Author: markt Date: Tue Dec 16 21:53:29 2014 New Revision: 1646103 URL: http://svn.apache.org/r1646103 Log: First stab at an implementation - won't work because Map entries are not Serializable.
Removed: tomcat/trunk/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOnListener.java tomcat/trunk/java/org/apache/catalina/ha/authenticator/SingleSignOnMessage.java Modified: tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java tomcat/trunk/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java Modified: tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java?rev=1646103&r1=1646102&r2=1646103&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java Tue Dec 16 21:53:29 2014 @@ -33,8 +33,7 @@ import org.apache.catalina.Session; * @see SingleSignOn * @see AuthenticatorBase#reauthenticateFromSSO */ -public class SingleSignOnEntry -{ +public class SingleSignOnEntry { // ------------------------------------------------------ Instance Fields protected String authType = null; Modified: tomcat/trunk/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java?rev=1646103&r1=1646102&r2=1646103&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java (original) +++ tomcat/trunk/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java Tue Dec 16 21:53:29 2014 @@ -16,18 +16,14 @@ */ package org.apache.catalina.ha.authenticator; -import java.security.Principal; - import org.apache.catalina.Container; import org.apache.catalina.Host; import org.apache.catalina.LifecycleException; -import org.apache.catalina.Manager; -import org.apache.catalina.Session; import org.apache.catalina.authenticator.SingleSignOn; import org.apache.catalina.ha.CatalinaCluster; -import org.apache.catalina.ha.ClusterManager; import org.apache.catalina.ha.ClusterValve; -import org.apache.catalina.realm.GenericPrincipal; +import org.apache.catalina.tribes.tipis.AbstractReplicatedMap.MapOwner; +import org.apache.catalina.tribes.tipis.ReplicatedMap; import org.apache.tomcat.util.ExceptionUtils; /** @@ -49,16 +45,9 @@ import org.apache.tomcat.util.ExceptionU * * @author Fabien Carrion */ -public class ClusterSingleSignOn extends SingleSignOn implements ClusterValve { - - // ----------------------------------------------------- Instance Variables - - protected int messageNumber = 0; - - private ClusterSingleSignOnListener clusterSSOListener = null; +public class ClusterSingleSignOn extends SingleSignOn implements ClusterValve, MapOwner { - - // ------------------------------------------------------------- Properties + // -------------------------------------------------------------- Properties private CatalinaCluster cluster = null; @Override @@ -69,7 +58,24 @@ public class ClusterSingleSignOn extends } - // ------------------------------------------------------ Lifecycle Methods + private long rpcTimeout = 15000; + public long getRpcTimeout() { + return rpcTimeout; + } + public void setRpcTimeout(long rpcTimeout) { + this.rpcTimeout = rpcTimeout; + } + + + // -------------------------------------------------------- MapOwner Methods + + @Override + public void objectMadePrimary(Object key, Object value) { + // NO-OP + } + + + // ------------------------------------------------------- Lifecycle Methods /** * Start this component and implement the requirements @@ -81,8 +87,6 @@ public class ClusterSingleSignOn extends @Override protected synchronized void startInternal() throws LifecycleException { - clusterSSOListener = new ClusterSingleSignOnListener(this); - // Load the cluster component, if any try { if(cluster == null) { @@ -96,9 +100,15 @@ public class ClusterSingleSignOn extends if (cluster == null) { throw new LifecycleException( "There is no Cluster for ClusterSingleSignOn"); - } else { - getCluster().addClusterListener(clusterSSOListener); } + + ClassLoader[] cls = new ClassLoader[] { this.getClass().getClassLoader() }; + + cache = new ReplicatedMap<>(this, cluster.getChannel(), rpcTimeout, + cluster.getClusterName() + "-SSO-cache", cls); + reverse = new ReplicatedMap<>(this, cluster.getChannel(), rpcTimeout, + cluster.getClusterName() + "-SSO-reverse", cls); + } catch (Throwable t) { ExceptionUtils.handleThrowable(t); throw new LifecycleException( @@ -122,271 +132,8 @@ public class ClusterSingleSignOn extends super.stopInternal(); if (getCluster() != null) { - getCluster().removeClusterListener(clusterSSOListener); - } - } - - - // ------------------------------------------------------ Protected Methods - - /** - * Notify the cluster of the addition of a Session to - * an SSO session and associate the specified single - * sign on identifier with the specified Session on the - * local node. - * - * @param ssoId Single sign on identifier - * @param session Session to be associated - */ - @Override - protected void associate(String ssoId, Session session) { - - if (cluster != null && cluster.getMembers().length > 0) { - messageNumber++; - SingleSignOnMessage msg = - new SingleSignOnMessage(cluster.getLocalMember(), - ssoId, session.getId()); - Manager mgr = session.getManager(); - if (mgr instanceof ClusterManager) { - msg.setContextName(((ClusterManager) mgr).getName()); - } - - msg.setAction(SingleSignOnMessage.ADD_SESSION); - - cluster.send(msg); - - if (containerLog.isDebugEnabled()) { - containerLog.debug("SingleSignOnMessage Send with action " - + msg.getAction()); - } - } - - associateLocal(ssoId, session); - } - - - protected void associateLocal(String ssoId, Session session) { - super.associate(ssoId, session); - } - - - /** - * Notify the cluster of the removal of a Session from an - * SSO session and deregister the specified session. If it is the last - * session, then also get rid of the single sign on identifier on the - * local node. - * - * @param ssoId Single sign on identifier - * @param session Session to be deregistered - */ - @Override - protected void deregister(String ssoId, Session session) { - - if (cluster != null && cluster.getMembers().length > 0) { - messageNumber++; - SingleSignOnMessage msg = - new SingleSignOnMessage(cluster.getLocalMember(), - ssoId, session.getId()); - Manager mgr = session.getManager(); - if (mgr instanceof ClusterManager) { - msg.setContextName(((ClusterManager) mgr).getName()); - } - - msg.setAction(SingleSignOnMessage.DEREGISTER_SESSION); - - cluster.send(msg); - if (containerLog.isDebugEnabled()) { - containerLog.debug("SingleSignOnMessage Send with action " - + msg.getAction()); - } + ((ReplicatedMap<?,?>) cache).breakdown(); + ((ReplicatedMap<?,?>) reverse).breakdown(); } - - deregisterLocal(ssoId, session); - } - - - protected void deregisterLocal(String ssoId, Session session) { - super.deregister(ssoId, session); - } - - - /** - * Notifies the cluster that a single sign on session - * has been terminated due to a user logout, deregister - * the specified single sign on identifier, and invalidate - * any associated sessions on the local node. - * - * @param ssoId Single sign on identifier to deregister - */ - @Override - protected void deregister(String ssoId) { - - if (cluster != null && cluster.getMembers().length > 0) { - messageNumber++; - SingleSignOnMessage msg = - new SingleSignOnMessage(cluster.getLocalMember(), - ssoId, null); - msg.setAction(SingleSignOnMessage.LOGOUT_SESSION); - - cluster.send(msg); - if (containerLog.isDebugEnabled()) { - containerLog.debug("SingleSignOnMessage Send with action " - + msg.getAction()); - } - } - - deregisterLocal(ssoId); - } - - - protected void deregisterLocal(String ssoId) { - super.deregister(ssoId); - } - - - /** - * Notifies the cluster of the creation of a new SSO entry - * and register the specified Principal as being associated - * with the specified value for the single sign on identifier. - * - * @param ssoId Single sign on identifier to register - * @param principal Associated user principal that is identified - * @param authType Authentication type used to authenticate this - * user principal - * @param username Username used to authenticate this user - * @param password Password used to authenticate this user - */ - @Override - protected void register(String ssoId, Principal principal, String authType, - String username, String password) { - - if (cluster != null && cluster.getMembers().length > 0) { - messageNumber++; - SingleSignOnMessage msg = - new SingleSignOnMessage(cluster.getLocalMember(), - ssoId, null); - msg.setAction(SingleSignOnMessage.REGISTER_SESSION); - msg.setAuthType(authType); - msg.setUsername(username); - msg.setPassword(password); - - if (principal instanceof GenericPrincipal) { - msg.setPrincipal((GenericPrincipal) principal); - } - - cluster.send(msg); - if (containerLog.isDebugEnabled()) { - containerLog.debug("SingleSignOnMessage Send with action " - + msg.getAction()); - } - } - - registerLocal(ssoId, principal, authType, username, password); - } - - - protected void registerLocal(String ssoId, Principal principal, String authType, - String username, String password) { - super.register(ssoId, principal, authType, username, password); - } - - - /** - * Notifies the cluster of an update of the security credentials - * associated with an SSO session. Updates any <code>SingleSignOnEntry</code> - * found under key <code>ssoId</code> with the given authentication data. - * <p> - * The purpose of this method is to allow an SSO entry that was - * established without a username/password combination (i.e. established - * following DIGEST or CLIENT-CERT authentication) to be updated with - * a username and password if one becomes available through a subsequent - * BASIC or FORM authentication. The SSO entry will then be usable for - * reauthentication. - * <p> - * <b>NOTE:</b> Only updates the SSO entry if a call to - * <code>SingleSignOnEntry.getCanReauthenticate()</code> returns - * <code>false</code>; otherwise, it is assumed that the SSO entry already - * has sufficient information to allow reauthentication and that no update - * is needed. - * - * @param ssoId identifier of Single sign to be updated - * @param principal the <code>Principal</code> returned by the latest - * call to <code>Realm.authenticate</code>. - * @param authType the type of authenticator used (BASIC, CLIENT-CERT, - * DIGEST or FORM) - * @param username the username (if any) used for the authentication - * @param password the password (if any) used for the authentication - */ - @Override - protected void update(String ssoId, Principal principal, String authType, - String username, String password) { - - if (cluster != null && cluster.getMembers().length > 0) { - messageNumber++; - SingleSignOnMessage msg = - new SingleSignOnMessage(cluster.getLocalMember(), - ssoId, null); - msg.setAction(SingleSignOnMessage.UPDATE_SESSION); - msg.setAuthType(authType); - msg.setUsername(username); - msg.setPassword(password); - - if (principal instanceof GenericPrincipal) { - msg.setPrincipal((GenericPrincipal) principal); - } - - cluster.send(msg); - if (containerLog.isDebugEnabled()) { - containerLog.debug("SingleSignOnMessage Send with action " - + msg.getAction()); - } - } - - updateLocal(ssoId, principal, authType, username, password); - } - - - protected void updateLocal(String ssoId, Principal principal, String authType, - String username, String password) { - super.update(ssoId, principal, authType, username, password); - } - - - /** - * Remove a single Session from a SingleSignOn and notify the cluster - * of the removal. Called when a session is timed out and no longer active. - * - * @param ssoId Single sign on identifier from which to remove the session. - * @param session the session to be removed. - */ - @Override - protected void removeSession(String ssoId, Session session) { - - if (cluster != null && cluster.getMembers().length > 0) { - messageNumber++; - SingleSignOnMessage msg = - new SingleSignOnMessage(cluster.getLocalMember(), - ssoId, session.getId()); - - Manager mgr = session.getManager(); - if (mgr instanceof ClusterManager) { - msg.setContextName(((ClusterManager) mgr).getName()); - } - - msg.setAction(SingleSignOnMessage.REMOVE_SESSION); - - cluster.send(msg); - if (containerLog.isDebugEnabled()) { - containerLog.debug("SingleSignOnMessage Send with action " - + msg.getAction()); - } - } - - removeSessionLocal(ssoId, session); - } - - - protected void removeSessionLocal(String ssoId, Session session) { - super.removeSession(ssoId, session); } } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org