remm 2004/04/26 14:50:36
Modified: catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java SingleSignOn.java
SingleSignOnEntry.java
Log:
- Allow extending SSO functionality.
- Submitted by Brian Stansberry.
Revision Changes Path
1.18 +9 -17
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- AuthenticatorBase.java 27 Feb 2004 14:58:41 -0000 1.17
+++ AuthenticatorBase.java 26 Apr 2004 21:50:36 -0000 1.18
@@ -760,31 +760,23 @@
boolean reauthenticated = false;
- SingleSignOnEntry entry = sso.lookup(ssoId);
- if (entry != null && entry.getCanReauthenticate()) {
- Principal reauthPrincipal = null;
Container parent = getContainer();
if (parent != null) {
- Realm realm = getContainer().getRealm();
- String username = entry.getUsername();
- if (realm != null && username != null) {
- reauthPrincipal =
- realm.authenticate(username, entry.getPassword());
+ Realm realm = parent.getRealm();
+ if (realm != null) {
+ reauthenticated = sso.reauthenticate(ssoId, realm, request);
}
}
- if (reauthPrincipal != null) {
+ if (reauthenticated) {
associate(ssoId, getSession(request, true));
- request.setAuthType(entry.getAuthType());
- request.setUserPrincipal(reauthPrincipal);
- reauthenticated = true;
if (log.isDebugEnabled()) {
+ HttpServletRequest hreq =
+ (HttpServletRequest) request.getRequest();
log.debug(" Reauthenticated cached principal '" +
- entry.getPrincipal().getName() +
- "' with auth type '" +
- entry.getAuthType() + "'");
- }
+ hreq.getUserPrincipal().getName() +
+ "' with auth type '" + hreq.getAuthType() + "'");
}
}
1.13 +94 -46
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java
Index: SingleSignOn.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- SingleSignOn.java 27 Feb 2004 14:58:41 -0000 1.12
+++ SingleSignOn.java 26 Apr 2004 21:50:36 -0000 1.13
@@ -33,6 +33,7 @@
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Logger;
+import org.apache.catalina.Realm;
import org.apache.catalina.Request;
import org.apache.catalina.Response;
import org.apache.catalina.Session;
@@ -559,6 +560,55 @@
/**
+ * Attempts reauthentication to the given <code>Realm</code> using
+ * the credentials associated with the single sign-on session
+ * identified by argument <code>ssoId</code>.
+ * <p>
+ * If reauthentication is successful, the <code>Principal</code> and
+ * authorization type associated with the SSO session will be bound
+ * to the given <code>HttpRequest</code> object via calls to
+ * [EMAIL PROTECTED] HttpRequest#setAuthType HttpRequest.setAuthType()} and
+ * [EMAIL PROTECTED] HttpRequest#setUserPrincipal
HttpRequest.setUserPrincipal()}
+ * </p>
+ *
+ * @param ssoId identifier of SingleSignOn session with which the
+ * caller is associated
+ * @param realm Realm implementation against which the caller is to
+ * be authenticated
+ * @param request the request that needs to be authenticated
+ *
+ * @return <code>true</code> if reauthentication was successful,
+ * <code>false</code> otherwise.
+ */
+ protected boolean reauthenticate(String ssoId, Realm realm,
+ HttpRequest request) {
+
+ if (ssoId == null || realm == null)
+ return false;
+
+ boolean reauthenticated = false;
+
+ SingleSignOnEntry entry = lookup(ssoId);
+ if (entry != null && entry.getCanReauthenticate()) {
+
+ String username = entry.getUsername();
+ if (username != null) {
+ Principal reauthPrincipal =
+ realm.authenticate(username, entry.getPassword());
+ if (reauthPrincipal != null) {
+ reauthenticated = true;
+ // Bind the authorization credentials to the request
+ request.setAuthType(entry.getAuthType());
+ request.setUserPrincipal(reauthPrincipal);
+ }
+ }
+ }
+
+ return reauthenticated;
+ }
+
+
+ /**
* Register the specified Principal as being associated with the specified
* value for the single sign on identifier.
*
@@ -585,6 +635,47 @@
/**
+ * Updates any <code>SingleSignOnEntry</code> found under key
+ * <code>ssoId</code> with the given authentication data.
+ * <p>
+ * The purpose of this method is to allow an SSO entry that was
+ * established without a username/password combination (i.e. established
+ * following DIGEST or CLIENT-CERT authentication) to be updated with
+ * a username and password if one becomes available through a subsequent
+ * BASIC or FORM authentication. The SSO entry will then be usable for
+ * reauthentication.
+ * <p>
+ * <b>NOTE:</b> Only updates the SSO entry if a call to
+ * <code>SingleSignOnEntry.getCanReauthenticate()</code> returns
+ * <code>false</code>; otherwise, it is assumed that the SSO entry already
+ * has sufficient information to allow reauthentication and that no update
+ * is needed.
+ *
+ * @param ssoId identifier of Single sign to be updated
+ * @param principal the <code>Principal</code> returned by the latest
+ * call to <code>Realm.authenticate</code>.
+ * @param authType the type of authenticator used (BASIC, CLIENT-CERT,
+ * DIGEST or FORM)
+ * @param username the username (if any) used for the authentication
+ * @param password the password (if any) used for the authentication
+ */
+ protected void update(String ssoId, Principal principal, String authType,
+ String username, String password) {
+
+ SingleSignOnEntry sso = lookup(ssoId);
+ if (sso != null && !sso.getCanReauthenticate()) {
+ if (debug >= 1)
+ log("Update sso id " + ssoId + " to auth type " + authType);
+
+ synchronized(sso) {
+ sso.updateCredentials(principal, authType, username, password);
+ }
+
+ }
+ }
+
+
+ /**
* Log a message on the Logger associated with our Container (if any).
*
* @param message Message to be logged
@@ -633,9 +724,7 @@
}
- //---------------------------------------------- Package-Protected Methods
-
-
+
/**
* Remove a single Session from a SingleSignOn. Called when
* a session is timed out and no longer active.
@@ -643,7 +732,7 @@
* @param ssoId Single sign on identifier from which to remove the session.
* @param session the session to be removed.
*/
- void removeSession(String ssoId, Session session) {
+ protected void removeSession(String ssoId, Session session) {
if (debug >= 1)
log("Removing session " + session.toString() + " from sso id " +
@@ -666,47 +755,6 @@
// deregister the entry.
if (entry.findSessions().length == 0) {
deregister(ssoId);
- }
- }
-
-
- /**
- * Updates any <code>SingleSignOnEntry</code> found under key
- * <code>ssoId</code> with the given authentication data.
- * <p>
- * The purpose of this method is to allow an SSO entry that was
- * established without a username/password combination (i.e. established
- * following DIGEST or CLIENT-CERT authentication) to be updated with
- * a username and password if one becomes available through a subsequent
- * BASIC or FORM authentication. The SSO entry will then be usable for
- * reauthentication.
- * <p>
- * <b>NOTE:</b> Only updates the SSO entry if a call to
- * <code>SingleSignOnEntry.getCanReauthenticate()</code> returns
- * <code>false</code>; otherwise, it is assumed that the SSO entry already
- * has sufficient information to allow reauthentication and that no update
- * is needed.
- *
- * @param ssoId identifier of Single sign to be updated
- * @param principal the <code>Principal</code> returned by the latest
- * call to <code>Realm.authenticate</code>.
- * @param authType the type of authenticator used (BASIC, CLIENT-CERT,
- * DIGEST or FORM)
- * @param username the username (if any) used for the authentication
- * @param password the password (if any) used for the authentication
- */
- void update(String ssoId, Principal principal, String authType,
- String username, String password) {
-
- SingleSignOnEntry sso = lookup(ssoId);
- if (sso != null && !sso.getCanReauthenticate()) {
- if (debug >= 1)
- log("Update sso id " + ssoId + " to auth type " + authType);
-
- synchronized(sso) {
- sso.updateCredentials(principal, authType, username, password);
- }
-
}
}
1.3 +18 -18
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOnEntry.java
Index: SingleSignOnEntry.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOnEntry.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SingleSignOnEntry.java 27 Feb 2004 14:58:41 -0000 1.2
+++ SingleSignOnEntry.java 26 Apr 2004 21:50:36 -0000 1.3
@@ -32,21 +32,21 @@
* @see SingleSignOn
* @see AuthenticatorBase#reauthenticateFromSSO
*/
-class SingleSignOnEntry
+public class SingleSignOnEntry
{
// ------------------------------------------------------ Instance Fields
- private String authType = null;
+ protected String authType = null;
- private String password = null;
+ protected String password = null;
- private Principal principal = null;
+ protected Principal principal = null;
- private Session sessions[] = new Session[0];
+ protected Session sessions[] = new Session[0];
- private String username = null;
+ protected String username = null;
- private boolean canReauthenticate = false;
+ protected boolean canReauthenticate = false;
// --------------------------------------------------------- Constructors
@@ -76,7 +76,7 @@
* the SSO session.
* @param session The <code>Session</code> being associated with the SSO.
*/
- synchronized void addSession(SingleSignOn sso, Session session) {
+ public synchronized void addSession(SingleSignOn sso, Session session) {
for (int i = 0; i < sessions.length; i++) {
if (session == sessions[i])
return;
@@ -94,7 +94,7 @@
*
* @param session the <code>Session</code> to remove.
*/
- synchronized void removeSession(Session session) {
+ public synchronized void removeSession(Session session) {
Session[] nsessions = new Session[sessions.length - 1];
for (int i = 0, j = 0; i < sessions.length; i++) {
if (session == sessions[i])
@@ -107,7 +107,7 @@
/**
* Returns the <code>Session</code>s associated with this SSO.
*/
- synchronized Session[] findSessions() {
+ public synchronized Session[] findSessions() {
return (this.sessions);
}
@@ -117,7 +117,7 @@
*
* @return "BASIC", "CLIENT-CERT", "DIGEST", "FORM" or "NONE"
*/
- String getAuthType() {
+ public String getAuthType() {
return (this.authType);
}
@@ -128,7 +128,7 @@
* @return <code>true</code> if <code>getAuthType</code> returns
* "BASIC" or "FORM", <code>false</code> otherwise.
*/
- boolean getCanReauthenticate() {
+ public boolean getCanReauthenticate() {
return (this.canReauthenticate);
}
@@ -139,7 +139,7 @@
* <code>null</code> if the original authentication type
* does not involve a password.
*/
- String getPassword() {
+ public String getPassword() {
return (this.password);
}
@@ -147,7 +147,7 @@
* Gets the <code>Principal</code> that has been authenticated by
* the SSO.
*/
- Principal getPrincipal() {
+ public Principal getPrincipal() {
return (this.principal);
}
@@ -155,7 +155,7 @@
* Gets the username provided by the user as part of the authentication
* process.
*/
- String getUsername() {
+ public String getUsername() {
return (this.username);
}
@@ -171,8 +171,8 @@
* @param username the username (if any) used for the authentication
* @param password the password (if any) used for the authentication
*/
- void updateCredentials(Principal principal, String authType,
- String username, String password) {
+ public void updateCredentials(Principal principal, String authType,
+ String username, String password) {
this.principal = principal;
this.authType = authType;
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
