);
if (password != null)
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
else
session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
}
// Construct a cookie to be returned to the client
if (ourSSO == null)
return;
// Only create a new SSO entry if the SSO did not already set a note
// for an existing entry (as it would do with subsequent requests
// for DIGEST and SSL authenticated contexts)
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (ssoId == null)
{
// Construct a cookie to be returned to the client
HttpServletResponse hres =
(HttpServletResponse) response.getResponse();
ssoId = generateSessionId();
Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, ssoId);
cookie.setMaxAge(-1);
cookie.setPath("/");
hres.addCookie(cookie);
// Register this principal with our SSO valve
ourSSO.register(ssoId, principal, authType, username, password);
request.setNote(Constants.REQ_SSOID_NOTE, ssoId);
}
else
{
// Update the SSO session with the latest authentication data
ourSSO.update(ssoId, principal, authType, username, password);
}
// Fix for Tomcat Bug 10040
// Always associate a session with a new SSO reqistration.
// SSO entries are only removed from the SSO registry map when
// associated sessions are destroyed; if a new SSO entry is created
// above for this request and the user never revisits the context, the
// SSO entry will never be cleared if we don't associate the session
if (session == null)
session = getSession(request, true);
ourSSO.associate(ssoId, session);
} Register an authenticated Principal and authentication type in our
request, in the current session (if there is one), and with our
SingleSignOn valve, if there is one. Set the appropriate cookie
to be returned.
IMPLEMENTATION NOTE: Differs from the standard Tomcat
implementation in checking if any SingleSignOn valve
has added a note to the request. If it has, it does not call
SingleSignOn.register, instead calling
SingleSignOn.update. This behavior supports
authenticators like SSLAuthenticator that may attempt
to re-register with every request. |
public void start() throws LifecycleException {
// Validate and update our current component state
if (started)
{
throw new LifecycleException
(sm.getString("authenticator.alreadyStarted"));
}
lifecycle.fireLifecycleEvent(START_EVENT, null);
if ("org.apache.catalina.core.StandardContext".equals
(context.getClass().getName()))
{
try
{
Class paramTypes[] = new Class[0];
Object paramValues[] = new Object[0];
Method method =
context.getClass().getMethod("getDebug", paramTypes);
Integer result = (Integer) method.invoke(context, paramValues);
setDebug(result.intValue());
}
catch (Exception e)
{
log("Exception getting debug value", e);
}
}
started = true;
// Look up the SingleSignOn implementation in our request processing
// path, if there is one
Container parent = context.getParent();
while ((ourSSO == null) && (parent != null))
{
if (!(parent instanceof Pipeline))
{
parent = parent.getParent();
continue;
}
Valve valves[] = ((Pipeline) parent).getValves();
for (int i = 0; i < valves.length; i++)
{
if (valves[i] instanceof SingleSignOn)
{
ourSSO = (SingleSignOn) valves[i];
break;
}
}
if (ourSSO == null)
parent = parent.getParent();
}
if (debug >= 1)
{
if (ourSSO != null)
{
log("Found SingleSignOn Valve at " + ourSSO);
}
else
{
log("No SingleSignOn Valve is present");
}
}
} Prepare for the beginning of active use of the public methods of this
component. This method should be called after configure(),
and before any of the public methods of the component are utilized.
IMPLEMENTATION NOTE: Overrides the superclass version solely by
using a org.jboss.web.tomcat.tc4.authenticator.SingleSignOn
instead of an org.apache.catalina.authenticator.SingleSignOn |
org.apache.catalina.authenticator.AuthenticatorBase
Save This Page