use of org.apache.catalina.authenticator.SingleSignOnEntry in project tomcat by apache.
the class ClusterSingleSignOn method startInternal.
// ------------------------------------------------------- Lifecycle Methods
/**
* Start this component and implement the requirements
* of {@link org.apache.catalina.util.LifecycleBase#startInternal()}.
*
* @exception LifecycleException if this component detects a fatal error
* that prevents this component from being used
*/
@Override
protected synchronized void startInternal() throws LifecycleException {
// Load the cluster component, if any
try {
if (cluster == null) {
Container host = getContainer();
if (host instanceof Host) {
if (host.getCluster() instanceof CatalinaCluster) {
setCluster((CatalinaCluster) host.getCluster());
}
}
}
if (cluster == null) {
throw new LifecycleException(sm.getString("clusterSingleSignOn.nocluster"));
}
ClassLoader[] cls = new ClassLoader[] { this.getClass().getClassLoader() };
ReplicatedMap<String, SingleSignOnEntry> cache = new ReplicatedMap<>(this, cluster.getChannel(), rpcTimeout, cluster.getClusterName() + "-SSO-cache", cls, terminateOnStartFailure);
cache.setChannelSendOptions(mapSendOptions);
cache.setAccessTimeout(accessTimeout);
this.cache = cache;
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
throw new LifecycleException(sm.getString("clusterSingleSignOn.clusterLoad.fail"), t);
}
super.startInternal();
}
use of org.apache.catalina.authenticator.SingleSignOnEntry in project Payara by payara.
the class GlassFishSingleSignOn method invoke.
// ---------------------------------------------------------- Valve Methods
/**
* Perform single-sign-on support processing for this request.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
*
* @return the valve flag
*/
// START OF IASRI 4665318
@Override
public int invoke(final Request request, final Response response) {
// END OF IASRI 4665318
// If this is not an HTTP request and response, just pass them on
/*
* GlassFish 6386229 if (!(request instanceof HttpRequest) || !(response instanceof HttpResponse)) { // START OF IASRI
* 4665318 // context.invokeNext(request, response); // return; return INVOKE_NEXT; // END OF IASRI 4665318 }
*/
HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
HttpServletResponse hres = (HttpServletResponse) response.getResponse();
request.removeNote(Constants.REQ_SSOID_NOTE);
request.removeNote(Constants.REQ_SSO_VERSION_NOTE);
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.REQUEST_PROCESSED, hreq.getRequestURI());
}
if (hreq.getUserPrincipal() != null) {
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.PRINCIPAL_ALREADY_AUTHENTICATED, hreq.getUserPrincipal().getName());
}
// return;
return INVOKE_NEXT;
// END OF IASRI 4665318
}
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.CHECKING_SSO_COOKIE);
}
final Cookie[] cookies = hreq.getCookies();
if (cookies == null) {
return INVOKE_NEXT;
}
Cookie cookie = null;
Cookie versionCookie = null;
for (Cookie c : cookies) {
if (Constants.SINGLE_SIGN_ON_COOKIE.equals(c.getName())) {
cookie = c;
} else if (Constants.SINGLE_SIGN_ON_VERSION_COOKIE.equals(c.getName())) {
versionCookie = c;
}
if (cookie != null && versionCookie != null) {
break;
}
}
if (cookie == null) {
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.SSO_COOKIE_NOT_PRESENT);
}
// return;
return INVOKE_NEXT;
// END OF IASRI 4665318
}
// Get the realm associated with the app of this request.
// If there is no realm available, do not process SSO.
Realm realm = request.getContext().getRealm();
if (realm == null) {
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.NO_REALM_CONFIGURED);
}
// return;
return INVOKE_NEXT;
// END OF IASRI 4665318
}
String realmName = realm.getRealmName();
if (realmName == null) {
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.NO_REALM_CONFIGURED);
}
// return;
return INVOKE_NEXT;
// END OF IASRI 4665318
}
if (debug >= 1) {
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.APP_REALM);
}
}
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.CHECKING_CACHED_PRINCIPAL);
}
long version = 0;
if (isVersioningSupported() && versionCookie != null) {
version = Long.parseLong(versionCookie.getValue());
}
SingleSignOnEntry entry = lookup(cookie.getValue(), version);
if (entry != null) {
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.FOUND_CACHED_PRINCIPAL, new Object[] { entry.getPrincipal().getName(), entry.getAuthType(), entry.getRealmName() });
}
// only use this SSO identity if it was set in the same realm
if (entry.getRealmName().equals(realmName)) {
request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
((HttpRequest) request).setAuthType(entry.getAuthType());
((HttpRequest) request).setUserPrincipal(entry.getPrincipal());
// Touch the SSO entry access time
entry.setLastAccessTime(System.currentTimeMillis());
if (isVersioningSupported()) {
long ver = entry.incrementAndGetVersion();
request.setNote(Constants.REQ_SSO_VERSION_NOTE, Long.valueOf(ver));
}
// update hit atomic counter
hitCount.incrementAndGet();
} else {
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.IGNORING_SSO, realmName);
}
// consider this a cache miss, update atomic counter
missCount.incrementAndGet();
}
} else {
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.NO_CACHED_PRINCIPAL_FOUND);
}
cookie.setMaxAge(0);
hres.addCookie(cookie);
// update miss atomic counter
missCount.incrementAndGet();
}
// return;
return INVOKE_NEXT;
// END OF IASRI 4665318
}
use of org.apache.catalina.authenticator.SingleSignOnEntry in project Payara by payara.
the class GlassFishSingleSignOn method processExpires.
// ------------------------------------------------------ Protected Methods
/**
* Invalidate all SSO cache entries that have expired.
*/
private void processExpires() {
if (ssoMaxInactive < 0) {
// SSO entries are supposed to never expire
return;
}
long tooOld = System.currentTimeMillis() - ssoMaxInactive * 1000L;
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.SSO_EXPIRATION_STARTED, this.cache.size());
}
// S1AS8 6155481 END
final ArrayList<String> removals = new ArrayList<>(this.cache.size() / 2);
try {
synchronized (cache) {
Iterator<String> it = cache.keySet().iterator();
while (it.hasNext()) {
String key = it.next();
SingleSignOnEntry sso = (SingleSignOnEntry) cache.get(key);
if (sso.isEmpty() && sso.getLastAccessTime() < tooOld) {
removals.add(key);
}
}
}
int removalCount = removals.size();
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.SSO_CACHE_EXPIRE, removalCount);
}
// deregister any eligible sso entries
for (final String removal : removals) {
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, LogFacade.SSO_EXPRIRATION_REMOVING_ENTRY, removal);
}
deregister(removal);
}
// S1AS8 6155481 END
} catch (Throwable e) {
// don't let thread die
logger.log(Level.WARNING, LogFacade.EXCEPTION_DURING_SSO_EXPIRATION, e);
}
}
use of org.apache.catalina.authenticator.SingleSignOnEntry in project Payara by payara.
the class HASingleSignOn method lookup.
@Override
protected SingleSignOnEntry lookup(final String ssoId, final long ssoVersion) {
SingleSignOnEntry ssoEntry = super.lookup(ssoId, ssoVersion);
if (ssoEntry != null && ssoVersion > ssoEntry.getVersion()) {
// clean the old cache
this.cache.remove(ssoId);
ssoEntry = null;
}
if (ssoEntry == null) {
// load from ha store
try {
final HASingleSignOnEntryMetadata mdata = this.ssoEntryMetadataBackingStore.load(ssoId, null);
if (mdata != null) {
ssoEntry = new HASingleSignOnEntry(getContainer(), mdata, ioUtils);
this.cache.put(ssoId, ssoEntry);
}
} catch (BackingStoreException ex) {
throw new IllegalStateException(ex);
}
}
return ssoEntry;
}
use of org.apache.catalina.authenticator.SingleSignOnEntry in project Payara by payara.
the class HASingleSignOn method deregister.
@Override
protected void deregister(final String ssoId) {
// S1AS8 6155481 START
if (logger.isLoggable(Level.FINE)) {
logger.fine("Deregistering sso id '" + ssoId + "'");
}
// S1AS8 6155481 END
// Look up and remove the corresponding SingleSignOnEntry
final SingleSignOnEntry sso = this.cache.remove(ssoId);
if (sso == null) {
return;
}
// Expire any associated sessions
sso.expireSessions();
try {
this.ssoEntryMetadataBackingStore.remove(ssoId);
} catch (BackingStoreException ex) {
throw new IllegalStateException(ex);
}
// NOTE: Clients may still possess the old single sign on cookie,
// but it will be removed on the next request since it is no longer
// in the cache
}
Aggregations