Class ClusterSingleSignOn
java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.SingleSignOn
org.apache.catalina.ha.authenticator.ClusterSingleSignOn
- All Implemented Interfaces:
MBeanRegistration,Contained,ClusterValve,JmxEnabled,Lifecycle,AbstractReplicatedMap.MapOwner,Valve
public class ClusterSingleSignOn
extends SingleSignOn
implements ClusterValve, AbstractReplicatedMap.MapOwner
A Valve that supports a "single sign on" user experience on each nodes of a cluster, where the
security identity of a user who successfully authenticates to one web application is propagated to other web
applications and to other nodes cluster in the same security domain. For successful use, the following requirements
must be met:
- This Valve must be configured on the Container that represents a virtual host (typically an implementation of
Host). - The
Realmthat contains the shared user and role information must be configured on the same Container (or a higher one), and not overridden at the web application level. - The web applications themselves must use one of the standard Authenticators found in the
org.apache.catalina.authenticatorpackage.
- Author:
- Fabien Carrion
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
Lifecycle.SingleUse -
Field Summary
Fields inherited from class org.apache.catalina.authenticator.SingleSignOn
cacheFields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, nextFields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected booleanAssociate the specified single sign on identifier with the specified Session.longReturns the cluster the cluster deployer is associated withintlongprotected SessionListenergetSessionListener(String ssoId) booleanvoidobjectMadePrimary(Object key, Object value) voidsetAccessTimeout(long accessTimeout) voidsetCluster(CatalinaCluster cluster) Associates the cluster deployer with a clustervoidsetMapSendOptions(int mapSendOptions) voidsetRpcTimeout(long rpcTimeout) voidsetTerminateOnStartFailure(boolean terminateOnStartFailure) protected voidStart this component and implement the requirements ofLifecycleBase.startInternal().protected voidStop this component and implement the requirements ofLifecycleBase.stopInternal().protected booleanUpdates anySingleSignOnEntryfound under keyssoIdwith the given authentication data.Methods inherited from class org.apache.catalina.authenticator.SingleSignOn
deregister, getCookieDomain, getCookieName, getRequireReauthentication, invoke, reauthenticate, register, removeSession, sessionDestroyed, setCookieDomain, setCookieName, setRequireReauthenticationMethods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, getContainer, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setContainer, setNext, toStringMethods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregisterMethods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stopMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface org.apache.catalina.Valve
backgroundProcess, getNext, invoke, isAsyncSupported, setNext
-
Constructor Details
-
ClusterSingleSignOn
public ClusterSingleSignOn()
-
-
Method Details
-
getCluster
Description copied from interface:ClusterValveReturns the cluster the cluster deployer is associated with- Specified by:
getClusterin interfaceClusterValve- Returns:
- CatalinaCluster
-
setCluster
Description copied from interface:ClusterValveAssociates the cluster deployer with a cluster- Specified by:
setClusterin interfaceClusterValve- Parameters:
cluster- CatalinaCluster
-
getRpcTimeout
public long getRpcTimeout() -
setRpcTimeout
public void setRpcTimeout(long rpcTimeout) -
getMapSendOptions
public int getMapSendOptions() -
setMapSendOptions
public void setMapSendOptions(int mapSendOptions) -
getTerminateOnStartFailure
public boolean getTerminateOnStartFailure() -
setTerminateOnStartFailure
public void setTerminateOnStartFailure(boolean terminateOnStartFailure) -
getAccessTimeout
public long getAccessTimeout() -
setAccessTimeout
public void setAccessTimeout(long accessTimeout) -
associate
Description copied from class:SingleSignOnAssociate the specified single sign on identifier with the specified Session.- Overrides:
associatein classSingleSignOn- Parameters:
ssoId- Single sign on identifiersession- Session to be associated- Returns:
trueif the session was associated to the given SSO session, otherwisefalse
-
update
protected boolean update(String ssoId, Principal principal, String authType, String username, String password) Description copied from class:SingleSignOnUpdates anySingleSignOnEntryfound under keyssoIdwith the given authentication data.The purpose of this method is to allow an SSO entry that was established without a username/password combination (i.e. established following DIGEST or CLIENT_CERT authentication) to be updated with a username and password if one becomes available through a subsequent BASIC or FORM authentication. The SSO entry will then be usable for reauthentication.
NOTE: Only updates the SSO entry if a call to
SingleSignOnEntry.getCanReauthenticate()returnsfalse; otherwise, it is assumed that the SSO entry already has sufficient information to allow reauthentication and that no update is needed.- Overrides:
updatein classSingleSignOn- Parameters:
ssoId- identifier of Single sign to be updatedprincipal- thePrincipalreturned by the latest call toRealm.authenticate.authType- the type of authenticator used (BASIC, CLIENT_CERT, DIGEST or FORM)username- the username (if any) used for the authenticationpassword- the password (if any) used for the authentication- Returns:
trueif the credentials were updated, otherwisefalse
-
getSessionListener
- Overrides:
getSessionListenerin classSingleSignOn
-
objectMadePrimary
- Specified by:
objectMadePrimaryin interfaceAbstractReplicatedMap.MapOwner
-
startInternal
Start this component and implement the requirements ofLifecycleBase.startInternal().- Overrides:
startInternalin classSingleSignOn- Throws:
LifecycleException- if this component detects a fatal error that prevents this component from being used
-
stopInternal
Stop this component and implement the requirements ofLifecycleBase.stopInternal().- Overrides:
stopInternalin classSingleSignOn- Throws:
LifecycleException- if this component detects a fatal error that prevents this component from being used
-