Example 1 with TomcatPrincipal
use of org.apache.catalina.TomcatPrincipal in project tomcat by apache.
the class AuthenticatorBase method logout.
@Override
public void logout(Request request) {
AuthConfigProvider provider = getJaspicProvider();
if (provider != null) {
MessageInfo messageInfo = new MessageInfoImpl(request, request.getResponse(), true);
Subject client = (Subject) request.getNote(Constants.REQ_JASPIC_SUBJECT_NOTE);
if (client != null) {
ServerAuthContext serverAuthContext;
try {
ServerAuthConfig serverAuthConfig = provider.getServerAuthConfig("HttpServlet", jaspicAppContextID, getCallbackHandler());
String authContextID = serverAuthConfig.getAuthContextID(messageInfo);
serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null);
serverAuthContext.cleanSubject(messageInfo, client);
} catch (AuthException e) {
log.debug(sm.getString("authenticator.jaspicCleanSubjectFail"), e);
}
}
}
Principal p = request.getPrincipal();
if (p instanceof TomcatPrincipal) {
try {
((TomcatPrincipal) p).logout();
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
log.debug(sm.getString("authenticator.tomcatPrincipalLogoutFail"), t);
}
}
register(request, request.getResponse(), null, null, null, null);
}
Also used :
AuthConfigProvider(jakarta.security.auth.message.config.AuthConfigProvider)
MessageInfoImpl(org.apache.catalina.authenticator.jaspic.MessageInfoImpl)
AuthException(jakarta.security.auth.message.AuthException)
Subject(javax.security.auth.Subject)
ServerAuthConfig(jakarta.security.auth.message.config.ServerAuthConfig)
Principal(java.security.Principal)
TomcatPrincipal(org.apache.catalina.TomcatPrincipal)
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
MessageInfo(jakarta.security.auth.message.MessageInfo)
ServerAuthContext(jakarta.security.auth.message.config.ServerAuthContext)
TomcatPrincipal(org.apache.catalina.TomcatPrincipal)
Example 2 with TomcatPrincipal
use of org.apache.catalina.TomcatPrincipal in project tomcat by apache.
the class StandardSessionContext method expire.
/**
* Perform the internal processing required to invalidate this session,
* without triggering an exception if the session has already expired.
*
* @param notify Should we notify listeners about the demise of
* this session?
*/
public void expire(boolean notify) {
// isValid is false
if (!isValid)
return;
synchronized (this) {
// entered as per bug 56339
if (expiring || !isValid)
return;
if (manager == null)
return;
// Mark this session as "being expired"
expiring = true;
// Notify interested application event listeners
// FIXME - Assumes we call listeners in reverse order
Context context = manager.getContext();
// listeners
if (notify) {
ClassLoader oldContextClassLoader = null;
try {
oldContextClassLoader = context.bind(Globals.IS_SECURITY_ENABLED, null);
Object[] listeners = context.getApplicationLifecycleListeners();
if (listeners != null && listeners.length > 0) {
HttpSessionEvent event = new HttpSessionEvent(getSession());
for (int i = 0; i < listeners.length; i++) {
int j = (listeners.length - 1) - i;
if (!(listeners[j] instanceof HttpSessionListener))
continue;
HttpSessionListener listener = (HttpSessionListener) listeners[j];
try {
context.fireContainerEvent("beforeSessionDestroyed", listener);
listener.sessionDestroyed(event);
context.fireContainerEvent("afterSessionDestroyed", listener);
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
try {
context.fireContainerEvent("afterSessionDestroyed", listener);
} catch (Exception e) {
// Ignore
}
manager.getContext().getLogger().error(sm.getString("standardSession.sessionEvent"), t);
}
}
}
} finally {
context.unbind(Globals.IS_SECURITY_ENABLED, oldContextClassLoader);
}
}
if (ACTIVITY_CHECK) {
accessCount.set(0);
}
// Remove this session from our manager's active sessions
manager.remove(this, true);
// Notify interested session event listeners
if (notify) {
fireSessionEvent(Session.SESSION_DESTROYED_EVENT, null);
}
// Call the logout method
if (principal instanceof TomcatPrincipal) {
TomcatPrincipal gp = (TomcatPrincipal) principal;
try {
gp.logout();
} catch (Exception e) {
manager.getContext().getLogger().error(sm.getString("standardSession.logoutfail"), e);
}
}
// We have completed expire of this session
setValid(false);
expiring = false;
// Unbind any objects associated with this session
String[] keys = keys();
ClassLoader oldContextClassLoader = null;
try {
oldContextClassLoader = context.bind(Globals.IS_SECURITY_ENABLED, null);
for (int i = 0; i < keys.length; i++) {
removeAttributeInternal(keys[i], notify);
}
} finally {
context.unbind(Globals.IS_SECURITY_ENABLED, oldContextClassLoader);
}
}
}
Also used :
Context(org.apache.catalina.Context)
ServletContext(javax.servlet.ServletContext)
HttpSessionListener(javax.servlet.http.HttpSessionListener)
HttpSessionEvent(javax.servlet.http.HttpSessionEvent)
IOException(java.io.IOException)
NotSerializableException(java.io.NotSerializableException)
WriteAbortedException(java.io.WriteAbortedException)
TomcatPrincipal(org.apache.catalina.TomcatPrincipal)
Example 3 with TomcatPrincipal
use of org.apache.catalina.TomcatPrincipal in project tomcat by apache.
the class StandardSession method expire.
/**
* Perform the internal processing required to invalidate this session,
* without triggering an exception if the session has already expired.
*
* @param notify Should we notify listeners about the demise of
* this session?
*/
public void expire(boolean notify) {
// isValid is false
if (!isValid) {
return;
}
synchronized (this) {
// entered as per bug 56339
if (expiring || !isValid) {
return;
}
if (manager == null) {
return;
}
// Mark this session as "being expired"
expiring = true;
// Notify interested application event listeners
// FIXME - Assumes we call listeners in reverse order
Context context = manager.getContext();
// listeners
if (notify) {
ClassLoader oldContextClassLoader = null;
try {
oldContextClassLoader = context.bind(Globals.IS_SECURITY_ENABLED, null);
Object[] listeners = context.getApplicationLifecycleListeners();
if (listeners != null && listeners.length > 0) {
HttpSessionEvent event = new HttpSessionEvent(getSession());
for (int i = 0; i < listeners.length; i++) {
int j = (listeners.length - 1) - i;
if (!(listeners[j] instanceof HttpSessionListener)) {
continue;
}
HttpSessionListener listener = (HttpSessionListener) listeners[j];
try {
context.fireContainerEvent("beforeSessionDestroyed", listener);
listener.sessionDestroyed(event);
context.fireContainerEvent("afterSessionDestroyed", listener);
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
try {
context.fireContainerEvent("afterSessionDestroyed", listener);
} catch (Exception e) {
// Ignore
}
manager.getContext().getLogger().error(sm.getString("standardSession.sessionEvent"), t);
}
}
}
} finally {
context.unbind(Globals.IS_SECURITY_ENABLED, oldContextClassLoader);
}
}
if (activityCheck) {
accessCount.set(0);
}
// Remove this session from our manager's active sessions
manager.remove(this, true);
// Notify interested session event listeners
if (notify) {
fireSessionEvent(Session.SESSION_DESTROYED_EVENT, null);
}
// Call the logout method
if (principal instanceof TomcatPrincipal) {
TomcatPrincipal gp = (TomcatPrincipal) principal;
try {
gp.logout();
} catch (Exception e) {
manager.getContext().getLogger().error(sm.getString("standardSession.logoutfail"), e);
}
}
// We have completed expire of this session
setValid(false);
expiring = false;
// Unbind any objects associated with this session
String[] keys = keys();
ClassLoader oldContextClassLoader = null;
try {
oldContextClassLoader = context.bind(Globals.IS_SECURITY_ENABLED, null);
for (String key : keys) {
removeAttributeInternal(key, notify);
}
} finally {
context.unbind(Globals.IS_SECURITY_ENABLED, oldContextClassLoader);
}
}
}
Also used :
Context(org.apache.catalina.Context)
ServletContext(jakarta.servlet.ServletContext)
HttpSessionListener(jakarta.servlet.http.HttpSessionListener)
HttpSessionEvent(jakarta.servlet.http.HttpSessionEvent)
IOException(java.io.IOException)
NotSerializableException(java.io.NotSerializableException)
ObjectStreamException(java.io.ObjectStreamException)
WriteAbortedException(java.io.WriteAbortedException)
TomcatPrincipal(org.apache.catalina.TomcatPrincipal)
Aggregations
TomcatPrincipal (org.apache.catalina.TomcatPrincipal)3
IOException (java.io.IOException)2
NotSerializableException (java.io.NotSerializableException)2
WriteAbortedException (java.io.WriteAbortedException)2
Context (org.apache.catalina.Context)2
AuthException (jakarta.security.auth.message.AuthException)1
MessageInfo (jakarta.security.auth.message.MessageInfo)1
AuthConfigProvider (jakarta.security.auth.message.config.AuthConfigProvider)1
ServerAuthConfig (jakarta.security.auth.message.config.ServerAuthConfig)1
ServerAuthContext (jakarta.security.auth.message.config.ServerAuthContext)1
ServletContext (jakarta.servlet.ServletContext)1
HttpSessionEvent (jakarta.servlet.http.HttpSessionEvent)1
HttpSessionListener (jakarta.servlet.http.HttpSessionListener)1
ObjectStreamException (java.io.ObjectStreamException)1
Principal (java.security.Principal)1
Subject (javax.security.auth.Subject)1
ServletContext (javax.servlet.ServletContext)1
HttpSessionEvent (javax.servlet.http.HttpSessionEvent)1
HttpSessionListener (javax.servlet.http.HttpSessionListener)1
MessageInfoImpl (org.apache.catalina.authenticator.jaspic.MessageInfoImpl)1
