org.apache.catalina.cluster.authenticator
Class ClusterSingleSignOn

java.lang.Object
  extended byorg.apache.catalina.valves.ValveBase
      extended byorg.apache.catalina.authenticator.SingleSignOn
          extended byorg.apache.catalina.cluster.authenticator.ClusterSingleSignOn
All Implemented Interfaces:
ClusterValve, Contained, Lifecycle, javax.management.MBeanRegistration, SessionListener, Valve

public class ClusterSingleSignOn
extends SingleSignOn
implements ClusterValve

A Valve that supports a "single sign on" user experience on each nodes of a cluster, where the security identity of a user who successfully authenticates to one web application is propogated to other web applications and to other nodes cluster in the same security domain. For successful use, the following requirements must be met:

Version:
$Id: ClusterSingleSignOn.java 939539 2010-04-30 01:31:33Z kkolinko $
Author:
Fabien Carrion, Peter Rossbach

Field Summary
protected static java.lang.String info
          Descriptive information about this Valve implementation.
protected  int messageNumber
           
 
Fields inherited from class org.apache.catalina.authenticator.SingleSignOn
cache, lifecycle, reverse, sm, started
 
Fields inherited from class org.apache.catalina.valves.ValveBase
container, containerLog, controller, domain, mserver, next, oname
 
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
Constructor Summary
ClusterSingleSignOn()
           
 
Method Summary
protected  void associate(java.lang.String ssoId, Session session)
          Notify the cluster of the addition of a Session to an SSO session and associate the specified single sign on identifier with the specified Session on the local node.
protected  void associateLocal(java.lang.String ssoId, Session session)
           
protected  void deregister(java.lang.String ssoId)
          Notifies the cluster that a single sign on session has been terminated due to a user logout, deregister the specified single sign on identifier, and invalidate any associated sessions on the local node.
protected  void deregister(java.lang.String ssoId, Session session)
          Notify the cluster of the removal of a Session from an SSO session and deregister the specified session.
protected  void deregisterLocal(java.lang.String ssoId)
           
protected  void deregisterLocal(java.lang.String ssoId, Session session)
           
 CatalinaCluster getCluster()
          Returns the cluster the cluster deployer is associated with
 java.lang.String getInfo()
          Return descriptive information about this Valve implementation.
protected  void register(java.lang.String ssoId, java.security.Principal principal, java.lang.String authType, java.lang.String username, java.lang.String password)
          Notifies the cluster of the creation of a new SSO entry and register the specified Principal as being associated with the specified value for the single sign on identifier.
protected  void registerLocal(java.lang.String ssoId, java.security.Principal principal, java.lang.String authType, java.lang.String username, java.lang.String password)
           
protected  void removeSession(java.lang.String ssoId, Session session)
          Remove a single Session from a SingleSignOn and notify the cluster of the removal.
protected  void removeSessionLocal(java.lang.String ssoId, Session session)
           
protected  void send(SingleSignOnMessage msg, int action)
          Send SingleSignOnMessage to other domain members.
protected  void sendSSOId(java.lang.String ssoId, Session session, int action)
          Create SingleSignOnMessage with session informations and send to other domain members.
protected  void sendSSOIdWithAuth(java.lang.String ssoId, java.lang.String authType, java.lang.String username, java.lang.String password, int action)
          Create SingleSignOnMessage with auth informations and send to other domain members.
 void setCluster(CatalinaCluster cluster)
          Associates the cluster deployer with a cluster
 void start()
          Prepare for the beginning of active use of the public methods of this component.
 void stop()
          Gracefully terminate the active use of the public methods of this component.
 java.lang.String toString()
          Return a String rendering of this object.
protected  void update(java.lang.String ssoId, java.security.Principal principal, java.lang.String authType, java.lang.String username, java.lang.String password)
          Notifies the cluster of an update of the security credentials associated with an SSO session.
protected  void updateLocal(java.lang.String ssoId, java.security.Principal principal, java.lang.String authType, java.lang.String username, java.lang.String password)
           
 
Methods inherited from class org.apache.catalina.authenticator.SingleSignOn
addLifecycleListener, findLifecycleListeners, getCookieDomain, getRequireReauthentication, invoke, lookup, reauthenticate, removeLifecycleListener, sessionEvent, setCookieDomain, setRequireReauthentication
 
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, createObjectName, getContainer, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setContainer, setController, setNext, setObjectName
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

info

protected static java.lang.String info
Descriptive information about this Valve implementation.


messageNumber

protected int messageNumber
Constructor Detail

ClusterSingleSignOn

public ClusterSingleSignOn()
Method Detail

getInfo

public java.lang.String getInfo()
Return descriptive information about this Valve implementation.

Specified by:
getInfo in interface Valve
Overrides:
getInfo in class SingleSignOn

getCluster

public CatalinaCluster getCluster()
Description copied from interface: ClusterValve
Returns the cluster the cluster deployer is associated with

Specified by:
getCluster in interface ClusterValve
Returns:
CatalinaCluster

setCluster

public void setCluster(CatalinaCluster cluster)
Description copied from interface: ClusterValve
Associates the cluster deployer with a cluster

Specified by:
setCluster in interface ClusterValve
Parameters:
cluster - CatalinaCluster

start

public void start()
           throws LifecycleException
Prepare for the beginning of active use of the public methods of this component. This method should be called after configure(), and before any of the public methods of the component are utilized.

Specified by:
start in interface Lifecycle
Overrides:
start in class SingleSignOn
Throws:
LifecycleException - if this component detects a fatal error that prevents this component from being used

stop

public void stop()
          throws LifecycleException
Gracefully terminate the active use of the public methods of this component. This method should be the last one called on a given instance of this component.

Specified by:
stop in interface Lifecycle
Overrides:
stop in class SingleSignOn
Throws:
LifecycleException - if this component detects a fatal error that needs to be reported

toString

public java.lang.String toString()
Return a String rendering of this object.

Overrides:
toString in class SingleSignOn

associate

protected void associate(java.lang.String ssoId,
                         Session session)
Notify the cluster of the addition of a Session to an SSO session and associate the specified single sign on identifier with the specified Session on the local node.

Overrides:
associate in class SingleSignOn
Parameters:
ssoId - Single sign on identifier
session - Session to be associated

associateLocal

protected void associateLocal(java.lang.String ssoId,
                              Session session)

deregister

protected void deregister(java.lang.String ssoId,
                          Session session)
Notify the cluster of the removal of a Session from an SSO session and deregister the specified session. If it is the last session, then also get rid of the single sign on identifier on the local node.

Overrides:
deregister in class SingleSignOn
Parameters:
ssoId - Single sign on identifier
session - Session to be deregistered

deregisterLocal

protected void deregisterLocal(java.lang.String ssoId,
                               Session session)

deregister

protected void deregister(java.lang.String ssoId)
Notifies the cluster that a single sign on session has been terminated due to a user logout, deregister the specified single sign on identifier, and invalidate any associated sessions on the local node.

Overrides:
deregister in class SingleSignOn
Parameters:
ssoId - Single sign on identifier to deregister

deregisterLocal

protected void deregisterLocal(java.lang.String ssoId)

register

protected void register(java.lang.String ssoId,
                        java.security.Principal principal,
                        java.lang.String authType,
                        java.lang.String username,
                        java.lang.String password)
Notifies the cluster of the creation of a new SSO entry and register the specified Principal as being associated with the specified value for the single sign on identifier.

Overrides:
register in class SingleSignOn
Parameters:
ssoId - Single sign on identifier to register
principal - Associated user principal that is identified
authType - Authentication type used to authenticate this user principal
username - Username used to authenticate this user
password - Password used to authenticate this user

registerLocal

protected void registerLocal(java.lang.String ssoId,
                             java.security.Principal principal,
                             java.lang.String authType,
                             java.lang.String username,
                             java.lang.String password)

update

protected void update(java.lang.String ssoId,
                      java.security.Principal principal,
                      java.lang.String authType,
                      java.lang.String username,
                      java.lang.String password)
Notifies the cluster of an update of the security credentials associated with an SSO session. Updates any SingleSignOnEntry found under key ssoId with the given authentication data.

The purpose of this method is to allow an SSO entry that was established without a username/password combination (i.e. established following DIGEST or CLIENT-CERT authentication) to be updated with a username and password if one becomes available through a subsequent BASIC or FORM authentication. The SSO entry will then be usable for reauthentication.

NOTE: Only updates the SSO entry if a call to SingleSignOnEntry.getCanReauthenticate() returns false; otherwise, it is assumed that the SSO entry already has sufficient information to allow reauthentication and that no update is needed.

Overrides:
update in class SingleSignOn
Parameters:
ssoId - identifier of Single sign to be updated
principal - the Principal returned by the latest call to Realm.authenticate.
authType - the type of authenticator used (BASIC, CLIENT-CERT, DIGEST or FORM)
username - the username (if any) used for the authentication
password - the password (if any) used for the authentication

updateLocal

protected void updateLocal(java.lang.String ssoId,
                           java.security.Principal principal,
                           java.lang.String authType,
                           java.lang.String username,
                           java.lang.String password)

removeSession

protected void removeSession(java.lang.String ssoId,
                             Session session)
Remove a single Session from a SingleSignOn and notify the cluster of the removal. Called when a session is timed out and no longer active.

Overrides:
removeSession in class SingleSignOn
Parameters:
ssoId - Single sign on identifier from which to remove the session.
session - the session to be removed.

removeSessionLocal

protected void removeSessionLocal(java.lang.String ssoId,
                                  Session session)

sendSSOId

protected void sendSSOId(java.lang.String ssoId,
                         Session session,
                         int action)
Create SingleSignOnMessage with session informations and send to other domain members.

Parameters:
ssoId - identifier of Single sign to be updated
session - the session to be handle or null.
action - SSO Action type

sendSSOIdWithAuth

protected void sendSSOIdWithAuth(java.lang.String ssoId,
                                 java.lang.String authType,
                                 java.lang.String username,
                                 java.lang.String password,
                                 int action)
Create SingleSignOnMessage with auth informations and send to other domain members.

Parameters:
ssoId - identifier of Single sign to be updated
authType - the type of authenticator used (BASIC, CLIENT-CERT, DIGEST or FORM)
username - the username (if any) used for the authentication
password - the password (if any) used for the authentication
action - SSO Action type

send

protected void send(SingleSignOnMessage msg,
                    int action)
Send SingleSignOnMessage to other domain members.

Parameters:
msg - SingleSignOnMessage
action - SSO Action type


Copyright © 2000-2012 Apache Software Foundation. All Rights Reserved.