Author: markt
Date: Fri Dec 19 14:54:08 2014
New Revision: 1646757
URL: http://svn.apache.org/r1646757
Log:
Refactor to replace reverse map with dedicated session listener that contains a
reference to the SSO ID. This refactoring is in support of the fix for BZ 57338.
Added:
tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOnListener.java
(props changed)
- copied unchanged from r1646721,
tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOnListener.java
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
tomcat/tc8.0.x/trunk/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java
Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Dec 19 14:54:08 2014
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646720
+/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646721
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java?rev=1646757&r1=1646756&r2=1646757&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
Fri Dec 19 14:54:08 2014
@@ -31,7 +31,6 @@ import org.apache.catalina.LifecycleExce
import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
-import org.apache.catalina.SessionEvent;
import org.apache.catalina.SessionListener;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
@@ -57,7 +56,7 @@ import org.apache.tomcat.util.res.String
*
* @author Craig R. McClanahan
*/
-public class SingleSignOn extends ValveBase implements SessionListener {
+public class SingleSignOn extends ValveBase {
private static final StringManager sm =
StringManager.getManager(SingleSignOn.class);
@@ -90,13 +89,6 @@ public class SingleSignOn extends ValveB
private boolean requireReauthentication = false;
/**
- * The cache of single sign on identifiers, keyed by the Session that is
- * associated with them.
- */
- protected Map<SingleSignOnSessionKey,String> reverse = new
ConcurrentHashMap<>();
-
-
- /**
* Optional SSO cookie domain.
*/
private String cookieDomain;
@@ -196,55 +188,6 @@ public class SingleSignOn extends ValveB
}
- // ------------------------------------------------ SessionListener Methods
-
- /**
- * Acknowledge the occurrence of the specified event.
- *
- * @param event SessionEvent that has occurred
- */
- @Override
- public void sessionEvent(SessionEvent event) {
-
- if (!getState().isAvailable()) {
- return;
- }
-
- // We only care about session destroyed events
- if (!Session.SESSION_DESTROYED_EVENT.equals(event.getType())) {
- return;
- }
-
- // Look up the single session id associated with this session (if any)
- Session session = event.getSession();
- if (containerLog.isDebugEnabled()) {
- containerLog.debug("Process session destroyed on " + session);
- }
-
- String ssoId = null;
- ssoId = reverse.get(new SingleSignOnSessionKey(session));
- if (ssoId == null) {
- return;
- }
-
- // Was the session destroyed as the result of a timeout or context
stop?
- // If so, we'll just remove the expired session from the SSO. If the
- // session was logged out, we'll log out of all session associated with
- // the SSO.
- if (((session.getMaxInactiveInterval() > 0)
- && (System.currentTimeMillis() -
session.getThisAccessedTimeInternal() >=
- session.getMaxInactiveInterval() * 1000))
- || (!session.getManager().getContext().getState().isAvailable())) {
- removeSession(ssoId, session);
- } else {
- // The session was logged out.
- // Deregister this single session id, invalidating
- // associated sessions
- deregister(ssoId);
- }
- }
-
-
// ---------------------------------------------------------- Valve Methods
/**
@@ -349,6 +292,43 @@ public class SingleSignOn extends ValveB
// ------------------------------------------------------ Protected Methods
/**
+ * Process a session destroyed event by removing references to that session
+ * from the caches and - if the session destruction is the result of a
+ * logout - destroy the associated SSO session.
+ *
+ * @param ssoId The ID of the SSO session which which the destroyed
+ * session was associated
+ * @param session The session that has been destroyed
+ */
+ public void sessionDestroyed(String ssoId, Session session) {
+
+ if (!getState().isAvailable()) {
+ return;
+ }
+
+ if (containerLog.isDebugEnabled()) {
+ containerLog.debug("Process session destroyed on " + session);
+ }
+
+ // Was the session destroyed as the result of a timeout or context
stop?
+ // If so, we'll just remove the expired session from the SSO. If the
+ // session was logged out, we'll log out of all session associated with
+ // the SSO.
+ if (((session.getMaxInactiveInterval() > 0)
+ && (System.currentTimeMillis() -
session.getThisAccessedTimeInternal() >=
+ session.getMaxInactiveInterval() * 1000))
+ || (!session.getManager().getContext().getState().isAvailable())) {
+ removeSession(ssoId, session);
+ } else {
+ // The session was logged out.
+ // Deregister this single session id, invalidating
+ // associated sessions
+ deregister(ssoId);
+ }
+ }
+
+
+ /**
* Associate the specified single sign on identifier with the
* specified Session.
*
@@ -368,8 +348,7 @@ public class SingleSignOn extends ValveB
if (sso == null) {
return false;
} else {
- sso.addSession(this, session);
- reverse.put(new SingleSignOnSessionKey(session), ssoId);
+ sso.addSession(this, ssoId, session);
return true;
}
}
@@ -399,8 +378,6 @@ public class SingleSignOn extends ValveB
if (containerLog.isTraceEnabled()) {
containerLog.trace(" Invalidating session " + ssoKey);
}
- // Remove from reverse cache first to avoid recursion
- reverse.remove(ssoKey);
// Invalidate this session
expire(ssoKey);
}
@@ -586,9 +563,6 @@ public class SingleSignOn extends ValveB
// Remove the inactive session from SingleSignOnEntry
entry.removeSession(session);
- // Remove the inactive session from the 'reverse' Map.
- reverse.remove(new SingleSignOnSessionKey(session));
-
// If there are not sessions left in the SingleSignOnEntry,
// deregister the entry.
if (entry.findSessions().size() == 0) {
@@ -597,6 +571,11 @@ public class SingleSignOn extends ValveB
}
+ protected SessionListener getSessionListener(String ssoId) {
+ return new SingleSignOnListener(ssoId);
+ }
+
+
@Override
protected synchronized void startInternal() throws LifecycleException {
Container c = getContainer();
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java?rev=1646757&r1=1646756&r2=1646757&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
Fri Dec 19 14:54:08 2014
@@ -87,12 +87,12 @@ public class SingleSignOnEntry implement
* the SSO session.
* @param session The <code>Session</code> being associated with the SSO.
*/
- public void addSession(SingleSignOn sso, Session session) {
+ public void addSession(SingleSignOn sso, String ssoId, Session session) {
SingleSignOnSessionKey key = new SingleSignOnSessionKey(session);
SingleSignOnSessionKey currentKey = sessionKeys.putIfAbsent(key, key);
if (currentKey == null) {
// Session not previously added
- session.addSessionListener(sso);
+ session.addSessionListener(sso.getSessionListener(ssoId));
}
}
Propchange:
tomcat/tc8.0.x/trunk/java/org/apache/catalina/authenticator/SingleSignOnListener.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java?rev=1646757&r1=1646756&r2=1646757&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java
Fri Dec 19 14:54:08 2014
@@ -24,7 +24,6 @@ import org.apache.catalina.LifecycleExce
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.SingleSignOn;
import org.apache.catalina.authenticator.SingleSignOnEntry;
-import org.apache.catalina.authenticator.SingleSignOnSessionKey;
import org.apache.catalina.ha.CatalinaCluster;
import org.apache.catalina.ha.ClusterValve;
import org.apache.catalina.tribes.Channel;
@@ -157,12 +156,6 @@ public class ClusterSingleSignOn extends
cls, terminateOnStartFailure);
cache.setChannelSendOptions(mapSendOptions);
this.cache = cache;
-
- ReplicatedMap<SingleSignOnSessionKey,String> reverse = new
ReplicatedMap<>(
- this, cluster.getChannel(), rpcTimeout,
cluster.getClusterName() + "-SSO-reverse",
- cls, terminateOnStartFailure);
- reverse.setChannelSendOptions(mapSendOptions);
- this.reverse = reverse;
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
throw new LifecycleException(
@@ -187,7 +180,6 @@ public class ClusterSingleSignOn extends
if (getCluster() != null) {
((ReplicatedMap<?,?>) cache).breakdown();
- ((ReplicatedMap<?,?>) reverse).breakdown();
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
