remm2003/11/24 08:46:56
Modified:catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java BasicAuthenticator.java
DigestAuthenticator.java FormAuthenticator.java
NonLoginAuthenticator.java SSLAuthenticator.java
SingleSignOn.java mbeans-descriptors.xml
Added: catalina/src/share/org/apache/catalina/authenticator
SingleSignOnEntry.java
Log:
- Bug 23881: SSO in embedded Tomcat.
- Patch submitted by Brian Stansberry. Thanks :)
Revision ChangesPath
1.14 +86 -20
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- AuthenticatorBase.java23 Oct 2003 17:33:10 - 1.13
+++ AuthenticatorBase.java24 Nov 2003 16:46:56 - 1.14
@@ -625,7 +625,7 @@
*
* @param request Request we are processing
* @param response Response we are creating
- * @param login Login configuration describing how authentication
+ * @param configLogin configuration describing how authentication
* should be performed
*
* @exception IOException if an input/output error occurs
@@ -643,7 +643,6 @@
protected synchronized String generateSessionId() {
// Generate a byte array containing a session identifier
-Random random = getRandom();
byte bytes[] = new byte[SESSION_ID_BYTES];
getRandom().nextBytes(bytes);
bytes = getDigest().digest(bytes);
@@ -801,6 +800,53 @@
/**
+ * Attempts reauthentication to the Realm using
+ * the credentials included in argument entry.
+ *
+ * @param ssoId identifier of SingleSignOn session with which the
+ * caller is associated
+ * @param request the request that needs to be authenticated
+ */
+protected boolean reauthenticateFromSSO(String ssoId, HttpRequest request) {
+
+if (sso == null || ssoId == null)
+return false;
+
+boolean reauthenticated = false;
+
+SingleSignOnEntry entry = sso.lookup(ssoId);
+if (entry != null && entry.getCanReauthenticate()) {
+Principal reauthPrincipal = null;
+Container parent = getContainer();
+if (parent != null) {
+Realm realm = getContainer().getRealm();
+String username = entry.getUsername();
+if (realm != null && username != null) {
+reauthPrincipal =
+realm.authenticate(username, entry.getPassword());
+}
+}
+
+if (reauthPrincipal != null) {
+associate(ssoId, getSession(request, true));
+request.setAuthType(entry.getAuthType());
+request.setUserPrincipal(reauthPrincipal);
+
+reauthenticated = true;
+if (log.isDebugEnabled()) {
+log.debug(" Reauthenticated cached principal '" +
+ entry.getPrincipal().getName() +
+ "' with auth type '" +
+ entry.getAuthType() + "'");
+}
+}
+}
+
+return reauthenticated;
+}
+
+
+/**
* Register an authenticated Principal and authentication type in our
* request, in the current session (if there is one), and with our
* SingleSignOn valve, if there is one. Set the appropriate cookie
@@ -825,9 +871,9 @@
request.setAuthType(authType);
request.setUserPrincipal(principal);
+Session session = getSession(request, false);
// Cache the authentication information in our session, if any
if (cache) {
-Session session = getSession(request, false);
if (session != null) {
session.setAuthType(authType);
session.setPrincipal(principal);
@@ -845,19 +891,39 @@
// Construct a cookie to be returned to the client
if (sso == null)
return;
-HttpServletRequest hreq =
-(HttpServletRequest) request.getRequest();
-HttpServletResponse hres =
-(HttpServletResponse) response.getResponse();
-String value = generateSessionId();
-Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, value);
-cookie.setMaxAge(-1);
-