Index: AuthenticatorBase.java
===================================================================
RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
--- AuthenticatorBase.java 27 Feb 2004 14:58:41 -0000 1.17
+++ AuthenticatorBase.java 26 Apr 2004 04:43:07 -0000
@@ -760,31 +760,23 @@
boolean reauthenticated = false;
- SingleSignOnEntry entry = sso.lookup(ssoId);
- if (entry != null && entry.getCanReauthenticate()) {
- Principal reauthPrincipal = null;
Container parent = getContainer();
if (parent != null) {
- Realm realm = getContainer().getRealm();
- String username = entry.getUsername();
- if (realm != null && username != null) {
- reauthPrincipal =
- realm.authenticate(username, entry.getPassword());
+ Realm realm = parent.getRealm();
+ if (realm != null) {
+ reauthenticated = sso.reauthenticate(ssoId, realm, request);
}
}
- if (reauthPrincipal != null) {
+ if (reauthenticated) {
associate(ssoId, getSession(request, true));
- request.setAuthType(entry.getAuthType());
- request.setUserPrincipal(reauthPrincipal);
- reauthenticated = true;
if (log.isDebugEnabled()) {
+ HttpServletRequest hreq =
+ (HttpServletRequest) request.getRequest();
log.debug(" Reauthenticated cached principal '" +
- entry.getPrincipal().getName() +
- "' with auth type '" +
- entry.getAuthType() + "'");
- }
+ hreq.getUserPrincipal().getName() +
+ "' with auth type '" + hreq.getAuthType() + "'");
}
}
Index: SingleSignOn.java
===================================================================
RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java,v
--- SingleSignOn.java 27 Feb 2004 14:58:41 -0000 1.12
+++ SingleSignOn.java 26 Apr 2004 04:43:08 -0000
@@ -33,6 +33,7 @@
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Logger;
+import org.apache.catalina.Realm;
import org.apache.catalina.Request;
import org.apache.catalina.Response;
import org.apache.catalina.Session;
@@ -559,6 +560,55 @@
/**
+ * Attempts reauthentication to the given Realm
using
+ * the credentials associated with the single sign-on session
+ * identified by argument ssoId
.
+ *
+ * If reauthentication is successful, the Principal
and
+ * authorization type associated with the SSO session will be bound
+ * to the given HttpRequest
object via calls to
+ * {@link HttpRequest#setAuthType HttpRequest.setAuthType()} and
+ * {@link HttpRequest#setUserPrincipal HttpRequest.setUserPrincipal()}
+ *
true
if reauthentication was successful,
+ * false
otherwise.
+ */
+ protected boolean reauthenticate(String ssoId, Realm realm,
+ HttpRequest request) {
+
+ if (ssoId == null || realm == null)
+ return false;
+
+ boolean reauthenticated = false;
+
+ SingleSignOnEntry entry = lookup(ssoId);
+ if (entry != null && entry.getCanReauthenticate()) {
+
+ String username = entry.getUsername();
+ if (username != null) {
+ Principal reauthPrincipal =
+ realm.authenticate(username, entry.getPassword());
+ if (reauthPrincipal != null) {
+ reauthenticated = true;
+ // Bind the authorization credentials to the request
+ request.setAuthType(entry.getAuthType());
+ request.setUserPrincipal(reauthPrincipal);
+ }
+ }
+ }
+
+ return reauthenticated;
+ }
+
+
+ /**
* Register the specified Principal as being associated with the specified
* value for the single sign on identifier.
*
@@ -585,6 +635,47 @@
/**
+ * Updates any SingleSignOnEntry
found under key
+ * ssoId
with the given authentication data.
+ * + * The purpose of this method is to allow an SSO entry that was + * established without a username/password combination (i.e. established + * following DIGEST or CLIENT-CERT authentication) to be updated with + * a username and password if one becomes available through a subsequent + * BASIC or FORM authentication. The SSO entry will then be usable for + * reauthentication. + *
+ * NOTE: Only updates the SSO entry if a call to
+ * SingleSignOnEntry.getCanReauthenticate()
returns
+ * false
; otherwise, it is assumed that the SSO entry already
+ * has sufficient information to allow reauthentication and that no update
+ * is needed.
+ *
+ * @param ssoId identifier of Single sign to be updated
+ * @param principal the Principal
returned by the latest
+ * call to Realm.authenticate
.
+ * @param authType the type of authenticator used (BASIC, CLIENT-CERT,
+ * DIGEST or FORM)
+ * @param username the username (if any) used for the authentication
+ * @param password the password (if any) used for the authentication
+ */
+ protected void update(String ssoId, Principal principal, String authType,
+ String username, String password) {
+
+ SingleSignOnEntry sso = lookup(ssoId);
+ if (sso != null && !sso.getCanReauthenticate()) {
+ if (debug >= 1)
+ log("Update sso id " + ssoId + " to auth type " + authType);
+
+ synchronized(sso) {
+ sso.updateCredentials(principal, authType, username, password);
+ }
+
+ }
+ }
+
+
+ /**
* Log a message on the Logger associated with our Container (if any).
*
* @param message Message to be logged
@@ -633,6 +724,7 @@
}
+
//---------------------------------------------- Package-Protected Methods
@@ -669,45 +761,4 @@
}
}
-
- /**
- * Updates any SingleSignOnEntry
found under key
- * ssoId
with the given authentication data.
- *
- * The purpose of this method is to allow an SSO entry that was - * established without a username/password combination (i.e. established - * following DIGEST or CLIENT-CERT authentication) to be updated with - * a username and password if one becomes available through a subsequent - * BASIC or FORM authentication. The SSO entry will then be usable for - * reauthentication. - *
- * NOTE: Only updates the SSO entry if a call to
- * SingleSignOnEntry.getCanReauthenticate()
returns
- * false
; otherwise, it is assumed that the SSO entry already
- * has sufficient information to allow reauthentication and that no update
- * is needed.
- *
- * @param ssoId identifier of Single sign to be updated
- * @param principal the Principal
returned by the latest
- * call to Realm.authenticate
.
- * @param authType the type of authenticator used (BASIC, CLIENT-CERT,
- * DIGEST or FORM)
- * @param username the username (if any) used for the authentication
- * @param password the password (if any) used for the authentication
- */
- void update(String ssoId, Principal principal, String authType,
- String username, String password) {
-
- SingleSignOnEntry sso = lookup(ssoId);
- if (sso != null && !sso.getCanReauthenticate()) {
- if (debug >= 1)
- log("Update sso id " + ssoId + " to auth type " + authType);
-
- synchronized(sso) {
- sso.updateCredentials(principal, authType, username, password);
- }
-
- }
- }
-
}