Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator SingleSignOnEntry.java AuthenticatorBase.java BasicAuthenticator.java DigestAuthenticator.java FormAuthenticator.java NonLoginAuthenticator.java SSLAuthenticator.java SingleSignOn.java mbeans-descriptors.xml

[Remy Maucherat]

Tim Funk wrote:

This means that the "logout" check is now back in, the revert from 1.6 
-> 1.7 for bug http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23764

Diff link:
http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java.diff?r1=1.6&r2=1.7&diff_format=h 

Just an FYI, at this point, I don't know if that is good, bad, or neither.
That's true.
Maybe Brian can explain why he removed this (otherwise, I'll reapply the 
fix).

Remy



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator SingleSignOnEntry.java AuthenticatorBase.java BasicAuthenticator.java DigestAuthenticator.java FormAuthenticator.java NonLoginAuthenticator.java SSLAuthenticator.java SingleSignOn.java mbeans-descriptors.xml

[Tim Funk]

This means that the "logout" check is now back in, the revert from 1.6 -> 1.7 
for bug http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23764

Diff link:
http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java.diff?r1=1.6&r2=1.7&diff_format=h
Just an FYI, at this point, I don't know if that is good, bad, or neither.

-Tim



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator SingleSignOnEntry.java AuthenticatorBase.java BasicAuthenticator.java DigestAuthenticator.java FormAuthenticator.java NonLoginAuthenticator.java SSLAuthenticator.java SingleSignOn.java mbeans-descriptors.xml

[remm]

remm2003/11/24 08:46:56

  Modified:catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java BasicAuthenticator.java
DigestAuthenticator.java FormAuthenticator.java
NonLoginAuthenticator.java SSLAuthenticator.java
SingleSignOn.java mbeans-descriptors.xml
  Added:   catalina/src/share/org/apache/catalina/authenticator
SingleSignOnEntry.java
  Log:
  - Bug 23881: SSO in embedded Tomcat.
  - Patch submitted by Brian Stansberry. Thanks :)
  
  Revision  ChangesPath
  1.14  +86 -20
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
  
  Index: AuthenticatorBase.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- AuthenticatorBase.java23 Oct 2003 17:33:10 -  1.13
  +++ AuthenticatorBase.java24 Nov 2003 16:46:56 -  1.14
  @@ -625,7 +625,7 @@
*
* @param request Request we are processing
* @param response Response we are creating
  - * @param login Login configuration describing how authentication
  + * @param configLogin configuration describing how authentication
*  should be performed
*
* @exception IOException if an input/output error occurs
  @@ -643,7 +643,6 @@
   protected synchronized String generateSessionId() {
   
   // Generate a byte array containing a session identifier
  -Random random = getRandom();
   byte bytes[] = new byte[SESSION_ID_BYTES];
   getRandom().nextBytes(bytes);
   bytes = getDigest().digest(bytes);
  @@ -801,6 +800,53 @@
   
   
   /**
  + * Attempts reauthentication to the Realm using
  + * the credentials included in argument entry.
  + *
  + * @param ssoId identifier of SingleSignOn session with which the
  + *  caller is associated
  + * @param request   the request that needs to be authenticated
  + */
  +protected boolean reauthenticateFromSSO(String ssoId, HttpRequest request) {
  +
  +if (sso == null || ssoId == null)
  +return false;
  +
  +boolean reauthenticated = false;
  +
  +SingleSignOnEntry entry = sso.lookup(ssoId);
  +if (entry != null && entry.getCanReauthenticate()) {
  +Principal reauthPrincipal = null;
  +Container parent = getContainer();
  +if (parent != null) {
  +Realm realm = getContainer().getRealm();
  +String username = entry.getUsername();
  +if (realm != null && username != null) {
  +reauthPrincipal =
  +realm.authenticate(username, entry.getPassword());
  +}
  +}
  +
  +if (reauthPrincipal != null) {
  +associate(ssoId, getSession(request, true));
  +request.setAuthType(entry.getAuthType());
  +request.setUserPrincipal(reauthPrincipal);
  +
  +reauthenticated = true;
  +if (log.isDebugEnabled()) {
  +log.debug(" Reauthenticated cached principal '" +
  +  entry.getPrincipal().getName() +
  +  "' with auth type '" +
  +  entry.getAuthType() + "'");
  +}
  +}
  +}
  +
  +return reauthenticated;
  +}
  +
  +
  +/**
* Register an authenticated Principal and authentication type in our
* request, in the current session (if there is one), and with our
* SingleSignOn valve, if there is one.  Set the appropriate cookie
  @@ -825,9 +871,9 @@
   request.setAuthType(authType);
   request.setUserPrincipal(principal);
   
  +Session session = getSession(request, false);
   // Cache the authentication information in our session, if any
   if (cache) {
  -Session session = getSession(request, false);
   if (session != null) {
   session.setAuthType(authType);
   session.setPrincipal(principal);
  @@ -845,19 +891,39 @@
   // Construct a cookie to be returned to the client
   if (sso == null)
   return;
  -HttpServletRequest hreq =
  -(HttpServletRequest) request.getRequest();
  -HttpServletResponse hres =
  -(HttpServletResponse) response.getResponse();
  -String value = generateSessionId();
  -Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, value);
  -cookie.setMaxAge(-1);
  -