My initial thought on this is that what you're suggesting seems like a reasonable option, but having read the tomcat-dev thread, I have to agree that doing this expands the scope of the SingleSignOn valve from handling authentication issues to managing session lifecycle, which is a pretty big change. (I consider invalidating associated sessions when one session in the SSO is invalidated for reasons other than timeout to be authentication related, although I can understand your point of view :)
In any case, for maintainability reasons I want to keep the logic of ClusteredSingleSignOn the same as the Tomcat SingleSignOn valve on which it is based (except, of course, for communicating with the clustering layer). So, I wouldn't want to add this to ClusteredSingleSignOn unless the Tomcat folks were willing to add it to their version. (Besides Remy is the lead on JBoss/Tomcat integration, so I wouldn't add something he doesn't agree with). All that being said, I'm more than happy to help you get a custom version working. I suspect your problem is that your "keepaliveSessions" block is being executed too early. A session is not actually bound to the SingleSignOnEntry until the associate() method is called. This happens later in the pipeline, when the request gets to the authenticate() method of one of the Tomcat authenticators (e.g. org.apache.catalina.authenticator.BasicAuthenticator). If you move your "keepaliveSessions" block to ClusteredSingleSignOn.associate(), I believe this will fix your problem (haven't tried it myself). BTW, needing to move this block to associate() slightly increases my concern about adding this option. Now we're doing somethat that affects session lifecycle in an obscure location, rather than in a call from the invoke() method. Best regards, View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3888777#3888777 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3888777 ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
