tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DJP JEAN-PROST Dominique <Dominique.JEAN-PR...@dexia-sofaxis.com>
Subject [SingleSignOn Valve] Overriding deregister(String) method
Date Tue, 03 Aug 2010 12:26:32 GMT
Hello,



I’m porting applications from weblogic to jboss which uses tomcat as everybody knows.

In weblogic, I used to use the SSO feature which allowed me to logout from a webapp without
invalidating session for all webapps.



After reading SingleSignOn Valve documentation, I realize that tomcat doesn’t behave as
I would like. So I’m about to code a new SingleSignOn Valve by extending tomcat’s one
and overriding the deregister(String ssoId) method so that it doesn’t invalidate all sessions
bound to the SSO Entry



My question is : is it safe for me to do that ? I mean, am I about to wreck something in tomcat
internal ? Will I introduce such a change that SSO valve wouldn't work anymore ?



Thank in advance.



Dom





/**

484:             * Deregister the specified single sign on identifier, and invalidate

485:             * any associated sessions.

486:             *

487:             * @param ssoId Single sign on identifier to deregister

488:             */

489:            protected void deregister(String ssoId) {

490:

491:                if (containerLog.isDebugEnabled())

492:                    containerLog.debug("Deregistering sso id '" + ssoId + "'");

493:

494:                // Look up and remove the corresponding SingleSignOnEntry

495:                SingleSignOnEntry sso = null;

496:                synchronized (cache) {

497:                    sso = (SingleSignOnEntry) cache.remove(ssoId);

498:                }

499:

500:                if (sso == null)

501:                    return;

502:



                  /* Remove this part so that only the "current" Session is invalidated



503:                // Expire any associated sessions

504:                Session sessions[] = sso.findSessions();

505:                for (int i = 0; i < sessions.length; i++) {

506:                    if (containerLog.isTraceEnabled())

507:                        containerLog.trace(" Invalidating session "

508:                                + sessions[i]);

509:                    // Remove from reverse cache first to avoid recursion

510:                    synchronized (reverse) {

511:                        reverse.remove(sessions[i]);

512:                    }

513:                    // Invalidate this session

514:                    sessions[i].expire();

515:                }



            End of change

            */

516:

517:                // NOTE:  Clients may still possess the old single sign on cookie,

518:                // but it will be removed on the next request since it is no longer

519:                // in the cache

520:

521:            }



Consultez nos nouveaux sites internet : 
http://www.dexia-sofaxis.com 
http://www.dexia-sofcap-sofcah.com

Tous ensemble pour l’environnement : n’imprimer ce courriel que si nécessaire.

Dexia Sofaxis disclaimer : http://www.dexia-sofaxis.com/disclaimer.html
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message