JBossWeb SVN: r2208 - in branches/JBOSSWEB_7_2_0_FINAL_BZ-968578: src/main/java/org/apache/catalina/startup and 1 other directory.
by jbossweb-commits@lists.jboss.org
Author: aogburn
Date: 2013-05-31 16:27:18 -0400 (Fri, 31 May 2013)
New Revision: 2208
Modified:
branches/JBOSSWEB_7_2_0_FINAL_BZ-968578/
branches/JBOSSWEB_7_2_0_FINAL_BZ-968578/src/main/java/org/apache/catalina/startup/ContextConfig.java
Log:
[BZ-968578] backport fix for one-off patch
Property changes on: branches/JBOSSWEB_7_2_0_FINAL_BZ-968578
___________________________________________________________________
Added: svn:mergeinfo
+ /branches/7.2.x:2185
Modified: branches/JBOSSWEB_7_2_0_FINAL_BZ-968578/src/main/java/org/apache/catalina/startup/ContextConfig.java
===================================================================
--- branches/JBOSSWEB_7_2_0_FINAL_BZ-968578/src/main/java/org/apache/catalina/startup/ContextConfig.java 2013-05-31 12:54:47 UTC (rev 2207)
+++ branches/JBOSSWEB_7_2_0_FINAL_BZ-968578/src/main/java/org/apache/catalina/startup/ContextConfig.java 2013-05-31 20:27:18 UTC (rev 2208)
@@ -84,6 +84,20 @@
*/
protected static Properties authenticators = null;
+ static {
+ // Load our mapping properties
+ authenticators = new Properties();
+ try {
+ InputStream is = ContextConfig.class.getClassLoader().getResourceAsStream("org/apache/catalina/startup/Authenticators.properties");
+ if (is != null) {
+ authenticators.load(is);
+ } else {
+ CatalinaLogger.STARTUP_LOGGER.cannotFindAuthenticatoMappings();
+ }
+ } catch (IOException e) {
+ CatalinaLogger.STARTUP_LOGGER.failedLoadingAuthenticatoMappings(e);
+ }
+ }
/**
* The Context we are associated with.
@@ -233,25 +247,6 @@
customAuthenticators.get(loginConfig.getAuthMethod());
}
if (authenticator == null) {
- // Load our mapping properties if necessary
- if (authenticators == null) {
- try {
- InputStream is=this.getClass().getClassLoader().getResourceAsStream("org/apache/catalina/startup/Authenticators.properties");
- if( is!=null ) {
- authenticators = new Properties();
- authenticators.load(is);
- } else {
- CatalinaLogger.STARTUP_LOGGER.cannotFindAuthenticatoMappings();
- ok=false;
- return;
- }
- } catch (IOException e) {
- CatalinaLogger.STARTUP_LOGGER.failedLoadingAuthenticatoMappings(e);
- ok = false;
- return;
- }
- }
-
// Identify the class name of the Valve we should configure
String authenticatorName = null;
authenticatorName =
11 years, 7 months
JBossWeb SVN: r2207 - branches/JBOSSWEB_7_0_17_FINAL_BZ-967978/java/org/apache/catalina/authenticator.
by jbossweb-commits@lists.jboss.org
Author: aogburn
Date: 2013-05-31 08:54:47 -0400 (Fri, 31 May 2013)
New Revision: 2207
Modified:
branches/JBOSSWEB_7_0_17_FINAL_BZ-967978/java/org/apache/catalina/authenticator/AuthenticatorBase.java
branches/JBOSSWEB_7_0_17_FINAL_BZ-967978/java/org/apache/catalina/authenticator/SingleSignOn.java
Log:
[BZ-967978] commit one-off changes to avoid session invalidation on sso logout
Modified: branches/JBOSSWEB_7_0_17_FINAL_BZ-967978/java/org/apache/catalina/authenticator/AuthenticatorBase.java
===================================================================
--- branches/JBOSSWEB_7_0_17_FINAL_BZ-967978/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-30 21:40:00 UTC (rev 2206)
+++ branches/JBOSSWEB_7_0_17_FINAL_BZ-967978/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-31 12:54:47 UTC (rev 2207)
@@ -115,6 +115,14 @@
/**
+ * Should the session ID, if any, be changed upon a successful
+ * authentication to prevent a session fixation attack?
+ */
+ protected boolean unregisterSsoOnLogout =
+ Boolean.valueOf(System.getProperty("org.apache.catalina.authenticator.AuthenticatorBase.UNREGISTER_SSO_ON_LOGOUT", "true")).booleanValue();
+
+
+ /**
* The Context to which this Valve is attached.
*/
protected Context context = null;
@@ -208,6 +216,16 @@
}
+ public boolean isUnregisterSsoOnLogout() {
+ return unregisterSsoOnLogout;
+ }
+
+
+ public void setUnregisterSsoOnLogout(boolean unregisterSsoOnLogout) {
+ this.unregisterSsoOnLogout = unregisterSsoOnLogout;
+ }
+
+
/**
* Return the Container to which this Valve is attached.
*/
@@ -717,8 +735,14 @@
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (ssoId != null) {
// Update the SSO session with the latest authentication data
- request.removeNote(Constants.REQ_SSOID_NOTE);
- sso.deregister(ssoId);
+ if (unregisterSsoOnLogout) {
+ request.removeNote(Constants.REQ_SSOID_NOTE);
+ sso.deregister(ssoId);
+ } else {
+ if (cache && session != null) {
+ sso.removeLogin(ssoId);
+ }
+ }
}
}
Modified: branches/JBOSSWEB_7_0_17_FINAL_BZ-967978/java/org/apache/catalina/authenticator/SingleSignOn.java
===================================================================
--- branches/JBOSSWEB_7_0_17_FINAL_BZ-967978/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-30 21:40:00 UTC (rev 2206)
+++ branches/JBOSSWEB_7_0_17_FINAL_BZ-967978/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-31 12:54:47 UTC (rev 2207)
@@ -524,6 +524,34 @@
/**
+ * Logout the specified single sign on identifier from all sessions.
+ *
+ * @param ssoId Single sign on identifier to logout
+ */
+ public void removeLogin(String ssoId) {
+
+ // Look up and remove the corresponding SingleSignOnEntry
+ SingleSignOnEntry sso = null;
+ synchronized (cache) {
+ sso = cache.get(ssoId);
+ }
+
+ if (sso == null)
+ return;
+
+ // Remove all authentication information from all associated sessions
+ Session sessions[] = sso.findSessions();
+ for (Session session : sessions) {
+ session.setAuthType(null);
+ session.setPrincipal(null);
+ session.removeNote(Constants.SESS_USERNAME_NOTE);
+ session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ }
+
+ }
+
+
+ /**
* Attempts reauthentication to the given <code>Realm</code> using
* the credentials associated with the single sign-on session
* identified by argument <code>ssoId</code>.
11 years, 7 months
JBossWeb SVN: r2206 - branches.
by jbossweb-commits@lists.jboss.org
Author: aogburn
Date: 2013-05-30 17:40:00 -0400 (Thu, 30 May 2013)
New Revision: 2206
Added:
branches/JBOSSWEB_7_2_0_FINAL_BZ-968578/
Log:
[BZ-968578] create one-off branch
11 years, 7 months
JBossWeb SVN: r2205 - in branches: 8.0.x/src/main/java/org/apache/catalina/authenticator and 1 other directory.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2013-05-30 06:11:21 -0400 (Thu, 30 May 2013)
New Revision: 2205
Modified:
branches/7.2.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java
branches/7.2.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java
branches/8.0.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java
branches/8.0.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java
Log:
Rename logout method to avoid overriding in the AS code.
Modified: branches/7.2.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java
===================================================================
--- branches/7.2.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-28 18:53:44 UTC (rev 2204)
+++ branches/7.2.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-30 10:11:21 UTC (rev 2205)
@@ -732,7 +732,7 @@
sso.deregister(ssoId);
} else {
if (cache && session != null) {
- sso.logout(ssoId);
+ sso.removeLogin(ssoId);
}
}
}
Modified: branches/7.2.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java
===================================================================
--- branches/7.2.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-28 18:53:44 UTC (rev 2204)
+++ branches/7.2.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-30 10:11:21 UTC (rev 2205)
@@ -520,7 +520,7 @@
*
* @param ssoId Single sign on identifier to logout
*/
- public void logout(String ssoId) {
+ public void removeLogin(String ssoId) {
// Look up and remove the corresponding SingleSignOnEntry
SingleSignOnEntry sso = null;
Modified: branches/8.0.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java
===================================================================
--- branches/8.0.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-28 18:53:44 UTC (rev 2204)
+++ branches/8.0.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-30 10:11:21 UTC (rev 2205)
@@ -732,7 +732,7 @@
sso.deregister(ssoId);
} else {
if (cache && session != null) {
- sso.logout(ssoId);
+ sso.removeLogin(ssoId);
}
}
}
Modified: branches/8.0.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java
===================================================================
--- branches/8.0.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-28 18:53:44 UTC (rev 2204)
+++ branches/8.0.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-30 10:11:21 UTC (rev 2205)
@@ -520,7 +520,7 @@
*
* @param ssoId Single sign on identifier to logout
*/
- public void logout(String ssoId) {
+ public void removeLogin(String ssoId) {
// Look up and remove the corresponding SingleSignOnEntry
SingleSignOnEntry sso = null;
11 years, 7 months
JBossWeb SVN: r2204 - branches.
by jbossweb-commits@lists.jboss.org
Author: aogburn
Date: 2013-05-28 14:53:44 -0400 (Tue, 28 May 2013)
New Revision: 2204
Added:
branches/JBOSSWEB_7_0_17_FINAL_BZ-967978/
Log:
[BZ-967978] create one-off branch
11 years, 7 months
JBossWeb SVN: r2203 - branches/8.0.x/src/main/java/org/apache/coyote/http11.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2013-05-27 06:34:35 -0400 (Mon, 27 May 2013)
New Revision: 2203
Modified:
branches/8.0.x/src/main/java/org/apache/coyote/http11/InternalAprOutputBuffer.java
branches/8.0.x/src/main/java/org/apache/coyote/http11/InternalOutputBuffer.java
Log:
Try preloading the Constants class.
Modified: branches/8.0.x/src/main/java/org/apache/coyote/http11/InternalAprOutputBuffer.java
===================================================================
--- branches/8.0.x/src/main/java/org/apache/coyote/http11/InternalAprOutputBuffer.java 2013-05-23 14:32:08 UTC (rev 2202)
+++ branches/8.0.x/src/main/java/org/apache/coyote/http11/InternalAprOutputBuffer.java 2013-05-27 10:34:35 UTC (rev 2203)
@@ -59,7 +59,7 @@
headers = response.getMimeHeaders();
buf = new byte[headerBufferSize];
- if (headerBufferSize < (8 * 1024)) {
+ if (headerBufferSize < Constants.DEFAULT_HTTP_HEADER_BUFFER_SIZE) {
bbuf = ByteBuffer.allocateDirect(6 * 1500);
} else {
bbuf = ByteBuffer.allocateDirect((headerBufferSize / 1500 + 1) * 1500);
Modified: branches/8.0.x/src/main/java/org/apache/coyote/http11/InternalOutputBuffer.java
===================================================================
--- branches/8.0.x/src/main/java/org/apache/coyote/http11/InternalOutputBuffer.java 2013-05-23 14:32:08 UTC (rev 2202)
+++ branches/8.0.x/src/main/java/org/apache/coyote/http11/InternalOutputBuffer.java 2013-05-27 10:34:35 UTC (rev 2203)
@@ -77,6 +77,9 @@
committed = false;
finished = false;
+ // Cause loading of Constants
+ int foo = Constants.HTTP_11_BYTES[0];
+
}
11 years, 7 months
JBossWeb SVN: r2202 - in branches: 7.2.x/src/main/java/org/apache/catalina/connector and 1 other directory.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2013-05-23 10:32:08 -0400 (Thu, 23 May 2013)
New Revision: 2202
Modified:
branches/7.0.x/java/org/apache/catalina/connector/Connector.java
branches/7.2.x/src/main/java/org/apache/catalina/connector/Connector.java
Log:
Port the system property for allow trace.
Modified: branches/7.0.x/java/org/apache/catalina/connector/Connector.java
===================================================================
--- branches/7.0.x/java/org/apache/catalina/connector/Connector.java 2013-05-22 15:48:23 UTC (rev 2201)
+++ branches/7.0.x/java/org/apache/catalina/connector/Connector.java 2013-05-23 14:32:08 UTC (rev 2202)
@@ -65,7 +65,9 @@
Boolean.valueOf(System.getProperty("org.apache.catalina.connector.RECYCLE_FACADES",
(org.apache.tomcat.util.Constants.LOW_MEMORY) ? "true" : "false")).booleanValue();
-
+ protected static final boolean ALLOW_TRACE =
+ Boolean.valueOf(System.getProperty("org.apache.catalina.connector.ALLOW_TRACE", "false")).booleanValue();
+
protected static final boolean X_POWERED_BY =
Boolean.valueOf(System.getProperty("org.apache.catalina.connector.X_POWERED_BY", "false")).booleanValue();
@@ -107,7 +109,7 @@
/**
* Do we allow TRACE ?
*/
- protected boolean allowTrace = false;
+ protected boolean allowTrace = ALLOW_TRACE;
/**
Modified: branches/7.2.x/src/main/java/org/apache/catalina/connector/Connector.java
===================================================================
--- branches/7.2.x/src/main/java/org/apache/catalina/connector/Connector.java 2013-05-22 15:48:23 UTC (rev 2201)
+++ branches/7.2.x/src/main/java/org/apache/catalina/connector/Connector.java 2013-05-23 14:32:08 UTC (rev 2202)
@@ -66,6 +66,8 @@
protected static final boolean X_POWERED_BY =
Boolean.valueOf(System.getProperty("org.apache.catalina.connector.X_POWERED_BY", "false")).booleanValue();
+ protected static final boolean ALLOW_TRACE =
+ Boolean.valueOf(System.getProperty("org.apache.catalina.connector.ALLOW_TRACE", "false")).booleanValue();
protected static final String URI_ENCODING =
System.getProperty("org.apache.catalina.connector.URI_ENCODING");
@@ -102,7 +104,7 @@
/**
* Do we allow TRACE ?
*/
- protected boolean allowTrace = false;
+ protected boolean allowTrace = ALLOW_TRACE;
/**
11 years, 7 months
JBossWeb SVN: r2201 - in branches: 7.2.x/src/main/java/org/apache/catalina/authenticator and 1 other directory.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2013-05-22 11:48:23 -0400 (Wed, 22 May 2013)
New Revision: 2201
Modified:
branches/7.0.x/java/org/apache/catalina/authenticator/AuthenticatorBase.java
branches/7.0.x/java/org/apache/catalina/authenticator/SingleSignOn.java
branches/7.2.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java
branches/7.2.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java
Log:
Modify SSO logout so that it can avoid expiring all sessions.
Modified: branches/7.0.x/java/org/apache/catalina/authenticator/AuthenticatorBase.java
===================================================================
--- branches/7.0.x/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-22 15:47:51 UTC (rev 2200)
+++ branches/7.0.x/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-22 15:48:23 UTC (rev 2201)
@@ -115,6 +115,14 @@
/**
+ * Should the session ID, if any, be changed upon a successful
+ * authentication to prevent a session fixation attack?
+ */
+ protected boolean unregisterSsoOnLogout =
+ Boolean.valueOf(System.getProperty("org.apache.catalina.authenticator.AuthenticatorBase.UNREGISTER_SSO_ON_LOGOUT", "true")).booleanValue();
+
+
+ /**
* The Context to which this Valve is attached.
*/
protected Context context = null;
@@ -208,6 +216,16 @@
}
+ public boolean isUnregisterSsoOnLogout() {
+ return unregisterSsoOnLogout;
+ }
+
+
+ public void setUnregisterSsoOnLogout(boolean unregisterSsoOnLogout) {
+ this.unregisterSsoOnLogout = unregisterSsoOnLogout;
+ }
+
+
/**
* Return the Container to which this Valve is attached.
*/
@@ -717,8 +735,14 @@
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (ssoId != null) {
// Update the SSO session with the latest authentication data
- request.removeNote(Constants.REQ_SSOID_NOTE);
- sso.deregister(ssoId);
+ if (unregisterSsoOnLogout) {
+ request.removeNote(Constants.REQ_SSOID_NOTE);
+ sso.deregister(ssoId);
+ } else {
+ if (cache && session != null) {
+ sso.logout(ssoId);
+ }
+ }
}
}
Modified: branches/7.0.x/java/org/apache/catalina/authenticator/SingleSignOn.java
===================================================================
--- branches/7.0.x/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-22 15:47:51 UTC (rev 2200)
+++ branches/7.0.x/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-22 15:48:23 UTC (rev 2201)
@@ -458,7 +458,36 @@
}
+
/**
+ * Logout the specified single sign on identifier from all sessions.
+ *
+ * @param ssoId Single sign on identifier to logout
+ */
+ public void logout(String ssoId) {
+
+ // Look up and remove the corresponding SingleSignOnEntry
+ SingleSignOnEntry sso = null;
+ synchronized (cache) {
+ sso = cache.get(ssoId);
+ }
+
+ if (sso == null)
+ return;
+
+ // Remove all authentication information from all associated sessions
+ Session sessions[] = sso.findSessions();
+ for (Session session : sessions) {
+ session.setAuthType(null);
+ session.setPrincipal(null);
+ session.removeNote(Constants.SESS_USERNAME_NOTE);
+ session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ }
+
+ }
+
+
+ /**
* Deregister the specified session. If it is the last session,
* then also get rid of the single sign on identifier
*
Modified: branches/7.2.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java
===================================================================
--- branches/7.2.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-22 15:47:51 UTC (rev 2200)
+++ branches/7.2.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-22 15:48:23 UTC (rev 2201)
@@ -115,6 +115,14 @@
/**
+ * Should the session ID, if any, be changed upon a successful
+ * authentication to prevent a session fixation attack?
+ */
+ protected boolean unregisterSsoOnLogout =
+ Boolean.valueOf(System.getProperty("org.apache.catalina.authenticator.AuthenticatorBase.UNREGISTER_SSO_ON_LOGOUT", "true")).booleanValue();
+
+
+ /**
* The Context to which this Valve is attached.
*/
protected Context context = null;
@@ -201,6 +209,16 @@
}
+ public boolean isUnregisterSsoOnLogout() {
+ return unregisterSsoOnLogout;
+ }
+
+
+ public void setUnregisterSsoOnLogout(boolean unregisterSsoOnLogout) {
+ this.unregisterSsoOnLogout = unregisterSsoOnLogout;
+ }
+
+
/**
* Return the Container to which this Valve is attached.
*/
@@ -709,8 +727,14 @@
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (ssoId != null) {
// Update the SSO session with the latest authentication data
- request.removeNote(Constants.REQ_SSOID_NOTE);
- sso.deregister(ssoId);
+ if (unregisterSsoOnLogout) {
+ request.removeNote(Constants.REQ_SSOID_NOTE);
+ sso.deregister(ssoId);
+ } else {
+ if (cache && session != null) {
+ sso.logout(ssoId);
+ }
+ }
}
}
Modified: branches/7.2.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java
===================================================================
--- branches/7.2.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-22 15:47:51 UTC (rev 2200)
+++ branches/7.2.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-22 15:48:23 UTC (rev 2201)
@@ -516,6 +516,34 @@
/**
+ * Logout the specified single sign on identifier from all sessions.
+ *
+ * @param ssoId Single sign on identifier to logout
+ */
+ public void logout(String ssoId) {
+
+ // Look up and remove the corresponding SingleSignOnEntry
+ SingleSignOnEntry sso = null;
+ synchronized (cache) {
+ sso = cache.get(ssoId);
+ }
+
+ if (sso == null)
+ return;
+
+ // Remove all authentication information from all associated sessions
+ Session sessions[] = sso.findSessions();
+ for (Session session : sessions) {
+ session.setAuthType(null);
+ session.setPrincipal(null);
+ session.removeNote(Constants.SESS_USERNAME_NOTE);
+ session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ }
+
+ }
+
+
+ /**
* Attempts reauthentication to the given <code>Realm</code> using
* the credentials associated with the single sign-on session
* identified by argument <code>ssoId</code>.
11 years, 7 months
JBossWeb SVN: r2200 - in branches/8.0.x: src/main/java/org/apache/catalina/connector and 1 other directories.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2013-05-22 11:47:51 -0400 (Wed, 22 May 2013)
New Revision: 2200
Modified:
branches/8.0.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java
branches/8.0.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java
branches/8.0.x/src/main/java/org/apache/catalina/connector/Connector.java
branches/8.0.x/webapps/docs/sysprops.xml
Log:
- Add a system property for TRACE.
- Modify SSO logout so that it can avoid expiring all sessions.
Modified: branches/8.0.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java
===================================================================
--- branches/8.0.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-16 04:33:23 UTC (rev 2199)
+++ branches/8.0.x/src/main/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2013-05-22 15:47:51 UTC (rev 2200)
@@ -115,6 +115,14 @@
/**
+ * Should the session ID, if any, be changed upon a successful
+ * authentication to prevent a session fixation attack?
+ */
+ protected boolean unregisterSsoOnLogout =
+ Boolean.valueOf(System.getProperty("org.apache.catalina.authenticator.AuthenticatorBase.UNREGISTER_SSO_ON_LOGOUT", "true")).booleanValue();
+
+
+ /**
* The Context to which this Valve is attached.
*/
protected Context context = null;
@@ -201,6 +209,16 @@
}
+ public boolean isUnregisterSsoOnLogout() {
+ return unregisterSsoOnLogout;
+ }
+
+
+ public void setUnregisterSsoOnLogout(boolean unregisterSsoOnLogout) {
+ this.unregisterSsoOnLogout = unregisterSsoOnLogout;
+ }
+
+
/**
* Return the Container to which this Valve is attached.
*/
@@ -709,8 +727,14 @@
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (ssoId != null) {
// Update the SSO session with the latest authentication data
- request.removeNote(Constants.REQ_SSOID_NOTE);
- sso.deregister(ssoId);
+ if (unregisterSsoOnLogout) {
+ request.removeNote(Constants.REQ_SSOID_NOTE);
+ sso.deregister(ssoId);
+ } else {
+ if (cache && session != null) {
+ sso.logout(ssoId);
+ }
+ }
}
}
Modified: branches/8.0.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java
===================================================================
--- branches/8.0.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-16 04:33:23 UTC (rev 2199)
+++ branches/8.0.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java 2013-05-22 15:47:51 UTC (rev 2200)
@@ -516,6 +516,34 @@
/**
+ * Logout the specified single sign on identifier from all sessions.
+ *
+ * @param ssoId Single sign on identifier to logout
+ */
+ public void logout(String ssoId) {
+
+ // Look up and remove the corresponding SingleSignOnEntry
+ SingleSignOnEntry sso = null;
+ synchronized (cache) {
+ sso = cache.get(ssoId);
+ }
+
+ if (sso == null)
+ return;
+
+ // Remove all authentication information from all associated sessions
+ Session sessions[] = sso.findSessions();
+ for (Session session : sessions) {
+ session.setAuthType(null);
+ session.setPrincipal(null);
+ session.removeNote(Constants.SESS_USERNAME_NOTE);
+ session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ }
+
+ }
+
+
+ /**
* Attempts reauthentication to the given <code>Realm</code> using
* the credentials associated with the single sign-on session
* identified by argument <code>ssoId</code>.
Modified: branches/8.0.x/src/main/java/org/apache/catalina/connector/Connector.java
===================================================================
--- branches/8.0.x/src/main/java/org/apache/catalina/connector/Connector.java 2013-05-16 04:33:23 UTC (rev 2199)
+++ branches/8.0.x/src/main/java/org/apache/catalina/connector/Connector.java 2013-05-22 15:47:51 UTC (rev 2200)
@@ -66,7 +66,9 @@
protected static final boolean X_POWERED_BY =
Boolean.valueOf(System.getProperty("org.apache.catalina.connector.X_POWERED_BY", "false")).booleanValue();
-
+ protected static final boolean ALLOW_TRACE =
+ Boolean.valueOf(System.getProperty("org.apache.catalina.connector.ALLOW_TRACE", "false")).booleanValue();
+
protected static final String URI_ENCODING =
System.getProperty("org.apache.catalina.connector.URI_ENCODING");
@@ -102,7 +104,7 @@
/**
* Do we allow TRACE ?
*/
- protected boolean allowTrace = false;
+ protected boolean allowTrace = ALLOW_TRACE;
/**
Modified: branches/8.0.x/webapps/docs/sysprops.xml
===================================================================
--- branches/8.0.x/webapps/docs/sysprops.xml 2013-05-16 04:33:23 UTC (rev 2199)
+++ branches/8.0.x/webapps/docs/sysprops.xml 2013-05-22 15:47:51 UTC (rev 2200)
@@ -103,6 +103,12 @@
in embedded mode.</p>
</property>
+ <property name="org.apache.catalina.authenticator.AuthenticatorBase.UNREGISTER_SSO_ON_LOGOUT">
+ <p>If <code>true</code>, the SSO will not be unregistred, and all associated sessions
+ expired when logout is called (expiration remains a separate operation, like for non SSO).
+ If not specified the default value of <code>true</code> will be used.</p>
+ </property>
+
<property name="org.apache.catalina.connector.Request.SESSION_ID_CHECK">
<p>If <code>true</code>, the Servet container will verify that a session
exists in a context with the specified session id before creating a session
@@ -299,6 +305,11 @@
<properties>
+ <property name="org.apache.catalina.connector.Connector.ALLOW_TRACE">
+ <p>If this is <code>true</code> the TRACE HTTP method will be allowed.
+ If not specified, the default value of <code>false</code> will be used.</p>
+ </property>
+
<property name="org.apache.catalina.connector.RECYCLE_FACADES">
<p>If this is <code>true</code> or if a security manager is in use a new
facade object will be created for each request. If not specified, the
11 years, 7 months
JBossWeb SVN: r2198 - tags.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2013-05-15 04:26:08 -0400 (Wed, 15 May 2013)
New Revision: 2198
Added:
tags/JBOSSWEB_8_0_0_ALPHA1/
Log:
First build.
11 years, 7 months