Author: rjung Date: Wed Nov 26 18:13:41 2014 New Revision: 1641874 URL: http://svn.apache.org/r1641874 Log: Replicate Principal in ClusterSingleSignOn.
Backport of r1305758 from TC6. Modified: tomcat/sandbox/tomcat-oacc/trunk/docs/changelog.xml tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/ClusterSingleSignOn.java tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/ClusterSingleSignOnListener.java tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/SingleSignOnMessage.java Modified: tomcat/sandbox/tomcat-oacc/trunk/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/sandbox/tomcat-oacc/trunk/docs/changelog.xml?rev=1641874&r1=1641873&r2=1641874&view=diff ============================================================================== --- tomcat/sandbox/tomcat-oacc/trunk/docs/changelog.xml (original) +++ tomcat/sandbox/tomcat-oacc/trunk/docs/changelog.xml Wed Nov 26 18:13:41 2014 @@ -32,6 +32,9 @@ <section name="Tomcat OACC 0.1 (rjung)"> <subsection name="Cluster"> <fix> + Replicate principal in ClusterSingleSignOn. (kfujino) + </fix> + <fix> <bug>52488</bug>: Correct typos: exipre -> expire. Based on a patch by prockter. (markt) </fix> Modified: tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/ClusterSingleSignOn.java URL: http://svn.apache.org/viewvc/tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/ClusterSingleSignOn.java?rev=1641874&r1=1641873&r2=1641874&view=diff ============================================================================== --- tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/ClusterSingleSignOn.java (original) +++ tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/ClusterSingleSignOn.java Wed Nov 26 18:13:41 2014 @@ -21,8 +21,8 @@ package org.apache.catalina.cluster.auth import java.security.Principal; -import org.apache.catalina.Container; import org.apache.catalina.Cluster; +import org.apache.catalina.Container; import org.apache.catalina.Engine; import org.apache.catalina.Host; import org.apache.catalina.LifecycleException; @@ -33,6 +33,8 @@ import org.apache.catalina.authenticator import org.apache.catalina.cluster.CatalinaCluster; import org.apache.catalina.cluster.ClusterManager; import org.apache.catalina.cluster.ClusterValve; +import org.apache.catalina.cluster.session.SerializablePrincipal; +import org.apache.catalina.realm.GenericPrincipal; /** * A <strong>Valve</strong> that supports a "single sign on" user experience on @@ -245,7 +247,7 @@ public class ClusterSingleSignOn */ protected void register(String ssoId, Principal principal, String authType, String username, String password) { - sendSSOIdWithAuth(ssoId, + sendSSOIdWithAuth(ssoId, principal, authType, username, password, SingleSignOnMessage.REGISTER_SESSION); registerLocal(ssoId, principal, authType, username, password); @@ -284,7 +286,7 @@ public class ClusterSingleSignOn */ protected void update(String ssoId, Principal principal, String authType, String username, String password) { - sendSSOIdWithAuth(ssoId, + sendSSOIdWithAuth(ssoId, principal, authType, username, password, SingleSignOnMessage.UPDATE_SESSION); updateLocal(ssoId, principal, authType, username, password); @@ -345,7 +347,7 @@ public class ClusterSingleSignOn * @param password the password (if any) used for the authentication * @param action SSO Action type */ - protected void sendSSOIdWithAuth(String ssoId,String authType, + protected void sendSSOIdWithAuth(String ssoId, Principal principal, String authType, String username, String password, int action) { if (cluster != null) { messageNumber++; @@ -355,6 +357,13 @@ public class ClusterSingleSignOn msg.setAuthType(authType); msg.setUsername(username); msg.setPassword(password); + + SerializablePrincipal sp = null; + if (principal instanceof GenericPrincipal) { + sp = SerializablePrincipal.createPrincipal((GenericPrincipal) principal); + msg.setPrincipal(sp); + } + send(msg,action); } } Modified: tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/ClusterSingleSignOnListener.java URL: http://svn.apache.org/viewvc/tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/ClusterSingleSignOnListener.java?rev=1641874&r1=1641873&r2=1641874&view=diff ============================================================================== --- tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/ClusterSingleSignOnListener.java (original) +++ tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/ClusterSingleSignOnListener.java Wed Nov 26 18:13:41 2014 @@ -17,6 +17,7 @@ package org.apache.catalina.cluster.authenticator; +import java.security.Principal; import java.util.Map; import java.io.IOException; @@ -86,6 +87,7 @@ public class ClusterSingleSignOnListener SingleSignOnMessage msg = (SingleSignOnMessage) myobj; int action = msg.getAction(); Session session = null; + Principal principal = null; if (log.isDebugEnabled()) log.debug("SingleSignOnMessage Received with action " @@ -106,12 +108,18 @@ public class ClusterSingleSignOnListener clusterSSO.deregisterLocal(msg.getSsoId()); break; case SingleSignOnMessage.REGISTER_SESSION: - clusterSSO.registerLocal(msg.getSsoId(), null, msg - .getAuthType(), msg.getUsername(), msg.getPassword()); + if (msg.getPrincipal() != null) { + principal = msg.getPrincipal().getPrincipal(clusterSSO.getContainer().getRealm()); + } + clusterSSO.registerLocal(msg.getSsoId(), principal, msg.getAuthType(), + msg.getUsername(), msg.getPassword()); break; case SingleSignOnMessage.UPDATE_SESSION: - clusterSSO.updateLocal(msg.getSsoId(), null, msg.getAuthType(), - msg.getUsername(), msg.getPassword()); + if (msg.getPrincipal() != null) { + principal = msg.getPrincipal().getPrincipal(clusterSSO.getContainer().getRealm()); + } + clusterSSO.updateLocal(msg.getSsoId(), principal, msg.getAuthType(), + msg.getUsername(), msg.getPassword()); break; case SingleSignOnMessage.REMOVE_SESSION: session = getSession(msg.getSessionId(), msg.getContextName()); Modified: tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/SingleSignOnMessage.java URL: http://svn.apache.org/viewvc/tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/SingleSignOnMessage.java?rev=1641874&r1=1641873&r2=1641874&view=diff ============================================================================== --- tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/SingleSignOnMessage.java (original) +++ tomcat/sandbox/tomcat-oacc/trunk/src/share/org/apache/catalina/cluster/authenticator/SingleSignOnMessage.java Wed Nov 26 18:13:41 2014 @@ -22,6 +22,7 @@ import java.io.Serializable; import org.apache.catalina.cluster.ClusterMessage; import org.apache.catalina.cluster.ClusterMessageBase; import org.apache.catalina.cluster.Member; +import org.apache.catalina.cluster.session.SerializablePrincipal; /** * Contains the SingleSignOn data, read and written by the ClusterSingleSignOn @@ -56,6 +57,7 @@ public class SingleSignOnMessage extends private String password = null; private String username = null; + private SerializablePrincipal principal = null; public SingleSignOnMessage(Member source, String ssoId, String sessionId) { this.address = source; @@ -137,6 +139,14 @@ public class SingleSignOnMessage extends this.username = username; } + public SerializablePrincipal getPrincipal() { + return principal; + } + + public void setPrincipal(SerializablePrincipal principal) { + this.principal = principal; + } + // --------------------------------------------------------- Public Methods /** --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org