remm 2004/04/26 14:50:36 Modified: catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java SingleSignOn.java SingleSignOnEntry.java Log: - Allow extending SSO functionality. - Submitted by Brian Stansberry. Revision Changes Path 1.18 +9 -17 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Index: AuthenticatorBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- AuthenticatorBase.java 27 Feb 2004 14:58:41 -0000 1.17 +++ AuthenticatorBase.java 26 Apr 2004 21:50:36 -0000 1.18 @@ -760,31 +760,23 @@ boolean reauthenticated = false; - SingleSignOnEntry entry = sso.lookup(ssoId); - if (entry != null && entry.getCanReauthenticate()) { - Principal reauthPrincipal = null; Container parent = getContainer(); if (parent != null) { - Realm realm = getContainer().getRealm(); - String username = entry.getUsername(); - if (realm != null && username != null) { - reauthPrincipal = - realm.authenticate(username, entry.getPassword()); + Realm realm = parent.getRealm(); + if (realm != null) { + reauthenticated = sso.reauthenticate(ssoId, realm, request); } } - if (reauthPrincipal != null) { + if (reauthenticated) { associate(ssoId, getSession(request, true)); - request.setAuthType(entry.getAuthType()); - request.setUserPrincipal(reauthPrincipal); - reauthenticated = true; if (log.isDebugEnabled()) { + HttpServletRequest hreq = + (HttpServletRequest) request.getRequest(); log.debug(" Reauthenticated cached principal '" + - entry.getPrincipal().getName() + - "' with auth type '" + - entry.getAuthType() + "'"); - } + hreq.getUserPrincipal().getName() + + "' with auth type '" + hreq.getAuthType() + "'"); } } 1.13 +94 -46 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java Index: SingleSignOn.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- SingleSignOn.java 27 Feb 2004 14:58:41 -0000 1.12 +++ SingleSignOn.java 26 Apr 2004 21:50:36 -0000 1.13 @@ -33,6 +33,7 @@ import org.apache.catalina.LifecycleException; import org.apache.catalina.LifecycleListener; import org.apache.catalina.Logger; +import org.apache.catalina.Realm; import org.apache.catalina.Request; import org.apache.catalina.Response; import org.apache.catalina.Session; @@ -559,6 +560,55 @@ /** + * Attempts reauthentication to the given <code>Realm</code> using + * the credentials associated with the single sign-on session + * identified by argument <code>ssoId</code>. + * <p> + * If reauthentication is successful, the <code>Principal</code> and + * authorization type associated with the SSO session will be bound + * to the given <code>HttpRequest</code> object via calls to + * [EMAIL PROTECTED] HttpRequest#setAuthType HttpRequest.setAuthType()} and + * [EMAIL PROTECTED] HttpRequest#setUserPrincipal HttpRequest.setUserPrincipal()} + * </p> + * + * @param ssoId identifier of SingleSignOn session with which the + * caller is associated + * @param realm Realm implementation against which the caller is to + * be authenticated + * @param request the request that needs to be authenticated + * + * @return <code>true</code> if reauthentication was successful, + * <code>false</code> otherwise. + */ + protected boolean reauthenticate(String ssoId, Realm realm, + HttpRequest request) { + + if (ssoId == null || realm == null) + return false; + + boolean reauthenticated = false; + + SingleSignOnEntry entry = lookup(ssoId); + if (entry != null && entry.getCanReauthenticate()) { + + String username = entry.getUsername(); + if (username != null) { + Principal reauthPrincipal = + realm.authenticate(username, entry.getPassword()); + if (reauthPrincipal != null) { + reauthenticated = true; + // Bind the authorization credentials to the request + request.setAuthType(entry.getAuthType()); + request.setUserPrincipal(reauthPrincipal); + } + } + } + + return reauthenticated; + } + + + /** * Register the specified Principal as being associated with the specified * value for the single sign on identifier. * @@ -585,6 +635,47 @@ /** + * Updates any <code>SingleSignOnEntry</code> found under key + * <code>ssoId</code> with the given authentication data. + * <p> + * The purpose of this method is to allow an SSO entry that was + * established without a username/password combination (i.e. established + * following DIGEST or CLIENT-CERT authentication) to be updated with + * a username and password if one becomes available through a subsequent + * BASIC or FORM authentication. The SSO entry will then be usable for + * reauthentication. + * <p> + * <b>NOTE:</b> Only updates the SSO entry if a call to + * <code>SingleSignOnEntry.getCanReauthenticate()</code> returns + * <code>false</code>; otherwise, it is assumed that the SSO entry already + * has sufficient information to allow reauthentication and that no update + * is needed. + * + * @param ssoId identifier of Single sign to be updated + * @param principal the <code>Principal</code> returned by the latest + * call to <code>Realm.authenticate</code>. + * @param authType the type of authenticator used (BASIC, CLIENT-CERT, + * DIGEST or FORM) + * @param username the username (if any) used for the authentication + * @param password the password (if any) used for the authentication + */ + protected void update(String ssoId, Principal principal, String authType, + String username, String password) { + + SingleSignOnEntry sso = lookup(ssoId); + if (sso != null && !sso.getCanReauthenticate()) { + if (debug >= 1) + log("Update sso id " + ssoId + " to auth type " + authType); + + synchronized(sso) { + sso.updateCredentials(principal, authType, username, password); + } + + } + } + + + /** * Log a message on the Logger associated with our Container (if any). * * @param message Message to be logged @@ -633,9 +724,7 @@ } - //---------------------------------------------- Package-Protected Methods - - + /** * Remove a single Session from a SingleSignOn. Called when * a session is timed out and no longer active. @@ -643,7 +732,7 @@ * @param ssoId Single sign on identifier from which to remove the session. * @param session the session to be removed. */ - void removeSession(String ssoId, Session session) { + protected void removeSession(String ssoId, Session session) { if (debug >= 1) log("Removing session " + session.toString() + " from sso id " + @@ -666,47 +755,6 @@ // deregister the entry. if (entry.findSessions().length == 0) { deregister(ssoId); - } - } - - - /** - * Updates any <code>SingleSignOnEntry</code> found under key - * <code>ssoId</code> with the given authentication data. - * <p> - * The purpose of this method is to allow an SSO entry that was - * established without a username/password combination (i.e. established - * following DIGEST or CLIENT-CERT authentication) to be updated with - * a username and password if one becomes available through a subsequent - * BASIC or FORM authentication. The SSO entry will then be usable for - * reauthentication. - * <p> - * <b>NOTE:</b> Only updates the SSO entry if a call to - * <code>SingleSignOnEntry.getCanReauthenticate()</code> returns - * <code>false</code>; otherwise, it is assumed that the SSO entry already - * has sufficient information to allow reauthentication and that no update - * is needed. - * - * @param ssoId identifier of Single sign to be updated - * @param principal the <code>Principal</code> returned by the latest - * call to <code>Realm.authenticate</code>. - * @param authType the type of authenticator used (BASIC, CLIENT-CERT, - * DIGEST or FORM) - * @param username the username (if any) used for the authentication - * @param password the password (if any) used for the authentication - */ - void update(String ssoId, Principal principal, String authType, - String username, String password) { - - SingleSignOnEntry sso = lookup(ssoId); - if (sso != null && !sso.getCanReauthenticate()) { - if (debug >= 1) - log("Update sso id " + ssoId + " to auth type " + authType); - - synchronized(sso) { - sso.updateCredentials(principal, authType, username, password); - } - } } 1.3 +18 -18 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOnEntry.java Index: SingleSignOnEntry.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOnEntry.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- SingleSignOnEntry.java 27 Feb 2004 14:58:41 -0000 1.2 +++ SingleSignOnEntry.java 26 Apr 2004 21:50:36 -0000 1.3 @@ -32,21 +32,21 @@ * @see SingleSignOn * @see AuthenticatorBase#reauthenticateFromSSO */ -class SingleSignOnEntry +public class SingleSignOnEntry { // ------------------------------------------------------ Instance Fields - private String authType = null; + protected String authType = null; - private String password = null; + protected String password = null; - private Principal principal = null; + protected Principal principal = null; - private Session sessions[] = new Session[0]; + protected Session sessions[] = new Session[0]; - private String username = null; + protected String username = null; - private boolean canReauthenticate = false; + protected boolean canReauthenticate = false; // --------------------------------------------------------- Constructors @@ -76,7 +76,7 @@ * the SSO session. * @param session The <code>Session</code> being associated with the SSO. */ - synchronized void addSession(SingleSignOn sso, Session session) { + public synchronized void addSession(SingleSignOn sso, Session session) { for (int i = 0; i < sessions.length; i++) { if (session == sessions[i]) return; @@ -94,7 +94,7 @@ * * @param session the <code>Session</code> to remove. */ - synchronized void removeSession(Session session) { + public synchronized void removeSession(Session session) { Session[] nsessions = new Session[sessions.length - 1]; for (int i = 0, j = 0; i < sessions.length; i++) { if (session == sessions[i]) @@ -107,7 +107,7 @@ /** * Returns the <code>Session</code>s associated with this SSO. */ - synchronized Session[] findSessions() { + public synchronized Session[] findSessions() { return (this.sessions); } @@ -117,7 +117,7 @@ * * @return "BASIC", "CLIENT-CERT", "DIGEST", "FORM" or "NONE" */ - String getAuthType() { + public String getAuthType() { return (this.authType); } @@ -128,7 +128,7 @@ * @return <code>true</code> if <code>getAuthType</code> returns * "BASIC" or "FORM", <code>false</code> otherwise. */ - boolean getCanReauthenticate() { + public boolean getCanReauthenticate() { return (this.canReauthenticate); } @@ -139,7 +139,7 @@ * <code>null</code> if the original authentication type * does not involve a password. */ - String getPassword() { + public String getPassword() { return (this.password); } @@ -147,7 +147,7 @@ * Gets the <code>Principal</code> that has been authenticated by * the SSO. */ - Principal getPrincipal() { + public Principal getPrincipal() { return (this.principal); } @@ -155,7 +155,7 @@ * Gets the username provided by the user as part of the authentication * process. */ - String getUsername() { + public String getUsername() { return (this.username); } @@ -171,8 +171,8 @@ * @param username the username (if any) used for the authentication * @param password the password (if any) used for the authentication */ - void updateCredentials(Principal principal, String authType, - String username, String password) { + public void updateCredentials(Principal principal, String authType, + String username, String password) { this.principal = principal; this.authType = authType;
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]