Class ClusterSingleSignOn

  • All Implemented Interfaces:
    javax.management.MBeanRegistration, Contained, ClusterValve, JmxEnabled, Lifecycle, AbstractReplicatedMap.MapOwner, Valve

    public class ClusterSingleSignOn
    extends SingleSignOn
    implements ClusterValve, AbstractReplicatedMap.MapOwner
    A Valve that supports a "single sign on" user experience on each node of a cluster, where the security identity of a user who successfully authenticates to one web application is propagated to other web applications and to other nodes cluster in the same security domain. For successful use, the following requirements must be met:
    • This Valve must be configured on the Container that represents a virtual host (typically an implementation of Host).
    • The Realm that contains the shared user and role information must be configured on the same Container (or a higher one), and not overridden at the web application level.
    • The web applications themselves must use one of the standard Authenticators found in the org.apache.catalina.authenticator package.
    • Constructor Detail

      • ClusterSingleSignOn

        public ClusterSingleSignOn()
        Default constructor for ClusterSingleSignOn.
    • Method Detail

      • setCluster

        public void setCluster​(CatalinaCluster cluster)
        Description copied from interface: ClusterValve
        Associates the cluster valve with a cluster
        Specified by:
        setCluster in interface ClusterValve
        Parameters:
        cluster - CatalinaCluster
      • getRpcTimeout

        public long getRpcTimeout()
        Returns the RPC timeout in milliseconds.
        Returns:
        the RPC timeout
      • setRpcTimeout

        public void setRpcTimeout​(long rpcTimeout)
        Sets the RPC timeout in milliseconds.
        Parameters:
        rpcTimeout - the RPC timeout
      • getMapSendOptions

        public int getMapSendOptions()
        Returns the map send options.
        Returns:
        the map send options
      • setMapSendOptions

        public void setMapSendOptions​(int mapSendOptions)
        Sets the map send options.
        Parameters:
        mapSendOptions - the map send options
      • getTerminateOnStartFailure

        public boolean getTerminateOnStartFailure()
        Returns whether to terminate on start failure.
        Returns:
        true if termination on start failure is enabled
      • setTerminateOnStartFailure

        public void setTerminateOnStartFailure​(boolean terminateOnStartFailure)
        Sets whether to terminate on start failure.
        Parameters:
        terminateOnStartFailure - the new value
      • getAccessTimeout

        public long getAccessTimeout()
        Returns the access timeout in milliseconds.
        Returns:
        the access timeout
      • setAccessTimeout

        public void setAccessTimeout​(long accessTimeout)
        Sets the access timeout in milliseconds.
        Parameters:
        accessTimeout - the access timeout
      • associate

        protected boolean associate​(java.lang.String ssoId,
                                    Session session)
        Description copied from class: SingleSignOn
        Associate the specified single sign on identifier with the specified Session.
        Overrides:
        associate in class SingleSignOn
        Parameters:
        ssoId - Single sign on identifier
        session - Session to be associated
        Returns:
        true if the session was associated to the given SSO session, otherwise false
      • update

        protected boolean update​(java.lang.String ssoId,
                                 java.security.Principal principal,
                                 java.lang.String authType,
                                 java.lang.String username,
                                 java.lang.String password)
        Description copied from class: SingleSignOn
        Updates any SingleSignOnEntry found under key ssoId with the given authentication data.

        The purpose of this method is to allow an SSO entry that was established without a username/password combination (i.e. established following DIGEST or CLIENT_CERT authentication) to be updated with a username and password if one becomes available through a subsequent BASIC or FORM authentication. The SSO entry will then be usable for reauthentication.

        NOTE: Only updates the SSO entry if a call to SingleSignOnEntry.getCanReauthenticate() returns false; otherwise, it is assumed that the SSO entry already has sufficient information to allow reauthentication and that no update is needed.

        Overrides:
        update in class SingleSignOn
        Parameters:
        ssoId - identifier of Single sign to be updated
        principal - the Principal returned by the latest call to Realm.authenticate.
        authType - the type of authenticator used (BASIC, CLIENT_CERT, DIGEST or FORM)
        username - the username (if any) used for the authentication
        password - the password (if any) used for the authentication
        Returns:
        true if the credentials were updated, otherwise false
      • getSessionListener

        protected SessionListener getSessionListener​(java.lang.String ssoId)
        Description copied from class: SingleSignOn
        Returns a session listener for the specified SSO identifier.
        Overrides:
        getSessionListener in class SingleSignOn
        Parameters:
        ssoId - the SSO identifier
        Returns:
        the session listener