org.apache.catalina.ha.authenticator

Class ClusterSingleSignOn

public class ClusterSingleSignOn extends SingleSignOn

A Valve that supports a "single sign on" user experience on each nodes of a cluster, where the security identity of a user who successfully authenticates to one web application is propogated to other web applications and to other nodes cluster in the same security domain. For successful use, the following requirements must be met:

Author: Fabien Carrion

Field Summary
protected static Stringinfo
Descriptive information about this Valve implementation.
protected intmessageNumber
Method Summary
protected voidassociate(String ssoId, Session session)
Notify the cluster of the addition of a Session to an SSO session and associate the specified single sign on identifier with the specified Session on the local node.
protected voidassociateLocal(String ssoId, Session session)
protected voidderegister(String ssoId, Session session)
Notify the cluster of the removal of a Session from an SSO session and deregister the specified session.
protected voidderegister(String ssoId)
Notifies the cluster that a single sign on session has been terminated due to a user logout, deregister the specified single sign on identifier, and invalidate any associated sessions on the local node.
protected voidderegisterLocal(String ssoId, Session session)
protected voidderegisterLocal(String ssoId)
CatalinaClustergetCluster()
StringgetInfo()
Return descriptive information about this Valve implementation.
protected voidregister(String ssoId, Principal principal, String authType, String username, String password)
Notifies the cluster of the creation of a new SSO entry and register the specified Principal as being associated with the specified value for the single sign on identifier.
protected voidregisterLocal(String ssoId, Principal principal, String authType, String username, String password)
protected voidremoveSession(String ssoId, Session session)
Remove a single Session from a SingleSignOn and notify the cluster of the removal.
protected voidremoveSessionLocal(String ssoId, Session session)
voidsetCluster(CatalinaCluster cluster)
voidstart()
Prepare for the beginning of active use of the public methods of this component.
voidstop()
Gracefully terminate the active use of the public methods of this component.
StringtoString()
Return a String rendering of this object.
protected voidupdate(String ssoId, Principal principal, String authType, String username, String password)
Notifies the cluster of an update of the security credentials associated with an SSO session.
protected voidupdateLocal(String ssoId, Principal principal, String authType, String username, String password)

Field Detail

info

protected static String info
Descriptive information about this Valve implementation.

messageNumber

protected int messageNumber

Method Detail

associate

protected void associate(String ssoId, Session session)
Notify the cluster of the addition of a Session to an SSO session and associate the specified single sign on identifier with the specified Session on the local node.

Parameters: ssoId Single sign on identifier session Session to be associated

associateLocal

protected void associateLocal(String ssoId, Session session)

deregister

protected void deregister(String ssoId, Session session)
Notify the cluster of the removal of a Session from an SSO session and deregister the specified session. If it is the last session, then also get rid of the single sign on identifier on the local node.

Parameters: ssoId Single sign on identifier session Session to be deregistered

deregister

protected void deregister(String ssoId)
Notifies the cluster that a single sign on session has been terminated due to a user logout, deregister the specified single sign on identifier, and invalidate any associated sessions on the local node.

Parameters: ssoId Single sign on identifier to deregister

deregisterLocal

protected void deregisterLocal(String ssoId, Session session)

deregisterLocal

protected void deregisterLocal(String ssoId)

getCluster

public CatalinaCluster getCluster()

getInfo

public String getInfo()
Return descriptive information about this Valve implementation.

register

protected void register(String ssoId, Principal principal, String authType, String username, String password)
Notifies the cluster of the creation of a new SSO entry and register the specified Principal as being associated with the specified value for the single sign on identifier.

Parameters: ssoId Single sign on identifier to register principal Associated user principal that is identified authType Authentication type used to authenticate this user principal username Username used to authenticate this user password Password used to authenticate this user

registerLocal

protected void registerLocal(String ssoId, Principal principal, String authType, String username, String password)

removeSession

protected void removeSession(String ssoId, Session session)
Remove a single Session from a SingleSignOn and notify the cluster of the removal. Called when a session is timed out and no longer active.

Parameters: ssoId Single sign on identifier from which to remove the session. session the session to be removed.

removeSessionLocal

protected void removeSessionLocal(String ssoId, Session session)

setCluster

public void setCluster(CatalinaCluster cluster)

start

public void start()
Prepare for the beginning of active use of the public methods of this component. This method should be called after configure(), and before any of the public methods of the component are utilized.

Throws: LifecycleException if this component detects a fatal error that prevents this component from being used

stop

public void stop()
Gracefully terminate the active use of the public methods of this component. This method should be the last one called on a given instance of this component.

Throws: LifecycleException if this component detects a fatal error that needs to be reported

toString

public String toString()
Return a String rendering of this object.

update

protected void update(String ssoId, Principal principal, String authType, String username, String password)
Notifies the cluster of an update of the security credentials associated with an SSO session. Updates any SingleSignOnEntry found under key ssoId with the given authentication data.

The purpose of this method is to allow an SSO entry that was established without a username/password combination (i.e. established following DIGEST or CLIENT-CERT authentication) to be updated with a username and password if one becomes available through a subsequent BASIC or FORM authentication. The SSO entry will then be usable for reauthentication.

NOTE: Only updates the SSO entry if a call to SingleSignOnEntry.getCanReauthenticate() returns false; otherwise, it is assumed that the SSO entry already has sufficient information to allow reauthentication and that no update is needed.

Parameters: ssoId identifier of Single sign to be updated principal the Principal returned by the latest call to Realm.authenticate. authType the type of authenticator used (BASIC, CLIENT-CERT, DIGEST or FORM) username the username (if any) used for the authentication password the password (if any) used for the authentication

updateLocal

protected void updateLocal(String ssoId, Principal principal, String authType, String username, String password)
Copyright © 2000-2011 Apache Software Foundation. All Rights Reserved.