Return-Path: 
 <users-return-215211-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 91834 invoked from network); 3 Aug 2010 12:45:39 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 3 Aug 2010 12:45:39 -0000
Received: (qmail 19094 invoked by uid 500); 3 Aug 2010 12:45:36 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 18771 invoked by uid 500); 3 Aug 2010 12:45:32 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 18751 invoked by uid 99); 3 Aug 2010 12:45:31 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Aug 2010 12:45:31 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of pid@pidster.com designates
 74.125.82.173 as permitted sender)
Received: from [74.125.82.173] (HELO mail-wy0-f173.google.com) (74.125.82.173)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Aug 2010 12:45:25 +0000
Received: by wyi11 with SMTP id 11so4932721wyi.18
        for <users@tomcat.apache.org>; Tue, 03 Aug 2010 05:45:03 -0700 (PDT)
Received: by 10.227.72.149 with SMTP id m21mr6169795wbj.217.1280839502691;
        Tue, 03 Aug 2010 05:45:02 -0700 (PDT)
Received: from Phoenix.local
 (cpc2-lewi13-2-0-cust269.2-4.cable.virginmedia.com [86.14.119.14])
        by mx.google.com with ESMTPS id h37sm3515572wej.47.2010.08.03.05.45.01
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Tue, 03 Aug 2010 05:45:01 -0700 (PDT)
Message-ID: <4C580F43.5020100@pidster.com>
Date: Tue, 03 Aug 2010 13:44:51 +0100
From: Pid <pid@pidster.com>
Reply-To: pid@pidster.com
Organization: Pidster Inc
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB;
 rv:1.9.2.7) Gecko/20100713 Lightning/1.0b2 Thunderbird/3.1.1
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: [SingleSignOn Valve] Overriding deregister(String) method
References: <1588B37BB7702343A6DDA3C7CA1913F613242CF408@mercure.sofaxis.lan>
In-Reply-To: <1588B37BB7702343A6DDA3C7CA1913F613242CF408@mercure.sofaxis.lan>
X-Enigmail-Version: 1.1.1
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="------------enigEC6285B30158DB9FAB70D44E"

--------------enigEC6285B30158DB9FAB70D44E
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 03/08/2010 13:26, DJP JEAN-PROST Dominique wrote:
> Hello,
>=20
>=20
>=20
> I=E2=80=99m porting applications from weblogic to jboss which uses tomc=
at as everybody knows.
>=20
> In weblogic, I used to use the SSO feature which allowed me to logout f=
rom a webapp without invalidating session for all webapps.
>=20
> After reading SingleSignOn Valve documentation, I realize that tomcat d=
oesn=E2=80=99t behave as I would like. So I=E2=80=99m about to code a new=
 SingleSignOn Valve by extending tomcat=E2=80=99s one and overriding the =
deregister(String ssoId) method so that it doesn=E2=80=99t invalidate all=
 sessions bound to the SSO Entry
>=20
> My question is : is it safe for me to do that ? I mean, am I about to w=
reck something in tomcat internal ? Will I introduce such a change that S=
SO valve wouldn't work anymore ?

Potentially silly questions:

#1 how is one supposed to logout of all apps?
#2 what's the reason for using a half functional SSO valve?


p

> Dom
>=20
>=20
>=20
>=20
>=20
> /**
>=20
> 484:             * Deregister the specified single sign on identifier, =
and invalidate
>=20
> 485:             * any associated sessions.
>=20
> 486:             *
>=20
> 487:             * @param ssoId Single sign on identifier to deregister=

>=20
> 488:             */
>=20
> 489:            protected void deregister(String ssoId) {
>=20
> 490:
>=20
> 491:                if (containerLog.isDebugEnabled())
>=20
> 492:                    containerLog.debug("Deregistering sso id '" + s=
soId + "'");
>=20
> 493:
>=20
> 494:                // Look up and remove the corresponding SingleSignO=
nEntry
>=20
> 495:                SingleSignOnEntry sso =3D null;
>=20
> 496:                synchronized (cache) {
>=20
> 497:                    sso =3D (SingleSignOnEntry) cache.remove(ssoId)=
;
>=20
> 498:                }
>=20
> 499:
>=20
> 500:                if (sso =3D=3D null)
>=20
> 501:                    return;
>=20
> 502:
>=20
>=20
>=20
>                   /* Remove this part so that only the "current" Sessio=
n is invalidated
>=20
>=20
>=20
> 503:                // Expire any associated sessions
>=20
> 504:                Session sessions[] =3D sso.findSessions();
>=20
> 505:                for (int i =3D 0; i < sessions.length; i++) {
>=20
> 506:                    if (containerLog.isTraceEnabled())
>=20
> 507:                        containerLog.trace(" Invalidating session "=

>=20
> 508:                                + sessions[i]);
>=20
> 509:                    // Remove from reverse cache first to avoid rec=
ursion
>=20
> 510:                    synchronized (reverse) {
>=20
> 511:                        reverse.remove(sessions[i]);
>=20
> 512:                    }
>=20
> 513:                    // Invalidate this session
>=20
> 514:                    sessions[i].expire();
>=20
> 515:                }
>=20
>=20
>=20
>             End of change
>=20
>             */
>=20
> 516:
>=20
> 517:                // NOTE:  Clients may still possess the old single =
sign on cookie,
>=20
> 518:                // but it will be removed on the next request since=
 it is no longer
>=20
> 519:                // in the cache
>=20
> 520:
>=20
> 521:            }
>=20
>=20
>=20
> Consultez nos nouveaux sites internet :=20
> http://www.dexia-sofaxis.com=20
> http://www.dexia-sofcap-sofcah.com
>=20
> Tous ensemble pour l=E2=80=99environnement : n=E2=80=99imprimer ce cour=
riel que si n=C3=A9cessaire.
>=20
> Dexia Sofaxis disclaimer : http://www.dexia-sofaxis.com/disclaimer.html=




--------------enigEC6285B30158DB9FAB70D44E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)

iQIcBAEBCgAGBQJMWA9LAAoJEGoM2OGpOvr9oxoP/j02uVP29UaXhcUse5Iem2wv
lwcFA0PAV21lS1bTnr2S8CFYXYf1PyqP7679xyPdXp9To+22CKt8QqQdTKBeA/7A
bDfEvu8s18AaROS7YaGVmVmr97UKR1Z2j+o4ngpia1htuMSbNo0qwdrwJBRM49v6
dZ6KGFddr5W50tYcPoy5qFDGm4uzKZN8K1m+iLhbIlMPTmui6gn0FJRXrbtQwdA1
HwZ2Evdob9KDOqnvIbOLu2VZ9Nbh+8ndggoZYvvfs5C+gm8CLlEQde2YzZmTZwKw
p1J2qk32BSwB2zYln01kurIb6R3OHQGeG6MY/Ia9zeEKaeOmLZZf2wyr3PDOyi8T
ExS/JnhZtdz1sdq5FarJoZkWenwJU/Vw5XEmLQzzTJ1n5u6naFqF3Whma6iV/xT9
r4GeE8AkhogcXeL2u1q0yU9+02l8LjxwhUjH99MnUBGcNK4pJCCgoqj9v/SYQOcs
UNA5WTnlCSKCMN9tf9gO9TSgcD+7CdReeKJ49zjoj78rGuRf8VBq2YBT/JDkjowV
Xw7thoSWvNcDXoa3xtRoti98DL9EHfETFSrwgGuUOvaX+K6G0XZLJ7lWdIM40+up
bjeXBvX7PZh5TLWq+mWyq5tqUKgaOAadVwjJjh3eardpFbEzwRm/bovQ90UjuXD+
eodlgDHkeAYpdDwPRGJ5
=8ERN
-----END PGP SIGNATURE-----

--------------enigEC6285B30158DB9FAB70D44E--