Search in sources :

Example 1 with SingleSignOnEntry

use of org.apache.catalina.authenticator.SingleSignOnEntry in project tomcat by apache.

the class ClusterSingleSignOn method startInternal.

// ------------------------------------------------------- Lifecycle Methods
/**
 * Start this component and implement the requirements
 * of {@link org.apache.catalina.util.LifecycleBase#startInternal()}.
 *
 * @exception LifecycleException if this component detects a fatal error
 *  that prevents this component from being used
 */
@Override
protected synchronized void startInternal() throws LifecycleException {
    // Load the cluster component, if any
    try {
        if (cluster == null) {
            Container host = getContainer();
            if (host instanceof Host) {
                if (host.getCluster() instanceof CatalinaCluster) {
                    setCluster((CatalinaCluster) host.getCluster());
                }
            }
        }
        if (cluster == null) {
            throw new LifecycleException(sm.getString("clusterSingleSignOn.nocluster"));
        }
        ClassLoader[] cls = new ClassLoader[] { this.getClass().getClassLoader() };
        ReplicatedMap<String, SingleSignOnEntry> cache = new ReplicatedMap<>(this, cluster.getChannel(), rpcTimeout, cluster.getClusterName() + "-SSO-cache", cls, terminateOnStartFailure);
        cache.setChannelSendOptions(mapSendOptions);
        cache.setAccessTimeout(accessTimeout);
        this.cache = cache;
    } catch (Throwable t) {
        ExceptionUtils.handleThrowable(t);
        throw new LifecycleException(sm.getString("clusterSingleSignOn.clusterLoad.fail"), t);
    }
    super.startInternal();
}
Also used : Container(org.apache.catalina.Container) LifecycleException(org.apache.catalina.LifecycleException) CatalinaCluster(org.apache.catalina.ha.CatalinaCluster) SingleSignOnEntry(org.apache.catalina.authenticator.SingleSignOnEntry) Host(org.apache.catalina.Host) ReplicatedMap(org.apache.catalina.tribes.tipis.ReplicatedMap)

Example 2 with SingleSignOnEntry

use of org.apache.catalina.authenticator.SingleSignOnEntry in project Payara by payara.

the class GlassFishSingleSignOn method invoke.

// ---------------------------------------------------------- Valve Methods
/**
 * Perform single-sign-on support processing for this request.
 *
 * @param request The servlet request we are processing
 * @param response The servlet response we are creating
 *
 * @return the valve flag
 */
// START OF IASRI 4665318
@Override
public int invoke(final Request request, final Response response) {
    // END OF IASRI 4665318
    // If this is not an HTTP request and response, just pass them on
    /*
         * GlassFish 6386229 if (!(request instanceof HttpRequest) || !(response instanceof HttpResponse)) { // START OF IASRI
         * 4665318 // context.invokeNext(request, response); // return; return INVOKE_NEXT; // END OF IASRI 4665318 }
         */
    HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
    HttpServletResponse hres = (HttpServletResponse) response.getResponse();
    request.removeNote(Constants.REQ_SSOID_NOTE);
    request.removeNote(Constants.REQ_SSO_VERSION_NOTE);
    // S1AS8 6155481 START
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, LogFacade.REQUEST_PROCESSED, hreq.getRequestURI());
    }
    if (hreq.getUserPrincipal() != null) {
        // S1AS8 6155481 START
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, LogFacade.PRINCIPAL_ALREADY_AUTHENTICATED, hreq.getUserPrincipal().getName());
        }
        // return;
        return INVOKE_NEXT;
    // END OF IASRI 4665318
    }
    // S1AS8 6155481 START
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, LogFacade.CHECKING_SSO_COOKIE);
    }
    final Cookie[] cookies = hreq.getCookies();
    if (cookies == null) {
        return INVOKE_NEXT;
    }
    Cookie cookie = null;
    Cookie versionCookie = null;
    for (Cookie c : cookies) {
        if (Constants.SINGLE_SIGN_ON_COOKIE.equals(c.getName())) {
            cookie = c;
        } else if (Constants.SINGLE_SIGN_ON_VERSION_COOKIE.equals(c.getName())) {
            versionCookie = c;
        }
        if (cookie != null && versionCookie != null) {
            break;
        }
    }
    if (cookie == null) {
        // S1AS8 6155481 START
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, LogFacade.SSO_COOKIE_NOT_PRESENT);
        }
        // return;
        return INVOKE_NEXT;
    // END OF IASRI 4665318
    }
    // Get the realm associated with the app of this request.
    // If there is no realm available, do not process SSO.
    Realm realm = request.getContext().getRealm();
    if (realm == null) {
        // S1AS8 6155481 START
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, LogFacade.NO_REALM_CONFIGURED);
        }
        // return;
        return INVOKE_NEXT;
    // END OF IASRI 4665318
    }
    String realmName = realm.getRealmName();
    if (realmName == null) {
        // S1AS8 6155481 START
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, LogFacade.NO_REALM_CONFIGURED);
        }
        // return;
        return INVOKE_NEXT;
    // END OF IASRI 4665318
    }
    if (debug >= 1) {
        // S1AS8 6155481 START
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, LogFacade.APP_REALM);
        }
    }
    // S1AS8 6155481 START
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, LogFacade.CHECKING_CACHED_PRINCIPAL);
    }
    long version = 0;
    if (isVersioningSupported() && versionCookie != null) {
        version = Long.parseLong(versionCookie.getValue());
    }
    SingleSignOnEntry entry = lookup(cookie.getValue(), version);
    if (entry != null) {
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, LogFacade.FOUND_CACHED_PRINCIPAL, new Object[] { entry.getPrincipal().getName(), entry.getAuthType(), entry.getRealmName() });
        }
        // only use this SSO identity if it was set in the same realm
        if (entry.getRealmName().equals(realmName)) {
            request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
            ((HttpRequest) request).setAuthType(entry.getAuthType());
            ((HttpRequest) request).setUserPrincipal(entry.getPrincipal());
            // Touch the SSO entry access time
            entry.setLastAccessTime(System.currentTimeMillis());
            if (isVersioningSupported()) {
                long ver = entry.incrementAndGetVersion();
                request.setNote(Constants.REQ_SSO_VERSION_NOTE, Long.valueOf(ver));
            }
            // update hit atomic counter
            hitCount.incrementAndGet();
        } else {
            // S1AS8 6155481 START
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, LogFacade.IGNORING_SSO, realmName);
            }
            // consider this a cache miss, update atomic counter
            missCount.incrementAndGet();
        }
    } else {
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, LogFacade.NO_CACHED_PRINCIPAL_FOUND);
        }
        cookie.setMaxAge(0);
        hres.addCookie(cookie);
        // update miss atomic counter
        missCount.incrementAndGet();
    }
    // return;
    return INVOKE_NEXT;
// END OF IASRI 4665318
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Cookie(javax.servlet.http.Cookie) HttpRequest(org.apache.catalina.HttpRequest) SingleSignOnEntry(org.apache.catalina.authenticator.SingleSignOnEntry) HttpServletResponse(javax.servlet.http.HttpServletResponse) Realm(org.apache.catalina.Realm)

Example 3 with SingleSignOnEntry

use of org.apache.catalina.authenticator.SingleSignOnEntry in project Payara by payara.

the class GlassFishSingleSignOn method processExpires.

// ------------------------------------------------------ Protected Methods
/**
 * Invalidate all SSO cache entries that have expired.
 */
private void processExpires() {
    if (ssoMaxInactive < 0) {
        // SSO entries are supposed to never expire
        return;
    }
    long tooOld = System.currentTimeMillis() - ssoMaxInactive * 1000L;
    // S1AS8 6155481 START
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, LogFacade.SSO_EXPIRATION_STARTED, this.cache.size());
    }
    // S1AS8 6155481 END
    final ArrayList<String> removals = new ArrayList<>(this.cache.size() / 2);
    try {
        synchronized (cache) {
            Iterator<String> it = cache.keySet().iterator();
            while (it.hasNext()) {
                String key = it.next();
                SingleSignOnEntry sso = (SingleSignOnEntry) cache.get(key);
                if (sso.isEmpty() && sso.getLastAccessTime() < tooOld) {
                    removals.add(key);
                }
            }
        }
        int removalCount = removals.size();
        // S1AS8 6155481 START
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, LogFacade.SSO_CACHE_EXPIRE, removalCount);
        }
        // deregister any eligible sso entries
        for (final String removal : removals) {
            // S1AS8 6155481 START
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, LogFacade.SSO_EXPRIRATION_REMOVING_ENTRY, removal);
            }
            deregister(removal);
        }
    // S1AS8 6155481 END
    } catch (Throwable e) {
        // don't let thread die
        logger.log(Level.WARNING, LogFacade.EXCEPTION_DURING_SSO_EXPIRATION, e);
    }
}
Also used : SingleSignOnEntry(org.apache.catalina.authenticator.SingleSignOnEntry) ArrayList(java.util.ArrayList)

Example 4 with SingleSignOnEntry

use of org.apache.catalina.authenticator.SingleSignOnEntry in project Payara by payara.

the class HASingleSignOn method lookup.

@Override
protected SingleSignOnEntry lookup(final String ssoId, final long ssoVersion) {
    SingleSignOnEntry ssoEntry = super.lookup(ssoId, ssoVersion);
    if (ssoEntry != null && ssoVersion > ssoEntry.getVersion()) {
        // clean the old cache
        this.cache.remove(ssoId);
        ssoEntry = null;
    }
    if (ssoEntry == null) {
        // load from ha store
        try {
            final HASingleSignOnEntryMetadata mdata = this.ssoEntryMetadataBackingStore.load(ssoId, null);
            if (mdata != null) {
                ssoEntry = new HASingleSignOnEntry(getContainer(), mdata, ioUtils);
                this.cache.put(ssoId, ssoEntry);
            }
        } catch (BackingStoreException ex) {
            throw new IllegalStateException(ex);
        }
    }
    return ssoEntry;
}
Also used : SingleSignOnEntry(org.apache.catalina.authenticator.SingleSignOnEntry) BackingStoreException(org.glassfish.ha.store.api.BackingStoreException)

Example 5 with SingleSignOnEntry

use of org.apache.catalina.authenticator.SingleSignOnEntry in project Payara by payara.

the class HASingleSignOn method deregister.

@Override
protected void deregister(final String ssoId) {
    // S1AS8 6155481 START
    if (logger.isLoggable(Level.FINE)) {
        logger.fine("Deregistering sso id '" + ssoId + "'");
    }
    // S1AS8 6155481 END
    // Look up and remove the corresponding SingleSignOnEntry
    final SingleSignOnEntry sso = this.cache.remove(ssoId);
    if (sso == null) {
        return;
    }
    // Expire any associated sessions
    sso.expireSessions();
    try {
        this.ssoEntryMetadataBackingStore.remove(ssoId);
    } catch (BackingStoreException ex) {
        throw new IllegalStateException(ex);
    }
// NOTE:  Clients may still possess the old single sign on cookie,
// but it will be removed on the next request since it is no longer
// in the cache
}
Also used : SingleSignOnEntry(org.apache.catalina.authenticator.SingleSignOnEntry) BackingStoreException(org.glassfish.ha.store.api.BackingStoreException)

Aggregations

SingleSignOnEntry (org.apache.catalina.authenticator.SingleSignOnEntry)8 Container (org.apache.catalina.Container)2 Host (org.apache.catalina.Host)2 LifecycleException (org.apache.catalina.LifecycleException)2 CatalinaCluster (org.apache.catalina.ha.CatalinaCluster)2 ReplicatedMap (org.apache.catalina.tribes.tipis.ReplicatedMap)2 BackingStoreException (org.glassfish.ha.store.api.BackingStoreException)2 ArrayList (java.util.ArrayList)1 Cookie (javax.servlet.http.Cookie)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 HttpRequest (org.apache.catalina.HttpRequest)1 Realm (org.apache.catalina.Realm)1