SingleSignOnEntry


1   /*
2    * JBoss, the OpenSource WebOS
3    *
4    * Distributable under LGPL license.
5    * See terms of license at gnu.org.
6    */
7   package org.jboss.web.tomcat.tc5.sso;
8   
9   import java.security.Principal  ;
10  
11  import org.apache.catalina.Session;
12  import org.apache.catalina.authenticator.Constants;
13  import org.apache.catalina.authenticator.SingleSignOn;
14  
15  /**
16   * A class that represents entries in the cache of authenticated users.
17   *
18   * @author Brian E. Stansberry, based on work by Craig R. McClanahan
19   * @version $Revision: 1.3 $ $Date: 2004/09/13 00:08:30 $
20   * @see SingleSignOn
21   */
22  class SingleSignOnEntry
23  {
24     // ------------------------------------------------------  Instance Fields
25  
26     private String   authType = null;
27  
28     private String   password = null;
29  
30     private Principal   principal = null;
31  
32     private Session sessions[] = new Session[0];
33  
34     private String   username = null;
35  
36     private boolean canReauthenticate = false;
37  
38     // ---------------------------------------------------------  Constructors
39  
40     /**
41      * Creates a new SingleSignOnEntry
42      *
43      * @param principal the <code>Principal</code> returned by the latest
44      *                  call to <code>Realm.authenticate</code>.
45      * @param authType  the type of authenticator used (BASIC, CLIENT-CERT,
46      *                  DIGEST or FORM)
47      * @param username  the username (if any) used for the authentication
48      * @param password  the password (if any) used for the authentication
49      */
50     SingleSignOnEntry(Principal   principal, String   authType,
51        String   username, String   password)
52     {
53        updateCredentials(principal, authType, username, password);
54     }
55  
56     // ------------------------------------------------------- Package Methods
57  
58     /**
59      * Adds a <code>Session</code> to the list of those associated with
60      * this SSO.
61      *
62      * @param sso     The <code>SingleSignOn</code> valve that is managing
63      *                the SSO session.
64      * @param session The <code>Session</code> being associated with the SSO.
65      * @return <code>true</code> if the given Session was a new addition (i.e.
66      *         was not previously associated with this entry);
67      *         <code>false</code> otherwise.
68      */
69     synchronized boolean addSession(SingleSignOn sso, Session session)
70     {
71        for (int i = 0; i < sessions.length; i++)
72        {
73           if (session == sessions[i])
74              return false;
75        }
76        Session results[] = new Session[sessions.length + 1];
77        System.arraycopy(sessions, 0, results, 0, sessions.length);
78        results[sessions.length] = session;
79        sessions = results;
80        session.addSessionListener(sso);
81        return true;
82     }
83  
84     /**
85      * Removes the given <code>Session</code> from the list of those
86      * associated with this SSO.
87      *
88      * @param session the <code>Session</code> to remove.
89      * @return <code>true</code> if the given Session needed to be removed
90      *         (i.e. was in fact previously associated with this entry);
91      *         <code>false</code> otherwise.
92      */
93     synchronized boolean removeSession(Session session)
94     {
95        if (sessions.length == 0)
96           return false;
97  
98        boolean removed = false;
99        Session[] nsessions = new Session[sessions.length - 1];
100       for (int i = 0, j = 0; i < sessions.length; i++)
101       {
102          if (session == sessions[i])
103          {
104             removed = true;
105             continue;
106          }
107          else if (!removed && i == nsessions.length)
108          {
109             // We have tested all our sessions, and have not had to
110             // remove any; break loop now so we don't cause an
111             // ArrayIndexOutOfBounds on nsessions
112             break;
113          }
114          nsessions[j++] = sessions[i];
115       }
116       sessions = nsessions;
117       // Only if we removed a session, do we replace our session list
118       if (removed)
119          sessions = nsessions;
120       return removed;
121    }
122 
123    /**
124     * Returns the <code>Session</code>s associated with this SSO.
125     */
126    synchronized Session[] findSessions()
127    {
128       return (this.sessions);
129    }
130 
131    /**
132     * Gets the name of the authentication type originally used to authenticate
133     * the user associated with the SSO.
134     *
135     * @return "BASIC", "CLIENT-CERT", "DIGEST", "FORM" or "NONE"
136     */
137    String   getAuthType()
138    {
139       return (this.authType);
140    }
141 
142    /**
143     * Gets whether the authentication type associated with the original
144     * authentication supports reauthentication.
145     *
146     * @return <code>true</code> if <code>getAuthType</code> returns
147     *         "BASIC" or "FORM", <code>false</code> otherwise.
148     */
149    boolean getCanReauthenticate()
150    {
151       return (this.canReauthenticate);
152    }
153 
154    /**
155     * Gets the password credential (if any) associated with the SSO.
156     *
157     * @return the password credential associated with the SSO, or
158     *         <code>null</code> if the original authentication type
159     *         does not involve a password.
160     */
161    String   getPassword()
162    {
163       return (this.password);
164    }
165 
166    /**
167     * Gets the <code>Principal</code> that has been authenticated by
168     * the SSO.
169     * <p/>
170     * <b>NOTE: </b> May return <code>null</code> if this object was
171     * retrieved via a lookup from another node in a cluster. Interface
172     * <code>Principal</code> does not extend <code>Serializable</code>,
173     * so a <code>SingleSignOnEntry</code>'s principal member cannot be
174     * serialized as part of SSO management in a cluster.  A
175     * <code>Principal</code> cannot be bound to a
176     * <code>SingleSignOnEntry</code> until the SSO has been authenticated
177     * by the local node.
178     *
179     * @return The <code>Principal</code> that has been authenticated by
180     *         the local SSO, or <code>null</code> if no authentication
181     *         has been performed yet in this cluster node.
182     */
183    Principal   getPrincipal()
184    {
185       return (this.principal);
186    }
187 
188    /**
189     * Sets the <code>Principal</code> that has been authenticated by
190     * the SSO.
191     */
192    void setPrincipal(Principal   principal)
193    {
194       this.principal = principal;
195    }
196 
197    /**
198     * Returns the number of sessions associated with this SSO, either
199     * locally or remotely.
200     */
201    int getSessionCount()
202    {
203       return (sessions.length);
204    }
205 
206    /**
207     * Gets the username provided by the user as part of the authentication
208     * process.
209     */
210    String   getUsername()
211    {
212       return (this.username);
213    }
214 
215 
216    /**
217     * Updates the SingleSignOnEntry to reflect the latest security
218     * information associated with the caller.
219     *
220     * @param principal the <code>Principal</code> returned by the latest
221     *                  call to <code>Realm.authenticate</code>.
222     * @param authType  the type of authenticator used (BASIC, CLIENT-CERT,
223     *                  DIGEST or FORM)
224     * @param username  the username (if any) used for the authentication
225     * @param password  the password (if any) used for the authentication
226     */
227    synchronized boolean updateCredentials(Principal   principal, String   authType,
228       String   username, String   password)
229    {
230 
231       boolean changed =
232          (safeEquals(this.principal, principal)
233          || safeEquals(this.authType, authType)
234          || safeEquals(this.username, username)
235          || safeEquals(this.password, password));
236 
237       this.principal = principal;
238       this.authType = authType;
239       this.username = username;
240       this.password = password;
241       this.canReauthenticate =
242          (Constants.BASIC_METHOD.equals(authType)
243          || Constants.FORM_METHOD.equals(authType));
244       return changed;
245    }
246 
247    // -------------------------------------------------------  Private Methods
248 
249    private boolean safeEquals(Object   a, Object   b)
250    {
251       return ((a == b)
252          || (a != null && a.equals(b))
253          || (b != null && b.equals(a)));
254    }
255 }
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags