You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by shanmugampl <sh...@india.adventnet.com> on 2003/04/03 15:12:24 UTC
SingleSignOn Problem
Hi All,
I am running Tomcat 4.1.18 with SingleSignOn enabled. I have two
applications, A and B running. The first application that I will be
logging in will be A and from there I will be moving to application B.
Suppose if the session timeout period is set to 20 minutes, then if I
login to A and after that keep working in B, then after 20 minutes, the
session for A
will get timed out and I will be asked to authenticate again. This will
happen even though my session is active in application B.
This was a major issue and I solved it in the following way.
1. Extended the SingleSignOn class and overridden the invoke method.
2. Inside this method I am updating the access time of all the
sessions.(I have attached the changed code also and have marked my
changes in Blue color).
3. So whenever a request comes from any application the access time of
rest of the associated sessions will get updated and hence timeout will
happen properly.
Will this issue be fixed in the future versions of tomcat?.
Also in single sign on I would like to have the same session for all
applications. Even though this is not mentioned in the spec, i think
that in case of SingleSignOn alone same session can be used for storing
information. Will this issue be taken up for analysis.?
Thanks
Shanmugam.PL
Method:
public void invoke(Request request, Response response,
ValveContext context)
throws IOException, ServletException {
// If this is not an HTTP request and response, just pass them on
if (!(request instanceof HttpRequest) ||
!(response instanceof HttpResponse)) {
context.invokeNext(request, response);
return;
}
HttpServletRequest hreq =
(HttpServletRequest) request.getRequest();
HttpServletResponse hres =
(HttpServletResponse) response.getResponse();
request.removeNote(Constants.REQ_SSOID_NOTE);
// Has a valid user already been authenticated?
if (debug >= 1)
log("Process request for '" + hreq.getRequestURI() + "'");
if (hreq.getUserPrincipal() != null) {
if (debug >= 1)
log(" Principal '" + hreq.getUserPrincipal().getName() +
"' has already been authenticated");
context.invokeNext(request, response);
return;
}
// Check for the single sign on cookie
if (debug >= 1)
log(" Checking for SSO cookie");
Cookie cookie = null;
Cookie cookies[] = hreq.getCookies();
if (cookies == null)
cookies = new Cookie[0];
for (int i = 0; i < cookies.length; i++) {
if
(Constants.SINGLE_SIGN_ON_COOKIE.equals(cookies[i].getName())) {
cookie = cookies[i];
break;
}
}
if (cookie == null) {
if (debug >= 1)
log(" SSO cookie is not present");
context.invokeNext(request, response);
return;
}
// Look up the cached Principal associated with this cookie value
if (debug >= 1)
log(" Checking for cached principal for " + cookie.getValue());
SingleSignOnEntry entry = lookup(cookie.getValue());
if (entry != null) {
if (debug >= 1)
log(" Found cached principal '" +
entry.principal.getName() + "' with auth type '" +
entry.authType + "'");
request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
((HttpRequest) request).setAuthType(entry.authType);
((HttpRequest) request).setUserPrincipal(entry.principal);
// Added By Shanmugam
Session[] sessions = entry.findSessions();
for (int i = 0; i < sessions.length; i++) {
sessions[i].access();
}
// Finished
} else {
if (debug >= 1)
log(" No cached principal found, erasing SSO cookie");
cookie.setMaxAge(0);
hres.addCookie(cookie);
}
// Invoke the next Valve in our pipeline
context.invokeNext(request, response);
}
Thanks
Shanmugam.PL