SingleSignOnEntry


1   /*
2    * Copyright 1999-2001,2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.jboss.web.tomcat.tc6.sso;
17  
18  import java.security.Principal  ;
19  
20  import org.apache.catalina.Session;
21  import org.apache.catalina.authenticator.Constants;
22  import org.apache.catalina.authenticator.SingleSignOn;
23  
24  /**
25   * A class that represents entries in the cache of authenticated users.
26   *
27   * @author Brian E. Stansberry, based on work by Craig R. McClanahan
28   * @version $Revision: 45726 $ $Date: 2006-06-21 15:50:00 -0400 (Wed, 21 Jun 2006) $
29   * @see SingleSignOn
30   */
31  class SingleSignOnEntry
32  {
33     // ------------------------------------------------------  Instance Fields
34  
35     private String   authType = null;
36  
37     private String   password = null;
38  
39     private Principal   principal = null;
40  
41     private Session sessions[] = new Session[0];
42  
43     private String   username = null;
44  
45     private boolean canReauthenticate = false;
46  
47     // ---------------------------------------------------------  Constructors
48  
49     /**
50      * Creates a new SingleSignOnEntry
51      *
52      * @param principal the <code>Principal</code> returned by the latest
53      *                  call to <code>Realm.authenticate</code>.
54      * @param authType  the type of authenticator used (BASIC, CLIENT-CERT,
55      *                  DIGEST or FORM)
56      * @param username  the username (if any) used for the authentication
57      * @param password  the password (if any) used for the authentication
58      */
59     SingleSignOnEntry(Principal   principal, String   authType,
60        String   username, String   password)
61     {
62        updateCredentials(principal, authType, username, password);
63     }
64  
65     // ------------------------------------------------------- Package Methods
66  
67     /**
68      * Adds a <code>Session</code> to the list of those associated with
69      * this SSO.
70      *
71      * @param sso     The <code>SingleSignOn</code> valve that is managing
72      *                the SSO session.
73      * @param session The <code>Session</code> being associated with the SSO.
74      * @return <code>true</code> if the given Session was a new addition (i.e.
75      *         was not previously associated with this entry);
76      *         <code>false</code> otherwise.
77      */
78     synchronized boolean addSession(SingleSignOn sso, Session session)
79     {
80        for (int i = 0; i < sessions.length; i++)
81        {
82           if (session == sessions[i])
83              return false;
84        }
85        Session results[] = new Session[sessions.length + 1];
86        System.arraycopy(sessions, 0, results, 0, sessions.length);
87        results[sessions.length] = session;
88        sessions = results;
89        session.addSessionListener(sso);
90        return true;
91     }
92  
93     /**
94      * Removes the given <code>Session</code> from the list of those
95      * associated with this SSO.
96      *
97      * @param session the <code>Session</code> to remove.
98      * @return <code>true</code> if the given Session needed to be removed
99      *         (i.e. was in fact previously associated with this entry);
100     *         <code>false</code> otherwise.
101     */
102    synchronized boolean removeSession(Session session)
103    {
104       if (sessions.length == 0)
105          return false;
106 
107       boolean removed = false;
108       Session[] nsessions = new Session[sessions.length - 1];
109       for (int i = 0, j = 0; i < sessions.length; i++)
110       {
111          if (session == sessions[i])
112          {
113             removed = true;
114             continue;
115          }
116          else if (!removed && i == nsessions.length)
117          {
118             // We have tested all our sessions, and have not had to
119             // remove any; break loop now so we don't cause an
120             // ArrayIndexOutOfBounds on nsessions
121             break;
122          }
123          nsessions[j++] = sessions[i];
124       }
125       sessions = nsessions;
126       // Only if we removed a session, do we replace our session list
127       if (removed)
128          sessions = nsessions;
129       return removed;
130    }
131 
132    /**
133     * Returns the <code>Session</code>s associated with this SSO.
134     */
135    synchronized Session[] findSessions()
136    {
137       return (this.sessions);
138    }
139 
140    /**
141     * Gets the name of the authentication type originally used to authenticate
142     * the user associated with the SSO.
143     *
144     * @return "BASIC", "CLIENT-CERT", "DIGEST", "FORM" or "NONE"
145     */
146    String   getAuthType()
147    {
148       return (this.authType);
149    }
150 
151    /**
152     * Gets whether the authentication type associated with the original
153     * authentication supports reauthentication.
154     *
155     * @return <code>true</code> if <code>getAuthType</code> returns
156     *         "BASIC" or "FORM", <code>false</code> otherwise.
157     */
158    boolean getCanReauthenticate()
159    {
160       return (this.canReauthenticate);
161    }
162 
163    /**
164     * Gets the password credential (if any) associated with the SSO.
165     *
166     * @return the password credential associated with the SSO, or
167     *         <code>null</code> if the original authentication type
168     *         does not involve a password.
169     */
170    String   getPassword()
171    {
172       return (this.password);
173    }
174 
175    /**
176     * Gets the <code>Principal</code> that has been authenticated by
177     * the SSO.
178     * <p/>
179     * <b>NOTE: </b> May return <code>null</code> if this object was
180     * retrieved via a lookup from another node in a cluster. Interface
181     * <code>Principal</code> does not extend <code>Serializable</code>,
182     * so a <code>SingleSignOnEntry</code>'s principal member cannot be
183     * serialized as part of SSO management in a cluster.  A
184     * <code>Principal</code> cannot be bound to a
185     * <code>SingleSignOnEntry</code> until the SSO has been authenticated
186     * by the local node.
187     *
188     * @return The <code>Principal</code> that has been authenticated by
189     *         the local SSO, or <code>null</code> if no authentication
190     *         has been performed yet in this cluster node.
191     */
192    Principal   getPrincipal()
193    {
194       return (this.principal);
195    }
196 
197    /**
198     * Sets the <code>Principal</code> that has been authenticated by
199     * the SSO.
200     */
201    void setPrincipal(Principal   principal)
202    {
203       this.principal = principal;
204    }
205 
206    /**
207     * Returns the number of sessions associated with this SSO, either
208     * locally or remotely.
209     */
210    int getSessionCount()
211    {
212       return (sessions.length);
213    }
214 
215    /**
216     * Gets the username provided by the user as part of the authentication
217     * process.
218     */
219    String   getUsername()
220    {
221       return (this.username);
222    }
223 
224 
225    /**
226     * Updates the SingleSignOnEntry to reflect the latest security
227     * information associated with the caller.
228     *
229     * @param principal the <code>Principal</code> returned by the latest
230     *                  call to <code>Realm.authenticate</code>.
231     * @param authType  the type of authenticator used (BASIC, CLIENT-CERT,
232     *                  DIGEST or FORM)
233     * @param username  the username (if any) used for the authentication
234     * @param password  the password (if any) used for the authentication
235     */
236    synchronized boolean updateCredentials(Principal   principal, String   authType,
237       String   username, String   password)
238    {
239 
240       boolean changed =
241          (safeEquals(this.principal, principal)
242          || safeEquals(this.authType, authType)
243          || safeEquals(this.username, username)
244          || safeEquals(this.password, password));
245 
246       this.principal = principal;
247       this.authType = authType;
248       this.username = username;
249       this.password = password;
250       this.canReauthenticate =
251          (Constants.BASIC_METHOD.equals(authType)
252          || Constants.FORM_METHOD.equals(authType));
253       return changed;
254    }
255 
256    // -------------------------------------------------------  Private Methods
257 
258    private boolean safeEquals(Object   a, Object   b)
259    {
260       return ((a == b)
261          || (a != null && a.equals(b))
262          || (b != null && b.equals(a)));
263    }
264 }
265
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags