[SingleSignOn Valve] Chaning its behaviour

Tue, 03 Aug 2010 05:18:58 -0700 

Hello,

I’m porting applications from weblogic to jboss which uses tomcat as everybody 
knows.
In weblogic, I used to use the SSO feature which allowed me to logout from a 
webapp without invalidating session for all webapps.

After reading SingleSignOn Valve documentation, I realize that tomcat doesn’t 
behave as I would like. So I’m about to code a new SingleSignOn Valve by 
extending tomcat’s one and overriding the deregister(String ssoId) method so 
that it doesn’t invalidate all sessions bound to the SSO Entry

My question is : is it safe for me to do that ? I mean, am I about to wreck 
something in tomcat internal ? Will I introduce such a change that SSO valve 
wouldn't work anymore ?

Thank in advance.

Dom


/**
484:             * Deregister the specified single sign on identifier, and 
invalidate
485:             * any associated sessions.
486:             *
487:             * @param ssoId Single sign on identifier to deregister
488:             */
489:            protected void deregister(String ssoId) {
490:
491:                if (containerLog.isDebugEnabled())
492:                    containerLog.debug("Deregistering sso id '" + ssoId + 
"'");
493:
494:                // Look up and remove the corresponding SingleSignOnEntry
495:                SingleSignOnEntry sso = null;
496:                synchronized (cache) {
497:                    sso = (SingleSignOnEntry) cache.remove(ssoId);
498:                }
499:
500:                if (sso == null)
501:                    return;
502:

                        /* Remove this part so that only the "current" Session 
is invalidated

503:                // Expire any associated sessions
504:                Session sessions[] = sso.findSessions();
505:                for (int i = 0; i < sessions.length; i++) {
506:                    if (containerLog.isTraceEnabled())
507:                        containerLog.trace(" Invalidating session "
508:                                + sessions[i]);
509:                    // Remove from reverse cache first to avoid recursion
510:                    synchronized (reverse) {
511:                        reverse.remove(sessions[i]);
512:                    }
513:                    // Invalidate this session
514:                    sessions[i].expire();
515:                }

                End of change
                */
516:
517:                // NOTE:  Clients may still possess the old single sign on 
cookie,
518:                // but it will be removed on the next request since it is 
no longer
519:                // in the cache
520:
521:            }

Consultez nos nouveaux sites internet : 
http://www.dexia-sofaxis.com 
http://www.dexia-sofcap-sofcah.com

Tous ensemble pour l’environnement : n’imprimer ce courriel que si nécessaire.

Dexia Sofaxis disclaimer : http://www.dexia-sofaxis.com/disclaimer.html

Reply via email to