org.apache.catalina.ha.authenticator
Class ClusterSingleSignOn

java.lang.Object
  org.apache.catalina.util.LifecycleBase
      org.apache.catalina.util.LifecycleMBeanBase
          org.apache.catalina.valves.ValveBase
              org.apache.catalina.authenticator.SingleSignOn
                  org.apache.catalina.ha.authenticator.ClusterSingleSignOn

All Implemented Interfaces:

EventListener, MBeanRegistration, Contained, Lifecycle, SessionListener, Valve

public class ClusterSingleSignOn
extends SingleSignOn

A Valve that supports a "single sign on" user experience on each nodes of a cluster, where the security identity of a user who successfully authenticates to one web application is propagated to other web applications and to other nodes cluster in the same security domain. For successful use, the following requirements must be met:

• This Valve must be configured on the Container that represents a virtual host (typically an implementation of Host).
• The Realm that contains the shared user and role information must be configured on the same Container (or a higher one), and not overridden at the web application level.
• The web applications themselves must use one of the standard Authenticators found in the org.apache.catalina.authenticator package.

Author:

Fabien Carrion

Field Summary

protected static String	info Descriptive information about this Valve implementation.
protected int	messageNumber

Fields inherited from class org.apache.catalina.authenticator.SingleSignOn

cache, reverse, sm

Fields inherited from class org.apache.catalina.valves.ValveBase

asyncSupported, container, containerLog, next

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

mserver

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

ClusterSingleSignOn()

Method Summary

protected void	associate(String ssoId, Session session) Notify the cluster of the addition of a Session to an SSO session and associate the specified single sign on identifier with the specified Session on the local node.
protected void	associateLocal(String ssoId, Session session)
protected void	deregister(String ssoId) Notifies the cluster that a single sign on session has been terminated due to a user logout, deregister the specified single sign on identifier, and invalidate any associated sessions on the local node.
protected void	deregister(String ssoId, Session session) Notify the cluster of the removal of a Session from an SSO session and deregister the specified session.
protected void	deregisterLocal(String ssoId)
protected void	deregisterLocal(String ssoId, Session session)
CatalinaCluster	getCluster()
String	getInfo() Return descriptive information about this Valve implementation.
protected void	register(String ssoId, Principal principal, String authType, String username, String password) Notifies the cluster of the creation of a new SSO entry and register the specified Principal as being associated with the specified value for the single sign on identifier.
protected void	registerLocal(String ssoId, Principal principal, String authType, String username, String password)
protected void	removeSession(String ssoId, Session session) Remove a single Session from a SingleSignOn and notify the cluster of the removal.
protected void	removeSessionLocal(String ssoId, Session session)
void	setCluster(CatalinaCluster cluster)
protected void	startInternal() Start this component and implement the requirements of LifecycleBase.startInternal().
protected void	stopInternal() Stop this component and implement the requirements of LifecycleBase.stopInternal().
protected void	update(String ssoId, Principal principal, String authType, String username, String password) Notifies the cluster of an update of the security credentials associated with an SSO session.
protected void	updateLocal(String ssoId, Principal principal, String authType, String username, String password)

Methods inherited from class org.apache.catalina.authenticator.SingleSignOn

getCookieDomain, getRequireReauthentication, invoke, lookup, reauthenticate, sessionEvent, setCookieDomain, setRequireReauthentication

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, event, getContainer, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setContainer, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

info

protected static final String info

Descriptive information about this Valve implementation.

See Also:

Constant Field Values

messageNumber

protected int messageNumber

Constructor Detail

ClusterSingleSignOn

public ClusterSingleSignOn()

Method Detail

getInfo

public String getInfo()

Return descriptive information about this Valve implementation.

Specified by:

getInfo in interface Valve

Overrides:

getInfo in class SingleSignOn

getCluster

public CatalinaCluster getCluster()

setCluster

public void setCluster(CatalinaCluster cluster)

startInternal

protected void startInternal()
                      throws LifecycleException

Start this component and implement the requirements of LifecycleBase.startInternal().

Overrides:

startInternal in class ValveBase

Throws:

LifecycleException - if this component detects a fatal error that prevents this component from being used

stopInternal

protected void stopInternal()
                     throws LifecycleException

Stop this component and implement the requirements of LifecycleBase.stopInternal().

Overrides:

stopInternal in class ValveBase

Throws:

LifecycleException - if this component detects a fatal error that prevents this component from being used

associate

protected void associate(String ssoId,
                         Session session)

Notify the cluster of the addition of a Session to an SSO session and associate the specified single sign on identifier with the specified Session on the local node.

Overrides:

associate in class SingleSignOn

Parameters:

ssoId - Single sign on identifier

session - Session to be associated

associateLocal

protected void associateLocal(String ssoId,
                              Session session)

deregister

protected void deregister(String ssoId,
                          Session session)

Notify the cluster of the removal of a Session from an SSO session and deregister the specified session. If it is the last session, then also get rid of the single sign on identifier on the local node.

Overrides:

deregister in class SingleSignOn

Parameters:

ssoId - Single sign on identifier

session - Session to be deregistered

deregisterLocal

protected void deregisterLocal(String ssoId,
                               Session session)

deregister

protected void deregister(String ssoId)

Notifies the cluster that a single sign on session has been terminated due to a user logout, deregister the specified single sign on identifier, and invalidate any associated sessions on the local node.

Overrides:

deregister in class SingleSignOn

Parameters:

ssoId - Single sign on identifier to deregister

deregisterLocal

protected void deregisterLocal(String ssoId)

register

protected void register(String ssoId,
                        Principal principal,
                        String authType,
                        String username,
                        String password)

Notifies the cluster of the creation of a new SSO entry and register the specified Principal as being associated with the specified value for the single sign on identifier.

Overrides:

register in class SingleSignOn

Parameters:

ssoId - Single sign on identifier to register

principal - Associated user principal that is identified

authType - Authentication type used to authenticate this user principal

username - Username used to authenticate this user

password - Password used to authenticate this user

registerLocal

protected void registerLocal(String ssoId,
                             Principal principal,
                             String authType,
                             String username,
                             String password)

update

protected void update(String ssoId,
                      Principal principal,
                      String authType,
                      String username,
                      String password)

Notifies the cluster of an update of the security credentials associated with an SSO session. Updates any SingleSignOnEntry found under key ssoId with the given authentication data.

The purpose of this method is to allow an SSO entry that was established without a username/password combination (i.e. established following DIGEST or CLIENT-CERT authentication) to be updated with a username and password if one becomes available through a subsequent BASIC or FORM authentication. The SSO entry will then be usable for reauthentication.

NOTE: Only updates the SSO entry if a call to SingleSignOnEntry.getCanReauthenticate() returns false; otherwise, it is assumed that the SSO entry already has sufficient information to allow reauthentication and that no update is needed.

Overrides:

update in class SingleSignOn

Parameters:

ssoId - identifier of Single sign to be updated

principal - the Principal returned by the latest call to Realm.authenticate.

authType - the type of authenticator used (BASIC, CLIENT-CERT, DIGEST or FORM)

username - the username (if any) used for the authentication

password - the password (if any) used for the authentication

updateLocal

protected void updateLocal(String ssoId,
                           Principal principal,
                           String authType,
                           String username,
                           String password)

removeSession

protected void removeSession(String ssoId,
                             Session session)

Remove a single Session from a SingleSignOn and notify the cluster of the removal. Called when a session is timed out and no longer active.

Overrides:

removeSession in class SingleSignOn

Parameters:

ssoId - Single sign on identifier from which to remove the session.

session - the session to be removed.

removeSessionLocal

protected void removeSessionLocal(String ssoId,
                                  Session session)