| 
 | Apache Tomcat 6.0.53 | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Objectorg.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.SingleSignOn
public class SingleSignOn
A Valve that supports a "single sign on" user experience, where the security identity of a user who successfully authenticates to one web application is propogated to other web applications in the same security domain. For successful use, the following requirements must be met:
Host).Realm that contains the shared user and role
     information must be configured on the same Container (or a higher
     one), and not overridden at the web application level.org.apache.catalina.authenticator package.
| Field Summary | |
|---|---|
| protected  java.util.Map<java.lang.String,SingleSignOnEntry> | cacheThe cache of SingleSignOnEntry instances for authenticated Principals, keyed by the cookie value that is used to select them. | 
| protected static java.lang.String | infoDescriptive information about this Valve implementation. | 
| protected  LifecycleSupport | lifecycleThe lifecycle event support for this component. | 
| protected  java.util.Map<Session,java.lang.String> | reverseThe cache of single sign on identifiers, keyed by the Session that is associated with them. | 
| protected static StringManager | smThe string manager for this package. | 
| protected  boolean | startedComponent started flag. | 
| Fields inherited from class org.apache.catalina.valves.ValveBase | 
|---|
| container, containerLog, controller, domain, mserver, next, oname | 
| Fields inherited from interface org.apache.catalina.Lifecycle | 
|---|
| AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT | 
| Constructor Summary | |
|---|---|
| SingleSignOn() | |
| Method Summary | |
|---|---|
|  void | addLifecycleListener(LifecycleListener listener)Add a lifecycle event listener to this component. | 
| protected  void | associate(java.lang.String ssoId,
          Session session)Associate the specified single sign on identifier with the specified Session. | 
| protected  void | deregister(java.lang.String ssoId)Deregister the specified single sign on identifier, and invalidate any associated sessions. | 
| protected  void | deregister(java.lang.String ssoId,
           Session session)Deregister the specified session. | 
|  LifecycleListener[] | findLifecycleListeners()Get the lifecycle listeners associated with this lifecycle. | 
|  java.lang.String | getCookieDomain()Returns the optional cookie domain. | 
|  java.lang.String | getInfo()Return descriptive information about this Valve implementation. | 
|  boolean | getRequireReauthentication()Gets whether each request needs to be reauthenticated (by an Authenticator downstream in the pipeline) to the security Realm, or if this Valve can itself bind security info
 to the request based on the presence of a valid SSO entry without
 rechecking with theRealm
 | 
|  void | invoke(Request request,
       Response response)Perform single-sign-on support processing for this request. | 
| protected  SingleSignOnEntry | lookup(java.lang.String ssoId)Look up and return the cached SingleSignOn entry associated with this sso id value, if there is one; otherwise return null. | 
| protected  boolean | reauthenticate(java.lang.String ssoId,
               Realm realm,
               Request request)Attempts reauthentication to the given Realmusing
 the credentials associated with the single sign-on session
 identified by argumentssoId. | 
| protected  void | register(java.lang.String ssoId,
         java.security.Principal principal,
         java.lang.String authType,
         java.lang.String username,
         java.lang.String password)Register the specified Principal as being associated with the specified value for the single sign on identifier. | 
|  void | removeLifecycleListener(LifecycleListener listener)Remove a lifecycle event listener from this component. | 
| protected  void | removeSession(java.lang.String ssoId,
              Session session)Remove a single Session from a SingleSignOn. | 
|  void | sessionEvent(SessionEvent event)Acknowledge the occurrence of the specified event. | 
|  void | setCookieDomain(java.lang.String cookieDomain)Sets the domain to be used for sso cookies. | 
|  void | setRequireReauthentication(boolean required)Sets whether each request needs to be reauthenticated (by an Authenticator downstream in the pipeline) to the security Realm, or if this Valve can itself bind security info
 to the request, based on the presence of a valid SSO entry, without
 rechecking with theRealm
 | 
|  void | start()Prepare for the beginning of active use of the public methods of this component. | 
|  void | stop()Gracefully terminate the active use of the public methods of this component. | 
|  java.lang.String | toString()Return a String rendering of this object. | 
| protected  void | update(java.lang.String ssoId,
       java.security.Principal principal,
       java.lang.String authType,
       java.lang.String username,
       java.lang.String password)Updates any SingleSignOnEntryfound under keyssoIdwith the given authentication data. | 
| Methods inherited from class org.apache.catalina.valves.ValveBase | 
|---|
| backgroundProcess, createObjectName, event, getContainer, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setContainer, setController, setNext, setObjectName | 
| Methods inherited from class java.lang.Object | 
|---|
| clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait | 
| Field Detail | 
|---|
protected java.util.Map<java.lang.String,SingleSignOnEntry> cache
protected static java.lang.String info
protected LifecycleSupport lifecycle
protected java.util.Map<Session,java.lang.String> reverse
protected static final StringManager sm
protected boolean started
| Constructor Detail | 
|---|
public SingleSignOn()
| Method Detail | 
|---|
public java.lang.String getCookieDomain()
public void setCookieDomain(java.lang.String cookieDomain)
cookieDomain - cookie domain namepublic boolean getRequireReauthentication()
Realm, or if this Valve can itself bind security info
 to the request based on the presence of a valid SSO entry without
 rechecking with the Realm
- 
 
- 
- Returns:
- trueif it is required that a downstream
          Authenticator reauthenticate each request before calls to- HttpServletRequest.setUserPrincipal()and- HttpServletRequest.setAuthType()are made;- falseif the- Valvecan itself make
          those calls relying on the presence of a valid SingleSignOn
          entry associated with the request.
- See Also:
- setRequireReauthentication(boolean)
 
public void setRequireReauthentication(boolean required)
Realm, or if this Valve can itself bind security info
 to the request, based on the presence of a valid SSO entry, without
 rechecking with the Realm
 If this property is false (the default), this
 Valve will bind a UserPrincipal and AuthType to the request
 if a valid SSO entry is associated with the request.  It will not notify
 the security Realm of the incoming request.
 
 This property should be set to true if the overall server
 configuration requires that the Realm reauthenticate each
 request thread.  An example of such a configuration would be one where
 the Realm implementation provides security for both a
 web tier and an associated EJB tier, and needs to set security
 credentials on each request thread in order to support EJB access.
 
 If this property is set to true, this Valve will set flags
 on the request notifying the downstream Authenticator that the request
 is associated with an SSO session.  The Authenticator will then call its
 reauthenticateFromSSO
 method to attempt to reauthenticate the request to the
 Realm, using any credentials that were cached with this
 Valve.
 
 The default value of this property is false, in order
 to maintain backward compatibility with previous versions of Tomcat.
- 
 
- 
- Parameters:
- required-- trueif it is required that a downstream
                  Authenticator reauthenticate each request before calls
                  to- HttpServletRequest.setUserPrincipal()and- HttpServletRequest.setAuthType()are
                  made;- falseif the- Valvecan
                  itself make those calls relying on the presence of a
                  valid SingleSignOn entry associated with the request.
- See Also:
- AuthenticatorBase.reauthenticateFromSSO(java.lang.String, org.apache.catalina.connector.Request)
 
public void addLifecycleListener(LifecycleListener listener)
addLifecycleListener in interface Lifecyclelistener - The listener to addpublic LifecycleListener[] findLifecycleListeners()
findLifecycleListeners in interface Lifecyclepublic void removeLifecycleListener(LifecycleListener listener)
removeLifecycleListener in interface Lifecyclelistener - The listener to remove
public void start()
           throws LifecycleException
configure(),
 and before any of the public methods of the component are utilized.
start in interface LifecycleLifecycleException - if this component detects a fatal error
  that prevents this component from being used
public void stop()
          throws LifecycleException
stop in interface LifecycleLifecycleException - if this component detects a fatal error
  that needs to be reportedpublic void sessionEvent(SessionEvent event)
sessionEvent in interface SessionListenerevent - SessionEvent that has occurredpublic java.lang.String getInfo()
getInfo in interface ValvegetInfo in class ValveBase
public void invoke(Request request,
                   Response response)
            throws java.io.IOException,
                   javax.servlet.ServletException
invoke in interface Valveinvoke in class ValveBaserequest - The servlet request we are processingresponse - The servlet response we are creating
java.io.IOException - if an input/output error occurs
javax.servlet.ServletException - if a servlet error occurspublic java.lang.String toString()
toString in class ValveBase
protected void associate(java.lang.String ssoId,
                         Session session)
ssoId - Single sign on identifiersession - Session to be associated
protected void deregister(java.lang.String ssoId,
                          Session session)
ssoId - Single sign on identifiersession - Session to be deregisteredprotected void deregister(java.lang.String ssoId)
ssoId - Single sign on identifier to deregister
protected boolean reauthenticate(java.lang.String ssoId,
                                 Realm realm,
                                 Request request)
Realm using
 the credentials associated with the single sign-on session
 identified by argument ssoId.
 
 If reauthentication is successful, the Principal and
 authorization type associated with the SSO session will be bound
 to the given Request object via calls to 
 Request.setAuthType() and 
 Request.setUserPrincipal()
 
ssoId - identifier of SingleSignOn session with which the
                  caller is associatedrealm - Realm implementation against which the caller is to
                  be authenticatedrequest - the request that needs to be authenticated
true if reauthentication was successful,
          false otherwise.
protected void register(java.lang.String ssoId,
                        java.security.Principal principal,
                        java.lang.String authType,
                        java.lang.String username,
                        java.lang.String password)
ssoId - Single sign on identifier to registerprincipal - Associated user principal that is identifiedauthType - Authentication type used to authenticate this
  user principalusername - Username used to authenticate this userpassword - Password used to authenticate this user
protected void update(java.lang.String ssoId,
                      java.security.Principal principal,
                      java.lang.String authType,
                      java.lang.String username,
                      java.lang.String password)
SingleSignOnEntry found under key
 ssoId with the given authentication data.
 The purpose of this method is to allow an SSO entry that was established without a username/password combination (i.e. established following DIGEST or CLIENT_CERT authentication) to be updated with a username and password if one becomes available through a subsequent BASIC or FORM authentication. The SSO entry will then be usable for reauthentication.
 NOTE: Only updates the SSO entry if a call to
 SingleSignOnEntry.getCanReauthenticate() returns
 false; otherwise, it is assumed that the SSO entry already
 has sufficient information to allow reauthentication and that no update
 is needed.
ssoId - identifier of Single sign to be updatedprincipal - the Principal returned by the latest
                  call to Realm.authenticate.authType - the type of authenticator used (BASIC, CLIENT_CERT,
                  DIGEST or FORM)username - the username (if any) used for the authenticationpassword - the password (if any) used for the authenticationprotected SingleSignOnEntry lookup(java.lang.String ssoId)
null.
ssoId - Single sign on identifier to look up
protected void removeSession(java.lang.String ssoId,
                             Session session)
ssoId - Single sign on identifier from which to remove the session.session - the session to be removed.| 
 | Apache Tomcat 6.0.53 | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||