ASF Bugzilla – Attachment 11330 Details for
Bug 28286
Loosely couple SingleSignOn Valve and Authenticators
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to allow subclassing
diff (text/plain), 8.95 KB, created by
Brian Stansberry
on 2004-04-26 05:49:01 UTC
(
hide
)
Description:
Patch to allow subclassing
Filename:
MIME Type:
Creator:
Brian Stansberry
Created:
2004-04-26 05:49:01 UTC
Size:
8.95 KB
patch
obsolete
>Index: AuthenticatorBase.java >=================================================================== >RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v >retrieving revision 1.17 >diff -u -w -b -r1.17 AuthenticatorBase.java >--- AuthenticatorBase.java 27 Feb 2004 14:58:41 -0000 1.17 >+++ AuthenticatorBase.java 26 Apr 2004 04:43:07 -0000 >@@ -760,31 +760,23 @@ > > boolean reauthenticated = false; > >- SingleSignOnEntry entry = sso.lookup(ssoId); >- if (entry != null && entry.getCanReauthenticate()) { >- Principal reauthPrincipal = null; > Container parent = getContainer(); > if (parent != null) { >- Realm realm = getContainer().getRealm(); >- String username = entry.getUsername(); >- if (realm != null && username != null) { >- reauthPrincipal = >- realm.authenticate(username, entry.getPassword()); >+ Realm realm = parent.getRealm(); >+ if (realm != null) { >+ reauthenticated = sso.reauthenticate(ssoId, realm, request); > } > } > >- if (reauthPrincipal != null) { >+ if (reauthenticated) { > associate(ssoId, getSession(request, true)); >- request.setAuthType(entry.getAuthType()); >- request.setUserPrincipal(reauthPrincipal); > >- reauthenticated = true; > if (log.isDebugEnabled()) { >+ HttpServletRequest hreq = >+ (HttpServletRequest) request.getRequest(); > log.debug(" Reauthenticated cached principal '" + >- entry.getPrincipal().getName() + >- "' with auth type '" + >- entry.getAuthType() + "'"); >- } >+ hreq.getUserPrincipal().getName() + >+ "' with auth type '" + hreq.getAuthType() + "'"); > } > } > >Index: SingleSignOn.java >=================================================================== >RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java,v >retrieving revision 1.12 >diff -u -w -b -r1.12 SingleSignOn.java >--- SingleSignOn.java 27 Feb 2004 14:58:41 -0000 1.12 >+++ SingleSignOn.java 26 Apr 2004 04:43:08 -0000 >@@ -33,6 +33,7 @@ > import org.apache.catalina.LifecycleException; > import org.apache.catalina.LifecycleListener; > import org.apache.catalina.Logger; >+import org.apache.catalina.Realm; > import org.apache.catalina.Request; > import org.apache.catalina.Response; > import org.apache.catalina.Session; >@@ -559,6 +560,55 @@ > > > /** >+ * Attempts reauthentication to the given <code>Realm</code> using >+ * the credentials associated with the single sign-on session >+ * identified by argument <code>ssoId</code>. >+ * <p> >+ * If reauthentication is successful, the <code>Principal</code> and >+ * authorization type associated with the SSO session will be bound >+ * to the given <code>HttpRequest</code> object via calls to >+ * {@link HttpRequest#setAuthType HttpRequest.setAuthType()} and >+ * {@link HttpRequest#setUserPrincipal HttpRequest.setUserPrincipal()} >+ * </p> >+ * >+ * @param ssoId identifier of SingleSignOn session with which the >+ * caller is associated >+ * @param realm Realm implementation against which the caller is to >+ * be authenticated >+ * @param request the request that needs to be authenticated >+ * >+ * @return <code>true</code> if reauthentication was successful, >+ * <code>false</code> otherwise. >+ */ >+ protected boolean reauthenticate(String ssoId, Realm realm, >+ HttpRequest request) { >+ >+ if (ssoId == null || realm == null) >+ return false; >+ >+ boolean reauthenticated = false; >+ >+ SingleSignOnEntry entry = lookup(ssoId); >+ if (entry != null && entry.getCanReauthenticate()) { >+ >+ String username = entry.getUsername(); >+ if (username != null) { >+ Principal reauthPrincipal = >+ realm.authenticate(username, entry.getPassword()); >+ if (reauthPrincipal != null) { >+ reauthenticated = true; >+ // Bind the authorization credentials to the request >+ request.setAuthType(entry.getAuthType()); >+ request.setUserPrincipal(reauthPrincipal); >+ } >+ } >+ } >+ >+ return reauthenticated; >+ } >+ >+ >+ /** > * Register the specified Principal as being associated with the specified > * value for the single sign on identifier. > * >@@ -585,6 +635,47 @@ > > > /** >+ * Updates any <code>SingleSignOnEntry</code> found under key >+ * <code>ssoId</code> with the given authentication data. >+ * <p> >+ * The purpose of this method is to allow an SSO entry that was >+ * established without a username/password combination (i.e. established >+ * following DIGEST or CLIENT-CERT authentication) to be updated with >+ * a username and password if one becomes available through a subsequent >+ * BASIC or FORM authentication. The SSO entry will then be usable for >+ * reauthentication. >+ * <p> >+ * <b>NOTE:</b> Only updates the SSO entry if a call to >+ * <code>SingleSignOnEntry.getCanReauthenticate()</code> returns >+ * <code>false</code>; otherwise, it is assumed that the SSO entry already >+ * has sufficient information to allow reauthentication and that no update >+ * is needed. >+ * >+ * @param ssoId identifier of Single sign to be updated >+ * @param principal the <code>Principal</code> returned by the latest >+ * call to <code>Realm.authenticate</code>. >+ * @param authType the type of authenticator used (BASIC, CLIENT-CERT, >+ * DIGEST or FORM) >+ * @param username the username (if any) used for the authentication >+ * @param password the password (if any) used for the authentication >+ */ >+ protected void update(String ssoId, Principal principal, String authType, >+ String username, String password) { >+ >+ SingleSignOnEntry sso = lookup(ssoId); >+ if (sso != null && !sso.getCanReauthenticate()) { >+ if (debug >= 1) >+ log("Update sso id " + ssoId + " to auth type " + authType); >+ >+ synchronized(sso) { >+ sso.updateCredentials(principal, authType, username, password); >+ } >+ >+ } >+ } >+ >+ >+ /** > * Log a message on the Logger associated with our Container (if any). > * > * @param message Message to be logged >@@ -633,6 +724,7 @@ > > } > >+ > //---------------------------------------------- Package-Protected Methods > > >@@ -669,45 +761,4 @@ > } > } > >- >- /** >- * Updates any <code>SingleSignOnEntry</code> found under key >- * <code>ssoId</code> with the given authentication data. >- * <p> >- * The purpose of this method is to allow an SSO entry that was >- * established without a username/password combination (i.e. established >- * following DIGEST or CLIENT-CERT authentication) to be updated with >- * a username and password if one becomes available through a subsequent >- * BASIC or FORM authentication. The SSO entry will then be usable for >- * reauthentication. >- * <p> >- * <b>NOTE:</b> Only updates the SSO entry if a call to >- * <code>SingleSignOnEntry.getCanReauthenticate()</code> returns >- * <code>false</code>; otherwise, it is assumed that the SSO entry already >- * has sufficient information to allow reauthentication and that no update >- * is needed. >- * >- * @param ssoId identifier of Single sign to be updated >- * @param principal the <code>Principal</code> returned by the latest >- * call to <code>Realm.authenticate</code>. >- * @param authType the type of authenticator used (BASIC, CLIENT-CERT, >- * DIGEST or FORM) >- * @param username the username (if any) used for the authentication >- * @param password the password (if any) used for the authentication >- */ >- void update(String ssoId, Principal principal, String authType, >- String username, String password) { >- >- SingleSignOnEntry sso = lookup(ssoId); >- if (sso != null && !sso.getCanReauthenticate()) { >- if (debug >= 1) >- log("Update sso id " + ssoId + " to auth type " + authType); >- >- synchronized(sso) { >- sso.updateCredentials(principal, authType, username, password); >- } >- >- } >- } >- > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 28286
:
11188
| 11330 |
11566