Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 98047 invoked from network); 24 Nov 2003 20:27:39 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 24 Nov 2003 20:27:38 -0000 Received: (qmail 62197 invoked by uid 500); 24 Nov 2003 20:27:12 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 62153 invoked by uid 500); 24 Nov 2003 20:27:11 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 62139 invoked from network); 24 Nov 2003 20:27:11 -0000 Received: from unknown (HELO mail.wanconcepts.com) (66.127.87.82) by daedalus.apache.org with SMTP; 24 Nov 2003 20:27:11 -0000 Received: from besclient.wanconcepts.com [66.127.87.83] by mail.wanconcepts.com with ESMTP (SMTPD32-8.03) id A8331120026; Mon, 24 Nov 2003 12:21:07 -0800 Message-Id: <5.1.0.14.2.20031124122623.00b7e590@mail.wanconcepts.com> X-Sender: bstansberry@mail.wanconcepts.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 24 Nov 2003 12:27:11 -0800 To: "Tomcat Developers List" From: Brian Stansberry Subject: Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenti cator SingleSignOnEntry.java AuthenticatorBase.java BasicAuthenticator.java DigestAuthenticator.java FormAuthenticator.java NonLoginAuthenticator.java SSLAuthentic In-Reply-To: <3FC25A47.3060506@apache.org> References: <5.1.0.14.2.20031124102932.01bcaf80@mail.wanconcepts.com> <5.1.0.14.2.20031124102932.01bcaf80@mail.wanconcepts.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=====================_16535036==_" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N --=====================_16535036==_ Content-Type: text/plain; charset="us-ascii" At 08:21 PM 11/24/2003 +0100, Remy wrote: >Brian Stansberry wrote: >>At 11:56 AM 11/24/2003 -0600, Luke Nelson wrote: >> >>>I have tried applying the patch, and I found three problems with >>>it. First, its removal of a session from the SingleSignOnEntry >>>object causes an IndexOutOfBounds exception. Second, the method >>>for determining whether the user explicitly logged out or whether a >>>session timed out doesn't scale one of the numbers correctly (i.e. >>>comparing millisecond values to seconds). I have fixed the patch, >>>but I don't have a diff of it yet (I'm new to helping with this >>>project). Finally, the patch doesn't synchronize on 'reverse' when >>>removing an entry from it. >> >>I also looked at the code for StandardSession.getLastAccessedTime() >>and it looks as if it will throw an IllegalStateException if the >>session is expired. So that would break the algorithm used in the >>9077 patch. >>BTW, the javadoc for javax.servlet.http.HttpSession doesn't specify >>throwing an IllegalStateException for a call to >>getLastAccessedTime(). It looks as if the exception throw was added >>in response to bug 15967, which stated that the javadoc does specify >>the exception, but I'm looking at the javadoc for both Servlet 2.3 >>and 2.4, and in both cases it's not specified. > >Can you address those issues ASAP ? (incl the array out of bounds and the sync issue) Sure; I'm starting on it now. However, Jean-Francois found a HttpSession javadoc that specifies throwing an IllegalStateException in getLastAccessedTime(). If that is in the final spec, the 9077 patch algorithm will not work. I'll work on it anyway in case the exception's not in the final spec. As a backup, I've attached a patch that restores your earlier removal of the logout code. Brian Stansberry WAN Concepts, Inc. www.wanconcepts.com Tel: (510) 894-0114 x 116 Fax: (510) 797-3005 --=====================_16535036==_ Content-Type: text/plain; charset="us-ascii" Content-Disposition: attachment; filename="SingleSignOn_diff.txt" Index: SingleSignOn.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java,v retrieving revision 1.8 diff -u -r1.8 SingleSignOn.java --- SingleSignOn.java 24 Nov 2003 16:46:56 -0000 1.8 +++ SingleSignOn.java 24 Nov 2003 20:14:10 -0000 @@ -376,7 +376,11 @@ if (ssoId == null) return; - if ( event.getData() != null + deregister(ssoId); + // FIXME: There's no way right now to specify per application or + // global logout + /* + if ( event.getData() != null && "logout".equals( event.getData().toString() )) { // logout of all applications deregister(ssoId); @@ -384,6 +388,7 @@ // invalidate just one session deregister(ssoId, session); } + */ } --=====================_16535036==_ Content-Type: text/plain; charset=us-ascii --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org --=====================_16535036==_--