tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java SingleSignOn.java SingleSignOnEntry.java
Date Mon, 26 Apr 2004 21:50:36 GMT
remm        2004/04/26 14:50:36

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        AuthenticatorBase.java SingleSignOn.java
                        SingleSignOnEntry.java
  Log:
  - Allow extending SSO functionality.
  - Submitted by Brian Stansberry.
  
  Revision  Changes    Path
  1.18      +9 -17     jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
  
  Index: AuthenticatorBase.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- AuthenticatorBase.java	27 Feb 2004 14:58:41 -0000	1.17
  +++ AuthenticatorBase.java	26 Apr 2004 21:50:36 -0000	1.18
  @@ -760,31 +760,23 @@
   
           boolean reauthenticated = false;
   
  -        SingleSignOnEntry entry = sso.lookup(ssoId);
  -        if (entry != null && entry.getCanReauthenticate()) {
  -            Principal reauthPrincipal = null;
               Container parent = getContainer();
               if (parent != null) {
  -                Realm realm = getContainer().getRealm();
  -                String username = entry.getUsername();
  -                if (realm != null && username != null) {
  -                    reauthPrincipal =
  -                        realm.authenticate(username, entry.getPassword());
  +            Realm realm = parent.getRealm();
  +            if (realm != null) {
  +                reauthenticated = sso.reauthenticate(ssoId, realm, request);
                   }
               }
   
  -            if (reauthPrincipal != null) {
  +        if (reauthenticated) {
                   associate(ssoId, getSession(request, true));
  -                request.setAuthType(entry.getAuthType());
  -                request.setUserPrincipal(reauthPrincipal);
   
  -                reauthenticated = true;
                   if (log.isDebugEnabled()) {
  +                HttpServletRequest hreq = 
  +                        (HttpServletRequest) request.getRequest();
                       log.debug(" Reauthenticated cached principal '" +
  -                              entry.getPrincipal().getName() +
  -                              "' with auth type '" +
  -                              entry.getAuthType() + "'");
  -                }
  +                          hreq.getUserPrincipal().getName() +
  +                          "' with auth type '" +  hreq.getAuthType() + "'");
               }
           }
   
  
  
  
  1.13      +94 -46    jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java
  
  Index: SingleSignOn.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- SingleSignOn.java	27 Feb 2004 14:58:41 -0000	1.12
  +++ SingleSignOn.java	26 Apr 2004 21:50:36 -0000	1.13
  @@ -33,6 +33,7 @@
   import org.apache.catalina.LifecycleException;
   import org.apache.catalina.LifecycleListener;
   import org.apache.catalina.Logger;
  +import org.apache.catalina.Realm;
   import org.apache.catalina.Request;
   import org.apache.catalina.Response;
   import org.apache.catalina.Session;
  @@ -559,6 +560,55 @@
   
   
       /**
  +     * Attempts reauthentication to the given <code>Realm</code> using
  +     * the credentials associated with the single sign-on session
  +     * identified by argument <code>ssoId</code>.
  +     * <p>
  +     * If reauthentication is successful, the <code>Principal</code> and
  +     * authorization type associated with the SSO session will be bound
  +     * to the given <code>HttpRequest</code> object via calls to 
  +     * {@link HttpRequest#setAuthType HttpRequest.setAuthType()} and 
  +     * {@link HttpRequest#setUserPrincipal HttpRequest.setUserPrincipal()}
  +     * </p>
  +     *
  +     * @param ssoId     identifier of SingleSignOn session with which the
  +     *                  caller is associated
  +     * @param realm     Realm implementation against which the caller is to
  +     *                  be authenticated
  +     * @param request   the request that needs to be authenticated
  +     * 
  +     * @return  <code>true</code> if reauthentication was successful,
  +     *          <code>false</code> otherwise.
  +     */
  +    protected boolean reauthenticate(String ssoId, Realm realm,
  +                                  HttpRequest request) {
  +
  +        if (ssoId == null || realm == null)
  +            return false;
  +
  +        boolean reauthenticated = false;
  +
  +        SingleSignOnEntry entry = lookup(ssoId);
  +        if (entry != null && entry.getCanReauthenticate()) {
  +            
  +            String username = entry.getUsername();
  +            if (username != null) {
  +                Principal reauthPrincipal =
  +                        realm.authenticate(username, entry.getPassword());            
   
  +                if (reauthPrincipal != null) {                    
  +                    reauthenticated = true;                    
  +                    // Bind the authorization credentials to the request
  +                    request.setAuthType(entry.getAuthType());
  +                    request.setUserPrincipal(reauthPrincipal);
  +                }
  +            }
  +        }
  +
  +        return reauthenticated;
  +    }
  +
  +
  +    /**
        * Register the specified Principal as being associated with the specified
        * value for the single sign on identifier.
        *
  @@ -585,6 +635,47 @@
   
   
       /**
  +     * Updates any <code>SingleSignOnEntry</code> found under key
  +     * <code>ssoId</code> with the given authentication data.
  +     * <p>
  +     * The purpose of this method is to allow an SSO entry that was
  +     * established without a username/password combination (i.e. established
  +     * following DIGEST or CLIENT-CERT authentication) to be updated with
  +     * a username and password if one becomes available through a subsequent
  +     * BASIC or FORM authentication.  The SSO entry will then be usable for
  +     * reauthentication.
  +     * <p>
  +     * <b>NOTE:</b> Only updates the SSO entry if a call to
  +     * <code>SingleSignOnEntry.getCanReauthenticate()</code> returns
  +     * <code>false</code>; otherwise, it is assumed that the SSO entry already
  +     * has sufficient information to allow reauthentication and that no update
  +     * is needed.
  +     *
  +     * @param ssoId     identifier of Single sign to be updated
  +     * @param principal the <code>Principal</code> returned by the latest
  +     *                  call to <code>Realm.authenticate</code>.
  +     * @param authType  the type of authenticator used (BASIC, CLIENT-CERT,
  +     *                  DIGEST or FORM)
  +     * @param username  the username (if any) used for the authentication
  +     * @param password  the password (if any) used for the authentication
  +     */
  +    protected void update(String ssoId, Principal principal, String authType,
  +                          String username, String password) {
  +
  +        SingleSignOnEntry sso = lookup(ssoId);
  +        if (sso != null && !sso.getCanReauthenticate()) {
  +            if (debug >= 1)
  +                log("Update sso id " + ssoId + " to auth type " + authType);
  +
  +            synchronized(sso) {
  +                sso.updateCredentials(principal, authType, username, password);
  +            }
  +
  +        }
  +    }
  +
  +
  +    /**
        * Log a message on the Logger associated with our Container (if any).
        *
        * @param message Message to be logged
  @@ -633,9 +724,7 @@
   
       }
   
  -    //----------------------------------------------  Package-Protected Methods
  -
  -
  +    
       /**
        * Remove a single Session from a SingleSignOn.  Called when
        * a session is timed out and no longer active.
  @@ -643,7 +732,7 @@
        * @param ssoId Single sign on identifier from which to remove the session.
        * @param session the session to be removed.
        */
  -    void removeSession(String ssoId, Session session) {
  +    protected void removeSession(String ssoId, Session session) {
   
           if (debug >= 1)
               log("Removing session " + session.toString() + " from sso id " + 
  @@ -666,47 +755,6 @@
           // deregister the entry.
           if (entry.findSessions().length == 0) {
               deregister(ssoId);
  -        }
  -    }
  -
  -
  -    /**
  -     * Updates any <code>SingleSignOnEntry</code> found under key
  -     * <code>ssoId</code> with the given authentication data.
  -     * <p>
  -     * The purpose of this method is to allow an SSO entry that was
  -     * established without a username/password combination (i.e. established
  -     * following DIGEST or CLIENT-CERT authentication) to be updated with
  -     * a username and password if one becomes available through a subsequent
  -     * BASIC or FORM authentication.  The SSO entry will then be usable for
  -     * reauthentication.
  -     * <p>
  -     * <b>NOTE:</b> Only updates the SSO entry if a call to
  -     * <code>SingleSignOnEntry.getCanReauthenticate()</code> returns
  -     * <code>false</code>; otherwise, it is assumed that the SSO entry already
  -     * has sufficient information to allow reauthentication and that no update
  -     * is needed.
  -     *
  -     * @param ssoId identifier of Single sign to be updated
  -     * @param principal the <code>Principal</code> returned by the latest
  -     *                  call to <code>Realm.authenticate</code>.
  -     * @param authType  the type of authenticator used (BASIC, CLIENT-CERT,
  -     *                  DIGEST or FORM)
  -     * @param username  the username (if any) used for the authentication
  -     * @param password  the password (if any) used for the authentication
  -     */
  -    void update(String ssoId, Principal principal, String authType,
  -                  String username, String password) {
  -
  -        SingleSignOnEntry sso = lookup(ssoId);
  -        if (sso != null && !sso.getCanReauthenticate()) {
  -            if (debug >= 1)
  -                log("Update sso id " + ssoId + " to auth type " + authType);
  -
  -            synchronized(sso) {
  -                sso.updateCredentials(principal, authType, username, password);
  -            }
  -
           }
       }
   
  
  
  
  1.3       +18 -18    jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOnEntry.java
  
  Index: SingleSignOnEntry.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOnEntry.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- SingleSignOnEntry.java	27 Feb 2004 14:58:41 -0000	1.2
  +++ SingleSignOnEntry.java	26 Apr 2004 21:50:36 -0000	1.3
  @@ -32,21 +32,21 @@
    * @see SingleSignOn
    * @see AuthenticatorBase#reauthenticateFromSSO
    */
  -class SingleSignOnEntry
  +public class SingleSignOnEntry
   {
       // ------------------------------------------------------  Instance Fields
   
  -    private String authType = null;
  +    protected String authType = null;
   
  -    private String password = null;
  +    protected String password = null;
   
  -    private Principal principal = null;
  +    protected Principal principal = null;
   
  -    private Session sessions[] = new Session[0];
  +    protected Session sessions[] = new Session[0];
   
  -    private String username = null;
  +    protected String username = null;
   
  -    private boolean canReauthenticate = false;
  +    protected boolean canReauthenticate = false;
   
       // ---------------------------------------------------------  Constructors
   
  @@ -76,7 +76,7 @@
        *                  the SSO session.
        * @param session   The <code>Session</code> being associated with the
SSO.
        */
  -    synchronized void addSession(SingleSignOn sso, Session session) {
  +    public synchronized void addSession(SingleSignOn sso, Session session) {
           for (int i = 0; i < sessions.length; i++) {
               if (session == sessions[i])
                   return;
  @@ -94,7 +94,7 @@
        *
        * @param session  the <code>Session</code> to remove.
        */
  -    synchronized void removeSession(Session session) {
  +    public synchronized void removeSession(Session session) {
           Session[] nsessions = new Session[sessions.length - 1];
           for (int i = 0, j = 0; i < sessions.length; i++) {
               if (session == sessions[i])
  @@ -107,7 +107,7 @@
       /**
        * Returns the <code>Session</code>s associated with this SSO.
        */
  -    synchronized Session[] findSessions() {
  +    public synchronized Session[] findSessions() {
           return (this.sessions);
       }
   
  @@ -117,7 +117,7 @@
        *
        * @return "BASIC", "CLIENT-CERT", "DIGEST", "FORM" or "NONE"
        */
  -    String getAuthType() {
  +    public String getAuthType() {
           return (this.authType);
       }
   
  @@ -128,7 +128,7 @@
        * @return  <code>true</code> if <code>getAuthType</code> returns
        *          "BASIC" or "FORM", <code>false</code> otherwise.
        */
  -    boolean getCanReauthenticate() {
  +    public boolean getCanReauthenticate() {
           return (this.canReauthenticate);
       }
   
  @@ -139,7 +139,7 @@
        *          <code>null</code> if the original authentication type
        *          does not involve a password.
        */
  -    String getPassword() {
  +    public String getPassword() {
           return (this.password);
       }
   
  @@ -147,7 +147,7 @@
        * Gets the <code>Principal</code> that has been authenticated by
        * the SSO.
        */
  -    Principal getPrincipal() {
  +    public Principal getPrincipal() {
           return (this.principal);
       }
   
  @@ -155,7 +155,7 @@
        * Gets the username provided by the user as part of the authentication
        * process.
        */
  -    String getUsername() {
  +    public String getUsername() {
           return (this.username);
       }
   
  @@ -171,8 +171,8 @@
        * @param username  the username (if any) used for the authentication
        * @param password  the password (if any) used for the authentication
        */
  -    void updateCredentials(Principal principal, String authType,
  -                String username, String password) {
  +    public void updateCredentials(Principal principal, String authType,
  +                                  String username, String password) {
   
           this.principal = principal;
           this.authType = authType;
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message