tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: [SingleSignOn Valve] Overriding deregister(String) method
Date Tue, 03 Aug 2010 12:44:51 GMT
On 03/08/2010 13:26, DJP JEAN-PROST Dominique wrote:
> Hello,
> 
> 
> 
> I’m porting applications from weblogic to jboss which uses tomcat as everybody knows.
> 
> In weblogic, I used to use the SSO feature which allowed me to logout from a webapp without
invalidating session for all webapps.
> 
> After reading SingleSignOn Valve documentation, I realize that tomcat doesn’t behave
as I would like. So I’m about to code a new SingleSignOn Valve by extending tomcat’s one
and overriding the deregister(String ssoId) method so that it doesn’t invalidate all sessions
bound to the SSO Entry
> 
> My question is : is it safe for me to do that ? I mean, am I about to wreck something
in tomcat internal ? Will I introduce such a change that SSO valve wouldn't work anymore ?

Potentially silly questions:

#1 how is one supposed to logout of all apps?
#2 what's the reason for using a half functional SSO valve?


p

> Dom
> 
> 
> 
> 
> 
> /**
> 
> 484:             * Deregister the specified single sign on identifier, and invalidate
> 
> 485:             * any associated sessions.
> 
> 486:             *
> 
> 487:             * @param ssoId Single sign on identifier to deregister
> 
> 488:             */
> 
> 489:            protected void deregister(String ssoId) {
> 
> 490:
> 
> 491:                if (containerLog.isDebugEnabled())
> 
> 492:                    containerLog.debug("Deregistering sso id '" + ssoId + "'");
> 
> 493:
> 
> 494:                // Look up and remove the corresponding SingleSignOnEntry
> 
> 495:                SingleSignOnEntry sso = null;
> 
> 496:                synchronized (cache) {
> 
> 497:                    sso = (SingleSignOnEntry) cache.remove(ssoId);
> 
> 498:                }
> 
> 499:
> 
> 500:                if (sso == null)
> 
> 501:                    return;
> 
> 502:
> 
> 
> 
>                   /* Remove this part so that only the "current" Session is invalidated
> 
> 
> 
> 503:                // Expire any associated sessions
> 
> 504:                Session sessions[] = sso.findSessions();
> 
> 505:                for (int i = 0; i < sessions.length; i++) {
> 
> 506:                    if (containerLog.isTraceEnabled())
> 
> 507:                        containerLog.trace(" Invalidating session "
> 
> 508:                                + sessions[i]);
> 
> 509:                    // Remove from reverse cache first to avoid recursion
> 
> 510:                    synchronized (reverse) {
> 
> 511:                        reverse.remove(sessions[i]);
> 
> 512:                    }
> 
> 513:                    // Invalidate this session
> 
> 514:                    sessions[i].expire();
> 
> 515:                }
> 
> 
> 
>             End of change
> 
>             */
> 
> 516:
> 
> 517:                // NOTE:  Clients may still possess the old single sign on cookie,
> 
> 518:                // but it will be removed on the next request since it is no longer
> 
> 519:                // in the cache
> 
> 520:
> 
> 521:            }
> 
> 
> 
> Consultez nos nouveaux sites internet : 
> http://www.dexia-sofaxis.com 
> http://www.dexia-sofcap-sofcah.com
> 
> Tous ensemble pour l’environnement : n’imprimer ce courriel que si nécessaire.
> 
> Dexia Sofaxis disclaimer : http://www.dexia-sofaxis.com/disclaimer.html



Mime
View raw message