You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2003/12/24 21:41:50 UTC
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator SingleSignOnEntry.java
markt 2003/12/24 12:41:50
Added: catalina/src/share/org/apache/catalina/authenticator
SingleSignOnEntry.java
Log:
- Port of patch from TC5.
- Fix bugs 4350, 9077, 10040 and 23881.
- SSO in embedded Tomcat.
- Patch provided by Brian Stansberry.
Revision Changes Path
1.1 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SingleSignOnEntry.java
Index: SingleSignOnEntry.java
===================================================================
/*
* $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SingleSignOnEntry.java,v 1.1 2003/12/24 20:41:50 markt Exp $
* $Revision: 1.1 $
* $Date: 2003/12/24 20:41:50 $
*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.catalina.authenticator;
import java.security.Principal;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.Constants;
/**
* A class that represents entries in the cache of authenticated users.
* This is necessary to make it available to
* <code>AuthenticatorBase</code> subclasses that need it in order to perform
* reauthentications when SingleSignOn is in use.
*
* @author B Stansberry, based on work by Craig R. McClanahan
* @version $Revision: 1.1 $
*
* @see SingleSignOn
* @see AuthenticatorBase#reauthenticateFromSSO
*/
class SingleSignOnEntry
{
// ------------------------------------------------------ Instance Fields
private String authType = null;
private String password = null;
private Principal principal = null;
private Session sessions[] = new Session[0];
private String username = null;
private boolean canReauthenticate = false;
// --------------------------------------------------------- Constructors
/**
* Creates a new SingleSignOnEntry
*
* @param principal the <code>Principal</code> returned by the latest
* call to <code>Realm.authenticate</code>.
* @param authType the type of authenticator used (BASIC, CLIENT-CERT,
* DIGEST or FORM)
* @param username the username (if any) used for the authentication
* @param password the password (if any) used for the authentication
*/
SingleSignOnEntry(Principal principal, String authType,
String username, String password) {
super();
updateCredentials(principal, authType, username, password);
}
// ------------------------------------------------------- Package Methods
/**
* Adds a <code>Session</code> to the list of those associated with
* this SSO.
*
* @param sso The <code>SingleSignOn</code> valve that is managing
* the SSO session.
* @param session The <code>Session</code> being associated with the SSO.
*/
synchronized void addSession(SingleSignOn sso, Session session) {
for (int i = 0; i < sessions.length; i++) {
if (session == sessions[i])
return;
}
Session results[] = new Session[sessions.length + 1];
System.arraycopy(sessions, 0, results, 0, sessions.length);
results[sessions.length] = session;
sessions = results;
session.addSessionListener(sso);
}
/**
* Removes the given <code>Session</code> from the list of those
* associated with this SSO.
*
* @param session the <code>Session</code> to remove.
*/
synchronized void removeSession(Session session) {
Session[] nsessions = new Session[sessions.length - 1];
for (int i = 0, j = 0; i < sessions.length; i++) {
if (session == sessions[i])
continue;
nsessions[j++] = sessions[i];
}
sessions = nsessions;
}
/**
* Returns the <code>Session</code>s associated with this SSO.
*/
synchronized Session[] findSessions() {
return (this.sessions);
}
/**
* Gets the name of the authentication type originally used to authenticate
* the user associated with the SSO.
*
* @return "BASIC", "CLIENT-CERT", "DIGEST", "FORM" or "NONE"
*/
String getAuthType() {
return (this.authType);
}
/**
* Gets whether the authentication type associated with the original
* authentication supports reauthentication.
*
* @return <code>true</code> if <code>getAuthType</code> returns
* "BASIC" or "FORM", <code>false</code> otherwise.
*/
boolean getCanReauthenticate() {
return (this.canReauthenticate);
}
/**
* Gets the password credential (if any) associated with the SSO.
*
* @return the password credential associated with the SSO, or
* <code>null</code> if the original authentication type
* does not involve a password.
*/
String getPassword() {
return (this.password);
}
/**
* Gets the <code>Principal</code> that has been authenticated by
* the SSO.
*/
Principal getPrincipal() {
return (this.principal);
}
/**
* Gets the username provided by the user as part of the authentication
* process.
*/
String getUsername() {
return (this.username);
}
/**
* Updates the SingleSignOnEntry to reflect the latest security
* information associated with the caller.
*
* @param principal the <code>Principal</code> returned by the latest
* call to <code>Realm.authenticate</code>.
* @param authType the type of authenticator used (BASIC, CLIENT-CERT,
* DIGEST or FORM)
* @param username the username (if any) used for the authentication
* @param password the password (if any) used for the authentication
*/
void updateCredentials(Principal principal, String authType,
String username, String password) {
this.principal = principal;
this.authType = authType;
this.username = username;
this.password = password;
this.canReauthenticate =
(Constants.BASIC_METHOD.equals(authType)
|| Constants.FORM_METHOD.equals(authType));
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org