|
Apache Tomcat 7.0.28 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.catalina.util.LifecycleBase org.apache.catalina.util.LifecycleMBeanBase org.apache.catalina.valves.ValveBase org.apache.catalina.authenticator.SingleSignOn org.apache.catalina.ha.authenticator.ClusterSingleSignOn
public class ClusterSingleSignOn
A Valve that supports a "single sign on" user experience on each nodes of a cluster, where the security identity of a user who successfully authenticates to one web application is propagated to other web applications and to other nodes cluster in the same security domain. For successful use, the following requirements must be met:
Host
).Realm
that contains the shared user and role
information must be configured on the same Container (or a higher
one), and not overridden at the web application level.org.apache.catalina.authenticator
package.
Field Summary | |
---|---|
protected static String |
info
Descriptive information about this Valve implementation. |
protected int |
messageNumber
|
Fields inherited from class org.apache.catalina.authenticator.SingleSignOn |
---|
cache, reverse, sm |
Fields inherited from class org.apache.catalina.valves.ValveBase |
---|
asyncSupported, container, containerLog, next |
Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase |
---|
mserver |
Fields inherited from interface org.apache.catalina.Lifecycle |
---|
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT |
Constructor Summary | |
---|---|
ClusterSingleSignOn()
|
Method Summary | |
---|---|
protected void |
associate(String ssoId,
Session session)
Notify the cluster of the addition of a Session to an SSO session and associate the specified single sign on identifier with the specified Session on the local node. |
protected void |
associateLocal(String ssoId,
Session session)
|
protected void |
deregister(String ssoId)
Notifies the cluster that a single sign on session has been terminated due to a user logout, deregister the specified single sign on identifier, and invalidate any associated sessions on the local node. |
protected void |
deregister(String ssoId,
Session session)
Notify the cluster of the removal of a Session from an SSO session and deregister the specified session. |
protected void |
deregisterLocal(String ssoId)
|
protected void |
deregisterLocal(String ssoId,
Session session)
|
CatalinaCluster |
getCluster()
|
String |
getInfo()
Return descriptive information about this Valve implementation. |
protected void |
register(String ssoId,
Principal principal,
String authType,
String username,
String password)
Notifies the cluster of the creation of a new SSO entry and register the specified Principal as being associated with the specified value for the single sign on identifier. |
protected void |
registerLocal(String ssoId,
Principal principal,
String authType,
String username,
String password)
|
protected void |
removeSession(String ssoId,
Session session)
Remove a single Session from a SingleSignOn and notify the cluster of the removal. |
protected void |
removeSessionLocal(String ssoId,
Session session)
|
void |
setCluster(CatalinaCluster cluster)
|
protected void |
startInternal()
Start this component and implement the requirements of LifecycleBase.startInternal() . |
protected void |
stopInternal()
Stop this component and implement the requirements of LifecycleBase.stopInternal() . |
protected void |
update(String ssoId,
Principal principal,
String authType,
String username,
String password)
Notifies the cluster of an update of the security credentials associated with an SSO session. |
protected void |
updateLocal(String ssoId,
Principal principal,
String authType,
String username,
String password)
|
Methods inherited from class org.apache.catalina.authenticator.SingleSignOn |
---|
getCookieDomain, getRequireReauthentication, invoke, lookup, reauthenticate, sessionEvent, setCookieDomain, setRequireReauthentication |
Methods inherited from class org.apache.catalina.valves.ValveBase |
---|
backgroundProcess, event, getContainer, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setContainer, setNext, toString |
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase |
---|
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister |
Methods inherited from class org.apache.catalina.util.LifecycleBase |
---|
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
protected static final String info
protected int messageNumber
Constructor Detail |
---|
public ClusterSingleSignOn()
Method Detail |
---|
public String getInfo()
getInfo
in interface Valve
getInfo
in class SingleSignOn
public CatalinaCluster getCluster()
public void setCluster(CatalinaCluster cluster)
protected void startInternal() throws LifecycleException
LifecycleBase.startInternal()
.
startInternal
in class ValveBase
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedprotected void stopInternal() throws LifecycleException
LifecycleBase.stopInternal()
.
stopInternal
in class ValveBase
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedprotected void associate(String ssoId, Session session)
associate
in class SingleSignOn
ssoId
- Single sign on identifiersession
- Session to be associatedprotected void associateLocal(String ssoId, Session session)
protected void deregister(String ssoId, Session session)
deregister
in class SingleSignOn
ssoId
- Single sign on identifiersession
- Session to be deregisteredprotected void deregisterLocal(String ssoId, Session session)
protected void deregister(String ssoId)
deregister
in class SingleSignOn
ssoId
- Single sign on identifier to deregisterprotected void deregisterLocal(String ssoId)
protected void register(String ssoId, Principal principal, String authType, String username, String password)
register
in class SingleSignOn
ssoId
- Single sign on identifier to registerprincipal
- Associated user principal that is identifiedauthType
- Authentication type used to authenticate this
user principalusername
- Username used to authenticate this userpassword
- Password used to authenticate this userprotected void registerLocal(String ssoId, Principal principal, String authType, String username, String password)
protected void update(String ssoId, Principal principal, String authType, String username, String password)
SingleSignOnEntry
found under key ssoId
with the given authentication data.
The purpose of this method is to allow an SSO entry that was established without a username/password combination (i.e. established following DIGEST or CLIENT-CERT authentication) to be updated with a username and password if one becomes available through a subsequent BASIC or FORM authentication. The SSO entry will then be usable for reauthentication.
NOTE: Only updates the SSO entry if a call to
SingleSignOnEntry.getCanReauthenticate()
returns
false
; otherwise, it is assumed that the SSO entry already
has sufficient information to allow reauthentication and that no update
is needed.
update
in class SingleSignOn
ssoId
- identifier of Single sign to be updatedprincipal
- the Principal
returned by the latest
call to Realm.authenticate
.authType
- the type of authenticator used (BASIC, CLIENT-CERT,
DIGEST or FORM)username
- the username (if any) used for the authenticationpassword
- the password (if any) used for the authenticationprotected void updateLocal(String ssoId, Principal principal, String authType, String username, String password)
protected void removeSession(String ssoId, Session session)
removeSession
in class SingleSignOn
ssoId
- Single sign on identifier from which to remove the session.session
- the session to be removed.protected void removeSessionLocal(String ssoId, Session session)
|
Apache Tomcat 7.0.28 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |