|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.catalina.valves.ValveBase org.apache.catalina.authenticator.SingleSignOn org.apache.catalina.cluster.authenticator.ClusterSingleSignOn
A Valve that supports a "single sign on" user experience on each nodes of a cluster, where the security identity of a user who successfully authenticates to one web application is propogated to other web applications and to other nodes cluster in the same security domain. For successful use, the following requirements must be met:
Host
).Realm
that contains the shared user and role
information must be configured on the same Container (or a higher
one), and not overridden at the web application level.org.apache.catalina.authenticator
package.
Field Summary | |
protected static java.lang.String |
info
Descriptive information about this Valve implementation. |
protected int |
messageNumber
|
Fields inherited from class org.apache.catalina.authenticator.SingleSignOn |
cache, lifecycle, reverse, sm, started |
Fields inherited from class org.apache.catalina.valves.ValveBase |
container, containerLog, controller, domain, mserver, next, oname |
Fields inherited from interface org.apache.catalina.Lifecycle |
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT |
Constructor Summary | |
ClusterSingleSignOn()
|
Method Summary | |
protected void |
associate(java.lang.String ssoId,
Session session)
Notify the cluster of the addition of a Session to an SSO session and associate the specified single sign on identifier with the specified Session on the local node. |
protected void |
associateLocal(java.lang.String ssoId,
Session session)
|
protected void |
deregister(java.lang.String ssoId)
Notifies the cluster that a single sign on session has been terminated due to a user logout, deregister the specified single sign on identifier, and invalidate any associated sessions on the local node. |
protected void |
deregister(java.lang.String ssoId,
Session session)
Notify the cluster of the removal of a Session from an SSO session and deregister the specified session. |
protected void |
deregisterLocal(java.lang.String ssoId)
|
protected void |
deregisterLocal(java.lang.String ssoId,
Session session)
|
CatalinaCluster |
getCluster()
Returns the cluster the cluster deployer is associated with |
java.lang.String |
getInfo()
Return descriptive information about this Valve implementation. |
protected void |
register(java.lang.String ssoId,
java.security.Principal principal,
java.lang.String authType,
java.lang.String username,
java.lang.String password)
Notifies the cluster of the creation of a new SSO entry and register the specified Principal as being associated with the specified value for the single sign on identifier. |
protected void |
registerLocal(java.lang.String ssoId,
java.security.Principal principal,
java.lang.String authType,
java.lang.String username,
java.lang.String password)
|
protected void |
removeSession(java.lang.String ssoId,
Session session)
Remove a single Session from a SingleSignOn and notify the cluster of the removal. |
protected void |
removeSessionLocal(java.lang.String ssoId,
Session session)
|
protected void |
send(SingleSignOnMessage msg,
int action)
Send SingleSignOnMessage to other domain members. |
protected void |
sendSSOId(java.lang.String ssoId,
Session session,
int action)
Create SingleSignOnMessage with session informations and send to other domain members. |
protected void |
sendSSOIdWithAuth(java.lang.String ssoId,
java.lang.String authType,
java.lang.String username,
java.lang.String password,
int action)
Create SingleSignOnMessage with auth informations and send to other domain members. |
void |
setCluster(CatalinaCluster cluster)
Associates the cluster deployer with a cluster |
void |
start()
Prepare for the beginning of active use of the public methods of this component. |
void |
stop()
Gracefully terminate the active use of the public methods of this component. |
java.lang.String |
toString()
Return a String rendering of this object. |
protected void |
update(java.lang.String ssoId,
java.security.Principal principal,
java.lang.String authType,
java.lang.String username,
java.lang.String password)
Notifies the cluster of an update of the security credentials associated with an SSO session. |
protected void |
updateLocal(java.lang.String ssoId,
java.security.Principal principal,
java.lang.String authType,
java.lang.String username,
java.lang.String password)
|
Methods inherited from class org.apache.catalina.authenticator.SingleSignOn |
addLifecycleListener, findLifecycleListeners, getCookieDomain, getRequireReauthentication, invoke, lookup, reauthenticate, removeLifecycleListener, sessionEvent, setCookieDomain, setRequireReauthentication |
Methods inherited from class org.apache.catalina.valves.ValveBase |
backgroundProcess, createObjectName, getContainer, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setContainer, setController, setNext, setObjectName |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
protected static java.lang.String info
protected int messageNumber
Constructor Detail |
public ClusterSingleSignOn()
Method Detail |
public java.lang.String getInfo()
getInfo
in interface Valve
getInfo
in class SingleSignOn
public CatalinaCluster getCluster()
ClusterValve
getCluster
in interface ClusterValve
public void setCluster(CatalinaCluster cluster)
ClusterValve
setCluster
in interface ClusterValve
cluster
- CatalinaClusterpublic void start() throws LifecycleException
configure()
,
and before any of the public methods of the component are utilized.
start
in interface Lifecycle
start
in class SingleSignOn
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedpublic void stop() throws LifecycleException
stop
in interface Lifecycle
stop
in class SingleSignOn
LifecycleException
- if this component detects a fatal error
that needs to be reportedpublic java.lang.String toString()
toString
in class SingleSignOn
protected void associate(java.lang.String ssoId, Session session)
associate
in class SingleSignOn
ssoId
- Single sign on identifiersession
- Session to be associatedprotected void associateLocal(java.lang.String ssoId, Session session)
protected void deregister(java.lang.String ssoId, Session session)
deregister
in class SingleSignOn
ssoId
- Single sign on identifiersession
- Session to be deregisteredprotected void deregisterLocal(java.lang.String ssoId, Session session)
protected void deregister(java.lang.String ssoId)
deregister
in class SingleSignOn
ssoId
- Single sign on identifier to deregisterprotected void deregisterLocal(java.lang.String ssoId)
protected void register(java.lang.String ssoId, java.security.Principal principal, java.lang.String authType, java.lang.String username, java.lang.String password)
register
in class SingleSignOn
ssoId
- Single sign on identifier to registerprincipal
- Associated user principal that is identifiedauthType
- Authentication type used to authenticate this
user principalusername
- Username used to authenticate this userpassword
- Password used to authenticate this userprotected void registerLocal(java.lang.String ssoId, java.security.Principal principal, java.lang.String authType, java.lang.String username, java.lang.String password)
protected void update(java.lang.String ssoId, java.security.Principal principal, java.lang.String authType, java.lang.String username, java.lang.String password)
SingleSignOnEntry
found under key ssoId
with the given authentication data.
The purpose of this method is to allow an SSO entry that was established without a username/password combination (i.e. established following DIGEST or CLIENT-CERT authentication) to be updated with a username and password if one becomes available through a subsequent BASIC or FORM authentication. The SSO entry will then be usable for reauthentication.
NOTE: Only updates the SSO entry if a call to
SingleSignOnEntry.getCanReauthenticate()
returns
false
; otherwise, it is assumed that the SSO entry already
has sufficient information to allow reauthentication and that no update
is needed.
update
in class SingleSignOn
ssoId
- identifier of Single sign to be updatedprincipal
- the Principal
returned by the latest
call to Realm.authenticate
.authType
- the type of authenticator used (BASIC, CLIENT-CERT,
DIGEST or FORM)username
- the username (if any) used for the authenticationpassword
- the password (if any) used for the authenticationprotected void updateLocal(java.lang.String ssoId, java.security.Principal principal, java.lang.String authType, java.lang.String username, java.lang.String password)
protected void removeSession(java.lang.String ssoId, Session session)
removeSession
in class SingleSignOn
ssoId
- Single sign on identifier from which to remove the session.session
- the session to be removed.protected void removeSessionLocal(java.lang.String ssoId, Session session)
protected void sendSSOId(java.lang.String ssoId, Session session, int action)
ssoId
- identifier of Single sign to be updatedsession
- the session to be handle or null.action
- SSO Action typeprotected void sendSSOIdWithAuth(java.lang.String ssoId, java.lang.String authType, java.lang.String username, java.lang.String password, int action)
ssoId
- identifier of Single sign to be updatedauthType
- the type of authenticator used (BASIC, CLIENT-CERT,
DIGEST or FORM)username
- the username (if any) used for the authenticationpassword
- the password (if any) used for the authenticationaction
- SSO Action typeprotected void send(SingleSignOnMessage msg, int action)
msg
- SingleSignOnMessageaction
- SSO Action type
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |