Index: AuthenticatorBase.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v --- AuthenticatorBase.java 27 Feb 2004 14:58:41 -0000 1.17 +++ AuthenticatorBase.java 26 Apr 2004 04:43:07 -0000 @@ -760,31 +760,23 @@ boolean reauthenticated = false; - SingleSignOnEntry entry = sso.lookup(ssoId); - if (entry != null && entry.getCanReauthenticate()) { - Principal reauthPrincipal = null; Container parent = getContainer(); if (parent != null) { - Realm realm = getContainer().getRealm(); - String username = entry.getUsername(); - if (realm != null && username != null) { - reauthPrincipal = - realm.authenticate(username, entry.getPassword()); + Realm realm = parent.getRealm(); + if (realm != null) { + reauthenticated = sso.reauthenticate(ssoId, realm, request); } } - if (reauthPrincipal != null) { + if (reauthenticated) { associate(ssoId, getSession(request, true)); - request.setAuthType(entry.getAuthType()); - request.setUserPrincipal(reauthPrincipal); - reauthenticated = true; if (log.isDebugEnabled()) { + HttpServletRequest hreq = + (HttpServletRequest) request.getRequest(); log.debug(" Reauthenticated cached principal '" + - entry.getPrincipal().getName() + - "' with auth type '" + - entry.getAuthType() + "'"); - } + hreq.getUserPrincipal().getName() + + "' with auth type '" + hreq.getAuthType() + "'"); } } Index: SingleSignOn.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java,v --- SingleSignOn.java 27 Feb 2004 14:58:41 -0000 1.12 +++ SingleSignOn.java 26 Apr 2004 04:43:08 -0000 @@ -33,6 +33,7 @@ import org.apache.catalina.LifecycleException; import org.apache.catalina.LifecycleListener; import org.apache.catalina.Logger; +import org.apache.catalina.Realm; import org.apache.catalina.Request; import org.apache.catalina.Response; import org.apache.catalina.Session; @@ -559,6 +560,55 @@ /** + * Attempts reauthentication to the given Realm using + * the credentials associated with the single sign-on session + * identified by argument ssoId. + *

+ * If reauthentication is successful, the Principal and + * authorization type associated with the SSO session will be bound + * to the given HttpRequest object via calls to + * {@link HttpRequest#setAuthType HttpRequest.setAuthType()} and + * {@link HttpRequest#setUserPrincipal HttpRequest.setUserPrincipal()} + *

+ * + * @param ssoId identifier of SingleSignOn session with which the + * caller is associated + * @param realm Realm implementation against which the caller is to + * be authenticated + * @param request the request that needs to be authenticated + * + * @return true if reauthentication was successful, + * false otherwise. + */ + protected boolean reauthenticate(String ssoId, Realm realm, + HttpRequest request) { + + if (ssoId == null || realm == null) + return false; + + boolean reauthenticated = false; + + SingleSignOnEntry entry = lookup(ssoId); + if (entry != null && entry.getCanReauthenticate()) { + + String username = entry.getUsername(); + if (username != null) { + Principal reauthPrincipal = + realm.authenticate(username, entry.getPassword()); + if (reauthPrincipal != null) { + reauthenticated = true; + // Bind the authorization credentials to the request + request.setAuthType(entry.getAuthType()); + request.setUserPrincipal(reauthPrincipal); + } + } + } + + return reauthenticated; + } + + + /** * Register the specified Principal as being associated with the specified * value for the single sign on identifier. * @@ -585,6 +635,47 @@ /** + * Updates any SingleSignOnEntry found under key + * ssoId with the given authentication data. + *

+ * The purpose of this method is to allow an SSO entry that was + * established without a username/password combination (i.e. established + * following DIGEST or CLIENT-CERT authentication) to be updated with + * a username and password if one becomes available through a subsequent + * BASIC or FORM authentication. The SSO entry will then be usable for + * reauthentication. + *

+ * NOTE: Only updates the SSO entry if a call to + * SingleSignOnEntry.getCanReauthenticate() returns + * false; otherwise, it is assumed that the SSO entry already + * has sufficient information to allow reauthentication and that no update + * is needed. + * + * @param ssoId identifier of Single sign to be updated + * @param principal the Principal returned by the latest + * call to Realm.authenticate. + * @param authType the type of authenticator used (BASIC, CLIENT-CERT, + * DIGEST or FORM) + * @param username the username (if any) used for the authentication + * @param password the password (if any) used for the authentication + */ + protected void update(String ssoId, Principal principal, String authType, + String username, String password) { + + SingleSignOnEntry sso = lookup(ssoId); + if (sso != null && !sso.getCanReauthenticate()) { + if (debug >= 1) + log("Update sso id " + ssoId + " to auth type " + authType); + + synchronized(sso) { + sso.updateCredentials(principal, authType, username, password); + } + + } + } + + + /** * Log a message on the Logger associated with our Container (if any). * * @param message Message to be logged @@ -633,6 +724,7 @@ } + //---------------------------------------------- Package-Protected Methods @@ -669,45 +761,4 @@ } } - - /** - * Updates any SingleSignOnEntry found under key - * ssoId with the given authentication data. - *

- * The purpose of this method is to allow an SSO entry that was - * established without a username/password combination (i.e. established - * following DIGEST or CLIENT-CERT authentication) to be updated with - * a username and password if one becomes available through a subsequent - * BASIC or FORM authentication. The SSO entry will then be usable for - * reauthentication. - *

- * NOTE: Only updates the SSO entry if a call to - * SingleSignOnEntry.getCanReauthenticate() returns - * false; otherwise, it is assumed that the SSO entry already - * has sufficient information to allow reauthentication and that no update - * is needed. - * - * @param ssoId identifier of Single sign to be updated - * @param principal the Principal returned by the latest - * call to Realm.authenticate. - * @param authType the type of authenticator used (BASIC, CLIENT-CERT, - * DIGEST or FORM) - * @param username the username (if any) used for the authentication - * @param password the password (if any) used for the authentication - */ - void update(String ssoId, Principal principal, String authType, - String username, String password) { - - SingleSignOnEntry sso = lookup(ssoId); - if (sso != null && !sso.getCanReauthenticate()) { - if (debug >= 1) - log("Update sso id " + ssoId + " to auth type " + authType); - - synchronized(sso) { - sso.updateCredentials(principal, authType, username, password); - } - - } - } - }