|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.catalina.valves.ValveBase org.apache.catalina.authenticator.SingleSignOn
A Valve that supports a "single sign on" user experience, where the security identity of a user who successfully authenticates to one web application is propogated to other web applications in the same security domain. For successful use, the following requirements must be met:
Host
).Realm
that contains the shared user and role
information must be configured on the same Container (or a higher
one), and not overridden at the web application level.org.apache.catalina.authenticator
package.
Field Summary | |
protected java.util.HashMap |
cache
The cache of SingleSignOnEntry instances for authenticated Principals, keyed by the cookie value that is used to select them. |
protected int |
debug
The debugging detail level for this component. |
protected static java.lang.String |
info
Descriptive information about this Valve implementation. |
protected LifecycleSupport |
lifecycle
The lifecycle event support for this component. |
protected java.util.HashMap |
reverse
The cache of single sign on identifiers, keyed by the Session that is associated with them. |
protected static StringManager |
sm
The string manager for this package. |
protected boolean |
started
Component started flag. |
Fields inherited from class org.apache.catalina.valves.ValveBase |
container |
Fields inherited from interface org.apache.catalina.Lifecycle |
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, START_EVENT, STOP_EVENT |
Constructor Summary | |
SingleSignOn()
|
Method Summary | |
void |
addLifecycleListener(LifecycleListener listener)
Add a lifecycle event listener to this component. |
LifecycleListener[] |
findLifecycleListeners()
Get the lifecycle listeners associated with this lifecycle. |
int |
getDebug()
Return the debugging detail level. |
java.lang.String |
getInfo()
Return descriptive information about this Valve implementation. |
boolean |
getRequireReauthentication()
Gets whether each request needs to be reauthenticated (by an Authenticator downstream in the pipeline) to the security Realm , or if this Valve can itself bind security info
to the request based on the presence of a valid SSO entry without
rechecking with the Realm
|
void |
invoke(Request request,
Response response,
ValveContext context)
Perform single-sign-on support processing for this request. |
protected void |
log(java.lang.String message)
Log a message on the Logger associated with our Container (if any). |
protected void |
log(java.lang.String message,
java.lang.Throwable throwable)
Log a message on the Logger associated with our Container (if any). |
protected org.apache.catalina.authenticator.SingleSignOnEntry |
lookup(java.lang.String ssoId)
Look up and return the cached SingleSignOn entry associated with this sso id value, if there is one; otherwise return null . |
void |
removeLifecycleListener(LifecycleListener listener)
Remove a lifecycle event listener from this component. |
void |
sessionEvent(SessionEvent event)
Acknowledge the occurrence of the specified event. |
void |
setDebug(int debug)
Set the debugging detail level. |
void |
setRequireReauthentication(boolean required)
Sets whether each request needs to be reauthenticated (by an Authenticator downstream in the pipeline) to the security Realm , or if this Valve can itself bind security info
to the request, based on the presence of a valid SSO entry, without
rechecking with the Realm
|
void |
start()
Prepare for the beginning of active use of the public methods of this component. |
void |
stop()
Gracefully terminate the active use of the public methods of this component. |
java.lang.String |
toString()
Return a String rendering of this object. |
Methods inherited from class org.apache.catalina.valves.ValveBase |
getContainer, setContainer |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
protected java.util.HashMap cache
protected int debug
protected static java.lang.String info
protected LifecycleSupport lifecycle
protected java.util.HashMap reverse
protected static final StringManager sm
protected boolean started
Constructor Detail |
public SingleSignOn()
Method Detail |
public int getDebug()
getDebug
in class ValveBase
public void setDebug(int debug)
setDebug
in class ValveBase
debug
- The new debugging detail levelpublic boolean getRequireReauthentication()
Realm
, or if this Valve can itself bind security info
to the request based on the presence of a valid SSO entry without
rechecking with the Realm
- Returns:
true
if it is required that a downstream
Authenticator reauthenticate each request before calls to
HttpServletRequest.setUserPrincipal()
and HttpServletRequest.setAuthType()
are made;
false
if the Valve
can itself make
those calls relying on the presence of a valid SingleSignOn
entry associated with the request.- See Also:
setRequireReauthentication(boolean)
public void setRequireReauthentication(boolean required)
Realm
, or if this Valve can itself bind security info
to the request, based on the presence of a valid SSO entry, without
rechecking with the Realm
If this property is false
(the default), this
Valve
will bind a UserPrincipal and AuthType to the request
if a valid SSO entry is associated with the request. It will not notify
the security Realm
of the incoming request.
This property should be set to true
if the overall server
configuration requires that the Realm
reauthenticate each
request thread. An example of such a configuration would be one where
the Realm
implementation provides security for both a
web tier and an associated EJB tier, and needs to set security
credentials on each request thread in order to support EJB access.
If this property is set to true
, this Valve will set flags
on the request notifying the downstream Authenticator that the request
is associated with an SSO session. The Authenticator will then call its
reauthenticateFromSSO
method to attempt to reauthenticate the request to the
Realm
, using any credentials that were cached with this
Valve.
The default value of this property is false
, in order
to maintain backward compatibility with previous versions of Tomcat.
- Parameters:
required
- true
if it is required that a downstream
Authenticator reauthenticate each request before calls
to HttpServletRequest.setUserPrincipal()
and HttpServletRequest.setAuthType()
are
made; false
if the Valve
can
itself make those calls relying on the presence of a
valid SingleSignOn entry associated with the request.- See Also:
AuthenticatorBase.reauthenticateFromSSO(java.lang.String, org.apache.catalina.HttpRequest)
public void addLifecycleListener(LifecycleListener listener)
addLifecycleListener
in interface Lifecycle
listener
- The listener to addpublic LifecycleListener[] findLifecycleListeners()
findLifecycleListeners
in interface Lifecycle
public void removeLifecycleListener(LifecycleListener listener)
removeLifecycleListener
in interface Lifecycle
listener
- The listener to removepublic void start() throws LifecycleException
configure()
,
and before any of the public methods of the component are utilized.
start
in interface Lifecycle
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedpublic void stop() throws LifecycleException
stop
in interface Lifecycle
LifecycleException
- if this component detects a fatal error
that needs to be reportedpublic void sessionEvent(SessionEvent event)
sessionEvent
in interface SessionListener
event
- SessionEvent that has occurredpublic java.lang.String getInfo()
getInfo
in interface Valve
getInfo
in class ValveBase
public void invoke(Request request, Response response, ValveContext context) throws java.io.IOException, javax.servlet.ServletException
invoke
in interface Valve
invoke
in class ValveBase
request
- The servlet request we are processingresponse
- The servlet response we are creatingcontext
- The valve context used to invoke the next valve
in the current processing pipeline
java.io.IOException
- if an input/output error occurs
javax.servlet.ServletException
- if a servlet error occurspublic java.lang.String toString()
protected void log(java.lang.String message)
message
- Message to be loggedprotected void log(java.lang.String message, java.lang.Throwable throwable)
message
- Message to be loggedthrowable
- Associated exceptionprotected org.apache.catalina.authenticator.SingleSignOnEntry lookup(java.lang.String ssoId)
null
.
ssoId
- Single sign on identifier to look up
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |