22. Araxis Merge File Comparison Report

Produced by Araxis Merge on 11/20/2017 2:16:17 PM GMT Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

22.1 Files compared

#	Location	File	Last Modified
1	C:\Merge Test Files\8.0.47\java\org\apache\catalina\authenticator	SingleSignOn.java	Fri Sep 29 16:53:28 2017 UTC
2	C:\Merge Test Files\8.5.23\java\org\apache\catalina\authenticator	SingleSignOn.java	Thu Sep 28 11:32:16 2017 UTC

22.2 Comparison summary

Description	Between Files 1 and 2
Description	Text Blocks	Lines
Unchanged	2	1236
Changed	1	2
Inserted	0	0
Removed	0	0

22.3 Comparison options

Whitespace	Consecutive whitespace is treated as a single space
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

22.4 Active regular expressions

No regular expressions were active.

22.5 Comparison detail

1	/*	1	/*
2	* License d to the A pache Soft ware Found ation (ASF ) under on e or more	2	* License d to the A pache Soft ware Found ation (ASF ) under on e or more
3	* contrib utor licen se agreeme nts. See the NOTICE file dist ributed wi th	3	* contrib utor licen se agreeme nts. See the NOTICE file dist ributed wi th
4	* this wo rk for add itional in formation regarding copyright ownership.	4	* this wo rk for add itional in formation regarding copyright ownership.
5	* The ASF licenses this file to You und er the Apa che Licens e, Version 2.0	5	* The ASF licenses this file to You und er the Apa che Licens e, Version 2.0
6	* (the "L icense"); you may no t use this file exce pt in comp liance wit h	6	* (the "L icense"); you may no t use this file exce pt in comp liance wit h
7	* the Lic ense. You may obtai n a copy o f the Lice nse at	7	* the Lic ense. You may obtai n a copy o f the Lice nse at
8	*	8	*
9	* ht tp://www.a pache.org/ licenses/L ICENSE-2.0	9	* ht tp://www.a pache.org/ licenses/L ICENSE-2.0
10	*	10	*
11	* Unless required b y applicab le law or agreed to in writing , software	11	* Unless required b y applicab le law or agreed to in writing , software
12	* distrib uted under the Licen se is dist ributed on an "AS IS " BASIS,	12	* distrib uted under the Licen se is dist ributed on an "AS IS " BASIS,
13	* WITHOUT WARRANTIE S OR CONDI TIONS OF A NY KIND, e ither expr ess or imp lied.	13	* WITHOUT WARRANTIE S OR CONDI TIONS OF A NY KIND, e ither expr ess or imp lied.
14	* See the License f or the spe cific lang uage gover ning permi ssions and	14	* See the License f or the spe cific lang uage gover ning permi ssions and
15	* limitat ions under the Licen se.	15	* limitat ions under the Licen se.
16	*/	16	*/
17	package or g.apache.c atalina.au thenticato r;	17	package or g.apache.c atalina.au thenticato r;
18		18
19	import jav a.io.IOExc eption;	19	import jav a.io.IOExc eption;
20	import jav a.security .Principal ;	20	import jav a.security .Principal ;
21	import jav a.util.Map ;	21	import jav a.util.Map ;
22	import jav a.util.Set ;	22	import jav a.util.Set ;
23	import jav a.util.con current.Co ncurrentHa shMap;	23	import jav a.util.con current.Co ncurrentHa shMap;
24		24
25	import jav ax.servlet .ServletEx ception;	25	import jav ax.servlet .ServletEx ception;
26	import jav ax.servlet .http.Cook ie;	26	import jav ax.servlet .http.Cook ie;
27		27
28	import org .apache.ca talina.Con tainer;	28	import org .apache.ca talina.Con tainer;
29	import org .apache.ca talina.Con text;	29	import org .apache.ca talina.Con text;
30	import org .apache.ca talina.Eng ine;	30	import org .apache.ca talina.Eng ine;
31	import org .apache.ca talina.Lif ecycleExce ption;	31	import org .apache.ca talina.Lif ecycleExce ption;
32	import org .apache.ca talina.Man ager;	32	import org .apache.ca talina.Man ager;
33	import org .apache.ca talina.Rea lm;	33	import org .apache.ca talina.Rea lm;
34	import org .apache.ca talina.Ses sion;	34	import org .apache.ca talina.Ses sion;
35	import org .apache.ca talina.Ses sionListen er;	35	import org .apache.ca talina.Ses sionListen er;
36	import org .apache.ca talina.con nector.Req uest;	36	import org .apache.ca talina.con nector.Req uest;
37	import org .apache.ca talina.con nector.Res ponse;	37	import org .apache.ca talina.con nector.Res ponse;
38	import org .apache.ca talina.val ves.ValveB ase;	38	import org .apache.ca talina.val ves.ValveB ase;
39	import org .apache.to mcat.util. res.String Manager;	39	import org .apache.to mcat.util. res.String Manager;
40		40
41	/**	41	/**
42	* A <stro ng>Valve</ strong> th at support s a "singl e sign on" user expe rience,	42	* A <stro ng>Valve</ strong> th at support s a "singl e sign on" user expe rience,
43	* where t he securit y identity of a user who succe ssfully au thenticate s to one	43	* where t he securit y identity of a user who succe ssfully au thenticate s to one
44	* web app lication i s propagat ed to othe r web appl ications i n the same	44	* web app lication i s propagat ed to othe r web appl ications i n the same
45	* securit y domain. For succe ssful use, the follo wing requi rements mu st	45	* securit y domain. For succe ssful use, the follo wing requi rements mu st
46	* be met:	46	* be met:
47	* <ul>	47	* <ul>
48	* <li>Thi s Valve mu st be conf igured on the Contai ner that r epresents a	48	* <li>Thi s Valve mu st be conf igured on the Contai ner that r epresents a
49	* vir tual host (typically an implem entation o f <code>Ho st</code>) .</li>	49	* vir tual host (typically an implem entation o f <code>Ho st</code>) .</li>
50	* <li>The <code>Rea lm</code> that conta ins the sh ared user and role	50	* <li>The <code>Rea lm</code> that conta ins the sh ared user and role
51	* inf ormation m ust be con figured on the same Container (or a high er	51	* inf ormation m ust be con figured on the same Container (or a high er
52	* one ), and not overridde n at the w eb applica tion level .</li>	52	* one ), and not overridde n at the w eb applica tion level .</li>
53	* <li>The web appli cations th emselves m ust use on e of the s tandard	53	* <li>The web appli cations th emselves m ust use on e of the s tandard
54	* Aut henticator s found in the	54	* Aut henticator s found in the
55	* <co de>org.apa che.catali na.authent icator</co de> packag e.</li>	55	* <co de>org.apa che.catali na.authent icator</co de> packag e.</li>
56	* </ul>	56	* </ul>
57	*	57	*
58	* @author Craig R. McClanahan	58	* @author Craig R. McClanahan
59	*/	59	*/
60	public cla ss SingleS ignOn exte nds ValveB ase {	60	public cla ss SingleS ignOn exte nds ValveB ase {
61		61
62	private st atic final StringMan ager sm = StringMana ger.getMan ager( Co n sta n ts . Pa c k a ge );	62	private st atic final StringMan ager sm = StringMana ger.getMan ager( Si n gleSignO n . c l a ss );
63		63
64	/* The engine at the top o f the cont ainer hier archy in w hich this SSO Valve	64	/* The engine at the top o f the cont ainer hier archy in w hich this SSO Valve
65	* has been plac ed. It is used to ge t back to a session object fro m a	65	* has been plac ed. It is used to ge t back to a session object fro m a
66	* Sin gleSignOnS essionKey and is upd ated when the Valve starts and stops.	66	* Sin gleSignOnS essionKey and is upd ated when the Valve starts and stops.
67	*/	67	*/
68	privat e Engine e ngine;	68	privat e Engine e ngine;
69		69
70	//---- ---------- ---------- ---------- ---------- ---------- Construct or	70	//---- ---------- ---------- ---------- ---------- ---------- Construct or
71		71
72	public SingleSig nOn() {	72	public SingleSig nOn() {
73	su per(true);	73	su per(true);
74	}	74	}
75		75
76		76
77	// --- ---------- ---------- ---------- ---------- ---------- Instance Variables	77	// --- ---------- ---------- ---------- ---------- ---------- Instance Variables
78		78
79	/**	79	/**
80	* The cache of SingleSign OnEntry in stances fo r authenti cated Prin cipals,	80	* The cache of SingleSign OnEntry in stances fo r authenti cated Prin cipals,
81	* key ed by the cookie val ue that is used to s elect them .	81	* key ed by the cookie val ue that is used to s elect them .
82	*/	82	*/
83	protec ted Map<St ring,Singl eSignOnEnt ry> cache = new Conc urrentHash Map<>();	83	protec ted Map<St ring,Singl eSignOnEnt ry> cache = new Conc urrentHash Map<>();
84		84
85	/**	85	/**
86	* Ind icates whe ther this valve shou ld require a downstr eam Authen ticator to	86	* Ind icates whe ther this valve shou ld require a downstr eam Authen ticator to
87	* rea uthenticat e each req uest, or i f it itsel f can bind a UserPri ncipal	87	* rea uthenticat e each req uest, or i f it itsel f can bind a UserPri ncipal
88	* and AuthType object to the reques t.	88	* and AuthType object to the reques t.
89	*/	89	*/
90	privat e boolean requireRea uthenticat ion = fals e;	90	privat e boolean requireRea uthenticat ion = fals e;
91		91
92	/**	92	/**
93	* Opt ional SSO cookie dom ain.	93	* Opt ional SSO cookie dom ain.
94	*/	94	*/
95	privat e String c ookieDomai n;	95	privat e String c ookieDomai n;
96		96
97		97
98	// --- ---------- ---------- ---------- ---------- ---------- -------- P roperties	98	// --- ---------- ---------- ---------- ---------- ---------- -------- P roperties
99		99
100	/**	100	/**
101	* Ret urns the o ptional co okie domai n.	101	* Ret urns the o ptional co okie domai n.
102	* May return nu ll.	102	* May return nu ll.
103	*	103	*
104	* @re turn The c ookie doma in	104	* @re turn The c ookie doma in
105	*/	105	*/
106	public String ge tCookieDom ain() {	106	public String ge tCookieDom ain() {
107	re turn cooki eDomain;	107	re turn cooki eDomain;
108	}	108	}
109		109
110		110
111	/**	111	/**
112	* Set s the doma in to be u sed for ss o cookies.	112	* Set s the doma in to be u sed for ss o cookies.
113	*	113	*
114	* @pa ram cookie Domain coo kie domain name	114	* @pa ram cookie Domain coo kie domain name
115	*/	115	*/
116	public void setC ookieDomai n(String c ookieDomai n) {	116	public void setC ookieDomai n(String c ookieDomai n) {
117	if (cookieDo main != nu ll && cook ieDomain.t rim().leng th() == 0) {	117	if (cookieDo main != nu ll && cook ieDomain.t rim().leng th() == 0) {
118	this.coo kieDomain = null;	118	this.coo kieDomain = null;
119	} else {	119	} else {
120	this.coo kieDomain = cookieDo main;	120	this.coo kieDomain = cookieDo main;
121	}	121	}
122	}	122	}
123		123
124		124
125	/**	125	/**
126	* Get s whether each reque st needs t o be reaut henticated (by an	126	* Get s whether each reque st needs t o be reaut henticated (by an
127	* Aut henticator downstrea m in the p ipeline) t o the secu rity	127	* Aut henticator downstrea m in the p ipeline) t o the secu rity
128	* <co de>Realm</ code>, or if this Va lve can it self bind security i nfo	128	* <co de>Realm</ code>, or if this Va lve can it self bind security i nfo
129	* to the reques t based on the prese nce of a v alid SSO e ntry witho ut	129	* to the reques t based on the prese nce of a v alid SSO e ntry witho ut
130	* rec hecking wi th the <co de>Realm</ code>.	130	* rec hecking wi th the <co de>Realm</ code>.
131	*	131	*
132	* @re turn <cod e>true</co de> if it is require d that a d ownstream	132	* @re turn <cod e>true</co de> if it is require d that a d ownstream
133	* Auth enticator reauthenti cate each request be fore calls to	133	* Auth enticator reauthenti cate each request be fore calls to
134	* <cod e>HttpServ letRequest .setUserPr incipal()< /code>	134	* <cod e>HttpServ letRequest .setUserPr incipal()< /code>
135	* and <code>Http ServletReq uest.setAu thType()</ code> are made;	135	* and <code>Http ServletReq uest.setAu thType()</ code> are made;
136	* <cod e>false</c ode> if th e <code>Va lve</code> can itsel f make	136	* <cod e>false</c ode> if th e <code>Va lve</code> can itsel f make
137	* thos e calls re lying on t he presenc e of a val id SingleS ignOn	137	* thos e calls re lying on t he presenc e of a val id SingleS ignOn
138	* entr y associat ed with th e request.	138	* entr y associat ed with th e request.
139	*	139	*
140	* @se e #setRequ ireReauthe ntication	140	* @se e #setRequ ireReauthe ntication
141	*/	141	*/
142	public boolean g etRequireR eauthentic ation() {	142	public boolean g etRequireR eauthentic ation() {
143	re turn requi reReauthen tication;	143	re turn requi reReauthen tication;
144	}	144	}
145		145
146		146
147	/**	147	/**
148	* Set s whether each reque st needs t o be reaut henticated (by an	148	* Set s whether each reque st needs t o be reaut henticated (by an
149	* Aut henticator downstrea m in the p ipeline) t o the secu rity	149	* Aut henticator downstrea m in the p ipeline) t o the secu rity
150	* <co de>Realm</ code>, or if this Va lve can it self bind security i nfo	150	* <co de>Realm</ code>, or if this Va lve can it self bind security i nfo
151	* to the reques t, based o n the pres ence of a valid SSO entry, wit hout	151	* to the reques t, based o n the pres ence of a valid SSO entry, wit hout
152	* rec hecking wi th the <co de>Realm</ code>.	152	* rec hecking wi th the <co de>Realm</ code>.
153	* <p>	153	* <p>
154	* If this prope rty is <co de>false</ code> (the default), this	154	* If this prope rty is <co de>false</ code> (the default), this
155	* <co de>Valve</ code> will bind a Us erPrincipa l and Auth Type to th e request	155	* <co de>Valve</ code> will bind a Us erPrincipa l and Auth Type to th e request
156	* if a valid SS O entry is associate d with the request. It will n ot notify	156	* if a valid SS O entry is associate d with the request. It will n ot notify
157	* the security <code>Real m</code> o f the inco ming reque st.	157	* the security <code>Real m</code> o f the inco ming reque st.
158	* <p>	158	* <p>
159	* Thi s property should be set to <c ode>true</ code> if t he overall server	159	* Thi s property should be set to <c ode>true</ code> if t he overall server
160	* con figuration requires that the < code>Realm </code> re authentica te each	160	* con figuration requires that the < code>Realm </code> re authentica te each
161	* req uest threa d. An exa mple of su ch a confi guration w ould be on e where	161	* req uest threa d. An exa mple of su ch a confi guration w ould be on e where
162	* the <code>Rea lm</code> implementa tion provi des securi ty for bot h a	162	* the <code>Rea lm</code> implementa tion provi des securi ty for bot h a
163	* web tier and an associa ted EJB ti er, and ne eds to set security	163	* web tier and an associa ted EJB ti er, and ne eds to set security
164	* cre dentials o n each req uest threa d in order to suppor t EJB acce ss.	164	* cre dentials o n each req uest threa d in order to suppor t EJB acce ss.
165	* <p>	165	* <p>
166	* If this prope rty is set to <code> true</code >, this Va lve will s et flags	166	* If this prope rty is set to <code> true</code >, this Va lve will s et flags
167	* on the reques t notifyin g the down stream Aut henticator that the request	167	* on the reques t notifyin g the down stream Aut henticator that the request
168	* is associated with an S SO session . The Aut henticator will then call its	168	* is associated with an S SO session . The Aut henticator will then call its
169	* {@l ink Authen ticatorBas e#reauthen ticateFrom SSO reauth enticateFr omSSO}	169	* {@l ink Authen ticatorBas e#reauthen ticateFrom SSO reauth enticateFr omSSO}
170	* met hod to att empt to re authentica te the req uest to th e	170	* met hod to att empt to re authentica te the req uest to th e
171	* <co de>Realm</ code>, usi ng any cre dentials t hat were c ached with this	171	* <co de>Realm</ code>, usi ng any cre dentials t hat were c ached with this
172	* Val ve.	172	* Val ve.
173	* <p>	173	* <p>
174	* The default v alue of th is propert y is <code >false</co de>, in or der	174	* The default v alue of th is propert y is <code >false</co de>, in or der
175	* to maintain b ackward co mpatibilit y with pre vious vers ions of To mcat.	175	* to maintain b ackward co mpatibilit y with pre vious vers ions of To mcat.
176	*	176	*
177	* @pa ram requir ed <code> true</code > if it is required that a dow nstream	177	* @pa ram requir ed <code> true</code > if it is required that a dow nstream
178	* Authen ticator re authentica te each re quest befo re calls	178	* Authen ticator re authentica te each re quest befo re calls
179	* to <c ode>HttpSe rvletReque st.setUser Principal( )</code>	179	* to <c ode>HttpSe rvletReque st.setUser Principal( )</code>
180	* and <c ode>HttpSe rvletReque st.setAuth Type()</co de> are	180	* and <c ode>HttpSe rvletReque st.setAuth Type()</co de> are
181	* made; <code>fals e</code> i f the <cod e>Valve</c ode> can	181	* made; <code>fals e</code> i f the <cod e>Valve</c ode> can
182	* itself make thos e calls re lying on t he presenc e of a	182	* itself make thos e calls re lying on t he presenc e of a
183	* valid SingleSign On entry a ssociated with the r equest.	183	* valid SingleSign On entry a ssociated with the r equest.
184	*	184	*
185	* @se e Authenti catorBase# reauthenti cateFromSS O	185	* @se e Authenti catorBase# reauthenti cateFromSS O
186	*/	186	*/
187	public void setR equireReau thenticati on(boolean required) {	187	public void setR equireReau thenticati on(boolean required) {
188	th is.require Reauthenti cation = r equired;	188	th is.require Reauthenti cation = r equired;
189	}	189	}
190		190
191		191
192	// --- ---------- ---------- ---------- ---------- ---------- ----- Valv e Methods	192	// --- ---------- ---------- ---------- ---------- ---------- ----- Valv e Methods
193		193
194	/**	194	/**
195	* Per form singl e-sign-on support pr ocessing f or this re quest.	195	* Per form singl e-sign-on support pr ocessing f or this re quest.
196	*	196	*
197	* @pa ram reques t The serv let reques t we are p rocessing	197	* @pa ram reques t The serv let reques t we are p rocessing
198	* @pa ram respon se The ser vlet respo nse we are creating	198	* @pa ram respon se The ser vlet respo nse we are creating
199	*	199	*
200	* @ex ception IO Exception if an inpu t/output e rror occur s	200	* @ex ception IO Exception if an inpu t/output e rror occur s
201	* @ex ception Se rvletExcep tion if a servlet er ror occurs	201	* @ex ception Se rvletExcep tion if a servlet er ror occurs
202	*/	202	*/
203	@Overr ide	203	@Overr ide
204	public void invo ke(Request request, Response r esponse)	204	public void invo ke(Request request, Response r esponse)
205	th rows IOExc eption, Se rvletExcep tion {	205	th rows IOExc eption, Se rvletExcep tion {
206		206
207	re quest.remo veNote(Con stants.REQ _SSOID_NOT E);	207	re quest.remo veNote(Con stants.REQ _SSOID_NOT E);
208		208
209	// Has a val id user al ready been authentic ated?	209	// Has a val id user al ready been authentic ated?
210	if (containe rLog.isDeb ugEnabled( )) {	210	if (containe rLog.isDeb ugEnabled( )) {
211	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.invoke ", request .getReques tURI()));	211	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.invoke ", request .getReques tURI()));
212	}	212	}
213	if (request. getUserPri ncipal() ! = null) {	213	if (request. getUserPri ncipal() ! = null) {
214	if (cont ainerLog.i sDebugEnab led()) {	214	if (cont ainerLog.i sDebugEnab led()) {
215	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.ha sPrincipal ",	215	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.ha sPrincipal ",
216	reques t.getUserP rincipal() .getName() ));	216	reques t.getUserP rincipal() .getName() ));
217	}	217	}
218	getNext( ).invoke(r equest, re sponse);	218	getNext( ).invoke(r equest, re sponse);
219	return;	219	return;
220	}	220	}
221		221
222	// Check for the singl e sign on cookie	222	// Check for the singl e sign on cookie
223	if (containe rLog.isDeb ugEnabled( )) {	223	if (containe rLog.isDeb ugEnabled( )) {
224	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.cookie Check"));	224	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.cookie Check"));
225	}	225	}
226	Co okie cooki e = null;	226	Co okie cooki e = null;
227	Co okie cooki es[] = req uest.getCo okies();	227	Co okie cooki es[] = req uest.getCo okies();
228	if (cookies != null) {	228	if (cookies != null) {
229	for (int i = 0; i < cookies. length; i+ +) {	229	for (int i = 0; i < cookies. length; i+ +) {
230	if ( Constants. SINGLE_SIG N_ON_COOKI E.equals(c ookies[i]. getName()) ) {	230	if ( Constants. SINGLE_SIG N_ON_COOKI E.equals(c ookies[i]. getName()) ) {
231	cookie = c ookies[i];	231	cookie = c ookies[i];
232	break;	232	break;
233	}	233	}
234	}	234	}
235	}	235	}
236	if (cookie = = null) {	236	if (cookie = = null) {
237	if (cont ainerLog.i sDebugEnab led()) {	237	if (cont ainerLog.i sDebugEnab led()) {
238	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.co okieNotFou nd"));	238	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.co okieNotFou nd"));
239	}	239	}
240	getNext( ).invoke(r equest, re sponse);	240	getNext( ).invoke(r equest, re sponse);
241	return;	241	return;
242	}	242	}
243		243
244	// Look up t he cached Principal associated with this cookie va lue	244	// Look up t he cached Principal associated with this cookie va lue
245	if (containe rLog.isDeb ugEnabled( )) {	245	if (containe rLog.isDeb ugEnabled( )) {
246	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.princi palCheck",	246	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.princi palCheck",
247	cookie.get Value()));	247	cookie.get Value()));
248	}	248	}
249	Si ngleSignOn Entry entr y = cache. get(cookie .getValue( ));	249	Si ngleSignOn Entry entr y = cache. get(cookie .getValue( ));
250	if (entry != null) {	250	if (entry != null) {
251	if (cont ainerLog.i sDebugEnab led()) {	251	if (cont ainerLog.i sDebugEnab led()) {
252	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.pr incipalFou nd",	252	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.pr incipalFou nd",
253	entry. getPrincip al() != nu ll ? entry .getPrinci pal().getN ame() : "" ,	253	entry. getPrincip al() != nu ll ? entry .getPrinci pal().getN ame() : "" ,
254	entry. getAuthTyp e()));	254	entry. getAuthTyp e()));
255	}	255	}
256	request. setNote(Co nstants.RE Q_SSOID_NO TE, cookie .getValue( ));	256	request. setNote(Co nstants.RE Q_SSOID_NO TE, cookie .getValue( ));
257	// Only set securi ty element s if reaut henticatio n is not r equired	257	// Only set securi ty element s if reaut henticatio n is not r equired
258	if (!get RequireRea uthenticat ion()) {	258	if (!get RequireRea uthenticat ion()) {
259	requ est.setAut hType(entr y.getAuthT ype());	259	requ est.setAut hType(entr y.getAuthT ype());
260	requ est.setUse rPrincipal (entry.get Principal( ));	260	requ est.setUse rPrincipal (entry.get Principal( ));
261	}	261	}
262	} else {	262	} else {
263	if (cont ainerLog.i sDebugEnab led()) {	263	if (cont ainerLog.i sDebugEnab led()) {
264	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.pr incipalNot Found",	264	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.pr incipalNot Found",
265	cookie .getValue( )));	265	cookie .getValue( )));
266	}	266	}
267	// No ne ed to retu rn a valid SSO sessi on ID	267	// No ne ed to retu rn a valid SSO sessi on ID
268	cookie.s etValue("R EMOVE");	268	cookie.s etValue("R EMOVE");
269	// Age o f zero wil l trigger removal	269	// Age o f zero wil l trigger removal
270	cookie.s etMaxAge(0 );	270	cookie.s etMaxAge(0 );
271	// Domai n and path have to m atch the o riginal co okie to 'r eplace'	271	// Domai n and path have to m atch the o riginal co okie to 'r eplace'
272	// the o riginal co okie	272	// the o riginal co okie
273	cookie.s etPath("/" );	273	cookie.s etPath("/" );
274	String d omain = ge tCookieDom ain();	274	String d omain = ge tCookieDom ain();
275	if (doma in != null ) {	275	if (doma in != null ) {
276	cook ie.setDoma in(domain) ;	276	cook ie.setDoma in(domain) ;
277	}	277	}
278	// This is going t o trigger a Set-Cook ie header. While the value is	278	// This is going t o trigger a Set-Cook ie header. While the value is
279	// not s ecurity se nsitive, e nsure that expectati ons for se cure and	279	// not s ecurity se nsitive, e nsure that expectati ons for se cure and
280	// httpO nly are me t	280	// httpO nly are me t
281	cookie.s etSecure(r equest.isS ecure());	281	cookie.s etSecure(r equest.isS ecure());
282	if (requ est.getSer vletContex t().getSes sionCookie Config().i sHttpOnly( ) \|\|	282	if (requ est.getSer vletContex t().getSes sionCookie Config().i sHttpOnly( ) \|\|
283	request.ge tContext() .getUseHtt pOnly()) {	283	request.ge tContext() .getUseHtt pOnly()) {
284	cook ie.setHttp Only(true) ;	284	cook ie.setHttp Only(true) ;
285	}	285	}
286		286
287	response .addCookie (cookie);	287	response .addCookie (cookie);
288	}	288	}
289		289
290	// Invoke th e next Val ve in our pipeline	290	// Invoke th e next Val ve in our pipeline
291	ge tNext().in voke(reque st, respon se);	291	ge tNext().in voke(reque st, respon se);
292	}	292	}
293		293
294		294
295	// --- ---------- ---------- ---------- ---------- ---------- - Protecte d Methods	295	// --- ---------- ---------- ---------- ---------- ---------- - Protecte d Methods
296		296
297	/**	297	/**
298	* Pro cess a ses sion destr oyed event by removi ng referen ces to tha t session	298	* Pro cess a ses sion destr oyed event by removi ng referen ces to tha t session
299	* fro m the cach es and - i f the sess ion destru ction is t he result of a	299	* fro m the cach es and - i f the sess ion destru ction is t he result of a
300	* log out - dest roy the as sociated S SO session .	300	* log out - dest roy the as sociated S SO session .
301	*	301	*
302	* @pa ram ssoId The ID o f the SSO session wh ich which the destro yed	302	* @pa ram ssoId The ID o f the SSO session wh ich which the destro yed
303	* session was associ ated	303	* session was associ ated
304	* @pa ram sessio n The sess ion that h as been de stroyed	304	* @pa ram sessio n The sess ion that h as been de stroyed
305	*/	305	*/
306	public void sess ionDestroy ed(String ssoId, Ses sion sessi on) {	306	public void sess ionDestroy ed(String ssoId, Ses sion sessi on) {
307		307
308	if (!getStat e().isAvai lable()) {	308	if (!getStat e().isAvai lable()) {
309	return;	309	return;
310	}	310	}
311		311
312	// Was the s ession des troyed as the result of a time out or con text stop?	312	// Was the s ession des troyed as the result of a time out or con text stop?
313	// If so, we 'll just r emove the expired se ssion from the SSO. If the	313	// If so, we 'll just r emove the expired se ssion from the SSO. If the
314	// session w as logged out, we'll log out o f all sess ion associ ated with	314	// session w as logged out, we'll log out o f all sess ion associ ated with
315	// the SSO.	315	// the SSO.
316	if (((sessio n.getMaxIn activeInte rval() > 0 )	316	if (((sessio n.getMaxIn activeInte rval() > 0 )
317	&& (sess ion.getIdl eTimeInter nal() >= s ession.get MaxInactiv eInterval( ) * 1000))	317	&& (sess ion.getIdl eTimeInter nal() >= s ession.get MaxInactiv eInterval( ) * 1000))
318	\|\| (!ses sion.getMa nager().ge tContext() .getState( ).isAvaila ble())) {	318	\|\| (!ses sion.getMa nager().ge tContext() .getState( ).isAvaila ble())) {
319	if (cont ainerLog.i sDebugEnab led()) {	319	if (cont ainerLog.i sDebugEnab led()) {
320	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.se ssionTimeo ut",	320	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.se ssionTimeo ut",
321	ssoId, session)) ;	321	ssoId, session)) ;
322	}	322	}
323	removeSe ssion(ssoI d, session );	323	removeSe ssion(ssoI d, session );
324	} else {	324	} else {
325	// The s ession was logged ou t.	325	// The s ession was logged ou t.
326	// Dereg ister this single se ssion id, invalidati ng	326	// Dereg ister this single se ssion id, invalidati ng
327	// assoc iated sess ions	327	// assoc iated sess ions
328	if (cont ainerLog.i sDebugEnab led()) {	328	if (cont ainerLog.i sDebugEnab led()) {
329	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.se ssionLogou t",	329	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.se ssionLogou t",
330	ssoId, session)) ;	330	ssoId, session)) ;
331	}	331	}
332	// First remove th e session that we kn ow has exp ired / bee n logged	332	// First remove th e session that we kn ow has exp ired / bee n logged
333	// out s ince it ha s already been remov ed from it s Manager and, if	333	// out s ince it ha s already been remov ed from it s Manager and, if
334	// we do n't remove it first, deregiste r() will l og a warni ng that it	334	// we do n't remove it first, deregiste r() will l og a warni ng that it
335	// can't be found	335	// can't be found
336	removeSe ssion(ssoI d, session );	336	removeSe ssion(ssoI d, session );
337	// If th e SSO sess ion was on ly associa ted with o ne web app the call	337	// If th e SSO sess ion was on ly associa ted with o ne web app the call
338	// above will have removed t he SSO ses sion from the cache	338	// above will have removed t he SSO ses sion from the cache
339	if (cach e.contains Key(ssoId) ) {	339	if (cach e.contains Key(ssoId) ) {
340	dere gister(sso Id);	340	dere gister(sso Id);
341	}	341	}
342	}	342	}
343	}	343	}
344		344
345		345
346	/**	346	/**
347	* Ass ociate the specified single si gn on iden tifier wit h the	347	* Ass ociate the specified single si gn on iden tifier wit h the
348	* spe cified Ses sion.	348	* spe cified Ses sion.
349	*	349	*
350	* @pa ram ssoId Single sig n on ident ifier	350	* @pa ram ssoId Single sig n on ident ifier
351	* @pa ram sessio n Session to be asso ciated	351	* @pa ram sessio n Session to be asso ciated
352	*	352	*
353	* @re turn <code >true</cod e> if the session wa s associat ed to the given SSO	353	* @re turn <code >true</cod e> if the session wa s associat ed to the given SSO
354	* sessi on, otherw ise <code> false</cod e>	354	* sessi on, otherw ise <code> false</cod e>
355	*/	355	*/
356	protec ted boolea n associat e(String s soId, Sess ion sessio n) {	356	protec ted boolea n associat e(String s soId, Sess ion sessio n) {
357	Si ngleSignOn Entry sso = cache.ge t(ssoId);	357	Si ngleSignOn Entry sso = cache.ge t(ssoId);
358	if (sso == n ull) {	358	if (sso == n ull) {
359	if (cont ainerLog.i sDebugEnab led()) {	359	if (cont ainerLog.i sDebugEnab led()) {
360	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.as sociateFai l",	360	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.as sociateFai l",
361	ssoId, session)) ;	361	ssoId, session)) ;
362	}	362	}
363	return f alse;	363	return f alse;
364	} else {	364	} else {
365	if (cont ainerLog.i sDebugEnab led()) {	365	if (cont ainerLog.i sDebugEnab led()) {
366	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.as sociate",	366	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.as sociate",
367	ssoId, session)) ;	367	ssoId, session)) ;
368	}	368	}
369	sso.addS ession(thi s, ssoId, session);	369	sso.addS ession(thi s, ssoId, session);
370	return t rue;	370	return t rue;
371	}	371	}
372	}	372	}
373		373
374		374
375	/**	375	/**
376	* Der egister th e specifie d single s ign on ide ntifier, a nd invalid ate	376	* Der egister th e specifie d single s ign on ide ntifier, a nd invalid ate
377	* any associate d sessions .	377	* any associate d sessions .
378	*	378	*
379	* @pa ram ssoId Single sig n on ident ifier to d eregister	379	* @pa ram ssoId Single sig n on ident ifier to d eregister
380	*/	380	*/
381	protec ted void d eregister( String sso Id) {	381	protec ted void d eregister( String sso Id) {
382		382
383	// Look up a nd remove the corres ponding Si ngleSignOn Entry	383	// Look up a nd remove the corres ponding Si ngleSignOn Entry
384	Si ngleSignOn Entry sso = cache.re move(ssoId );	384	Si ngleSignOn Entry sso = cache.re move(ssoId );
385		385
386	if (sso == n ull) {	386	if (sso == n ull) {
387	if (cont ainerLog.i sDebugEnab led()) {	387	if (cont ainerLog.i sDebugEnab led()) {
388	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de registerFa il", ssoId ));	388	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de registerFa il", ssoId ));
389	}	389	}
390	return;	390	return;
391	}	391	}
392		392
393	// Expire an y associat ed session s	393	// Expire an y associat ed session s
394	Se t<SingleSi gnOnSessio nKey> ssoK eys = sso. findSessio ns();	394	Se t<SingleSi gnOnSessio nKey> ssoK eys = sso. findSessio ns();
395	if (ssoKeys. size() == 0) {	395	if (ssoKeys. size() == 0) {
396	if (cont ainerLog.i sDebugEnab led()) {	396	if (cont ainerLog.i sDebugEnab led()) {
397	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de registerNo ne", ssoId ));	397	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de registerNo ne", ssoId ));
398	}	398	}
399	}	399	}
400	fo r (SingleS ignOnSessi onKey ssoK ey : ssoKe ys) {	400	fo r (SingleS ignOnSessi onKey ssoK ey : ssoKe ys) {
401	if (cont ainerLog.i sDebugEnab led()) {	401	if (cont ainerLog.i sDebugEnab led()) {
402	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de register", ssoKey, s soId));	402	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de register", ssoKey, s soId));
403	}	403	}
404	// Inval idate this session	404	// Inval idate this session
405	expire(s soKey);	405	expire(s soKey);
406	}	406	}
407		407
408	// NOTE: Cl ients may still poss ess the ol d single s ign on coo kie,	408	// NOTE: Cl ients may still poss ess the ol d single s ign on coo kie,
409	// but it wi ll be remo ved on the next requ est since it is no l onger	409	// but it wi ll be remo ved on the next requ est since it is no l onger
410	// in the ca che	410	// in the ca che
411	}	411	}
412		412
413		413
414	privat e void exp ire(Single SignOnSess ionKey key ) {	414	privat e void exp ire(Single SignOnSess ionKey key ) {
415	if (engine = = null) {	415	if (engine = = null) {
416	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .engineNul l", key));	416	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .engineNul l", key));
417	return;	417	return;
418	}	418	}
419	Co ntainer ho st = engin e.findChil d(key.getH ostName()) ;	419	Co ntainer ho st = engin e.findChil d(key.getH ostName()) ;
420	if (host == null) {	420	if (host == null) {
421	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .hostNotFo und", key) );	421	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .hostNotFo und", key) );
422	return;	422	return;
423	}	423	}
424	Co ntext cont ext = (Con text) host .findChild (key.getCo ntextName( ));	424	Co ntext cont ext = (Con text) host .findChild (key.getCo ntextName( ));
425	if (context == null) {	425	if (context == null) {
426	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .contextNo tFound", k ey));	426	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .contextNo tFound", k ey));
427	return;	427	return;
428	}	428	}
429	Ma nager mana ger = cont ext.getMan ager();	429	Ma nager mana ger = cont ext.getMan ager();
430	if (manager == null) {	430	if (manager == null) {
431	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .managerNo tFound", k ey));	431	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .managerNo tFound", k ey));
432	return;	432	return;
433	}	433	}
434	Se ssion sess ion = null ;	434	Se ssion sess ion = null ;
435	tr y {	435	tr y {
436	session = manager. findSessio n(key.getS essionId() );	436	session = manager. findSessio n(key.getS essionId() );
437	} catch (IOE xception e ) {	437	} catch (IOE xception e ) {
438	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .managerEr ror", key) , e);	438	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .managerEr ror", key) , e);
439	return;	439	return;
440	}	440	}
441	if (session == null) {	441	if (session == null) {
442	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .sessionNo tFound", k ey));	442	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .sessionNo tFound", k ey));
443	return;	443	return;
444	}	444	}
445	se ssion.expi re();	445	se ssion.expi re();
446	}	446	}
447		447
448		448
449	/**	449	/**
450	* Att empts reau thenticati on to the given <cod e>Realm</c ode> using	450	* Att empts reau thenticati on to the given <cod e>Realm</c ode> using
451	* the credentia ls associa ted with t he single sign-on se ssion	451	* the credentia ls associa ted with t he single sign-on se ssion
452	* ide ntified by argument <code>ssoI d</code>.	452	* ide ntified by argument <code>ssoI d</code>.
453	* <p>	453	* <p>
454	* If reauthenti cation is successful , the <cod e>Principa l</code> a nd	454	* If reauthenti cation is successful , the <cod e>Principa l</code> a nd
455	* aut horization type asso ciated wit h the SSO session wi ll be boun d	455	* aut horization type asso ciated wit h the SSO session wi ll be boun d
456	* to the given <code>Requ est</code> object vi a calls to	456	* to the given <code>Requ est</code> object vi a calls to
457	* {@l ink Reques t#setAuthT ype Reques t.setAuthT ype()} and	457	* {@l ink Reques t#setAuthT ype Reques t.setAuthT ype()} and
458	* {@l ink Reques t#setUserP rincipal R equest.set UserPrinci pal()}	458	* {@l ink Reques t#setUserP rincipal R equest.set UserPrinci pal()}
459	* </p >	459	* </p >
460	*	460	*
461	* @pa ram ssoId identi fier of Si ngleSignOn session w ith which the	461	* @pa ram ssoId identi fier of Si ngleSignOn session w ith which the
462	* caller is associ ated	462	* caller is associ ated
463	* @pa ram realm Realm implementa tion again st which t he caller is to	463	* @pa ram realm Realm implementa tion again st which t he caller is to
464	* be aut henticated	464	* be aut henticated
465	* @pa ram reques t the re quest that needs to be authent icated	465	* @pa ram reques t the re quest that needs to be authent icated
466	*	466	*
467	* @re turn <cod e>true</co de> if rea uthenticat ion was su ccessful,	467	* @re turn <cod e>true</co de> if rea uthenticat ion was su ccessful,
468	* <cod e>false</c ode> other wise.	468	* <cod e>false</c ode> other wise.
469	*/	469	*/
470	protec ted boolea n reauthen ticate(Str ing ssoId, Realm rea lm,	470	protec ted boolea n reauthen ticate(Str ing ssoId, Realm rea lm,
471	Req uest reque st) {	471	Req uest reque st) {
472		472
473	if (ssoId == null \|\| r ealm == nu ll) {	473	if (ssoId == null \|\| r ealm == nu ll) {
474	return f alse;	474	return f alse;
475	}	475	}
476		476
477	bo olean reau thenticate d = false;	477	bo olean reau thenticate d = false;
478		478
479	Si ngleSignOn Entry entr y = cache. get(ssoId) ;	479	Si ngleSignOn Entry entr y = cache. get(ssoId) ;
480	if (entry != null && e ntry.getCa nReauthent icate()) {	480	if (entry != null && e ntry.getCa nReauthent icate()) {
481		481
482	String u sername = entry.getU sername();	482	String u sername = entry.getU sername();
483	if (user name != nu ll) {	483	if (user name != nu ll) {
484	Prin cipal reau thPrincipa l =	484	Prin cipal reau thPrincipa l =
485	realm. authentica te(usernam e, entry.g etPassword ());	485	realm. authentica te(usernam e, entry.g etPassword ());
486	if ( reauthPrin cipal != n ull) {	486	if ( reauthPrin cipal != n ull) {
487	reauthenti cated = tr ue;	487	reauthenti cated = tr ue;
488	// Bind th e authoriz ation cred entials to the reque st	488	// Bind th e authoriz ation cred entials to the reque st
489	request.se tAuthType( entry.getA uthType()) ;	489	request.se tAuthType( entry.getA uthType()) ;
490	request.se tUserPrinc ipal(reaut hPrincipal );	490	request.se tUserPrinc ipal(reaut hPrincipal );
491	}	491	}
492	}	492	}
493	}	493	}
494		494
495	re turn reaut henticated ;	495	re turn reaut henticated ;
496	}	496	}
497		497
498		498
499	/**	499	/**
500	* Reg ister the specified Principal as being a ssociated with the s pecified	500	* Reg ister the specified Principal as being a ssociated with the s pecified
501	* val ue for the single si gn on iden tifier.	501	* val ue for the single si gn on iden tifier.
502	*	502	*
503	* @pa ram ssoId Single sig n on ident ifier to r egister	503	* @pa ram ssoId Single sig n on ident ifier to r egister
504	* @pa ram princi pal Associ ated user principal that is id entified	504	* @pa ram princi pal Associ ated user principal that is id entified
505	* @pa ram authTy pe Authent ication ty pe used to authentic ate this	505	* @pa ram authTy pe Authent ication ty pe used to authentic ate this
506	* us er princip al	506	* us er princip al
507	* @pa ram userna me Usernam e used to authentica te this us er	507	* @pa ram userna me Usernam e used to authentica te this us er
508	* @pa ram passwo rd Passwor d used to authentica te this us er	508	* @pa ram passwo rd Passwor d used to authentica te this us er
509	*/	509	*/
510	protec ted void r egister(St ring ssoId , Principa l principa l, String authType,	510	protec ted void r egister(St ring ssoId , Principa l principa l, String authType,
511	St ring usern ame, Strin g password ) {	511	St ring usern ame, Strin g password ) {
512		512
513	if (containe rLog.isDeb ugEnabled( )) {	513	if (containe rLog.isDeb ugEnabled( )) {
514	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.regist er", ssoId ,	514	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.regist er", ssoId ,
515	principal != null ? principal. getName() : "", auth Type));	515	principal != null ? principal. getName() : "", auth Type));
516	}	516	}
517		517
518	ca che.put(ss oId, new S ingleSignO nEntry(pri ncipal, au thType, us ername, pa ssword));	518	ca che.put(ss oId, new S ingleSignO nEntry(pri ncipal, au thType, us ername, pa ssword));
519	}	519	}
520		520
521		521
522	/**	522	/**
523	* Upd ates any < code>Singl eSignOnEnt ry</code> found unde r key	523	* Upd ates any < code>Singl eSignOnEnt ry</code> found unde r key
524	* <co de>ssoId</ code> with the given authentic ation data .	524	* <co de>ssoId</ code> with the given authentic ation data .
525	* <p>	525	* <p>
526	* The purpose o f this met hod is to allow an S SO entry t hat was	526	* The purpose o f this met hod is to allow an S SO entry t hat was
527	* est ablished w ithout a u sername/pa ssword com bination ( i.e. estab lished	527	* est ablished w ithout a u sername/pa ssword com bination ( i.e. estab lished
528	* fol lowing DIG EST or CLI ENT_CERT a uthenticat ion) to be updated w ith	528	* fol lowing DIG EST or CLI ENT_CERT a uthenticat ion) to be updated w ith
529	* a u sername an d password if one be comes avai lable thro ugh a subs equent	529	* a u sername an d password if one be comes avai lable thro ugh a subs equent
530	* BAS IC or FORM authentic ation. Th e SSO entr y will the n be usabl e for	530	* BAS IC or FORM authentic ation. Th e SSO entr y will the n be usabl e for
531	* rea uthenticat ion.	531	* rea uthenticat ion.
532	* <p>	532	* <p>
533	* <b> NOTE:</b> Only updat es the SSO entry if a call to	533	* <b> NOTE:</b> Only updat es the SSO entry if a call to
534	* <co de>SingleS ignOnEntry .getCanRea uthenticat e()</code> returns	534	* <co de>SingleS ignOnEntry .getCanRea uthenticat e()</code> returns
535	* <co de>false</ code>; oth erwise, it is assume d that the SSO entry already	535	* <co de>false</ code>; oth erwise, it is assume d that the SSO entry already
536	* has sufficien t informat ion to all ow reauthe ntication and that n o update	536	* has sufficien t informat ion to all ow reauthe ntication and that n o update
537	* is needed.	537	* is needed.
538	*	538	*
539	* @pa ram ssoId identi fier of Si ngle sign to be upda ted	539	* @pa ram ssoId identi fier of Si ngle sign to be upda ted
540	* @pa ram princi pal the <c ode>Princi pal</code> returned by the lat est	540	* @pa ram princi pal the <c ode>Princi pal</code> returned by the lat est
541	* call t o <code>Re alm.authen ticate</co de>.	541	* call t o <code>Re alm.authen ticate</co de>.
542	* @pa ram authTy pe the ty pe of auth enticator used (BASI C, CLIENT_ CERT,	542	* @pa ram authTy pe the ty pe of auth enticator used (BASI C, CLIENT_ CERT,
543	* DIGEST or FORM)	543	* DIGEST or FORM)
544	* @pa ram userna me the us ername (if any) used for the a uthenticat ion	544	* @pa ram userna me the us ername (if any) used for the a uthenticat ion
545	* @pa ram passwo rd the pa ssword (if any) used for the a uthenticat ion	545	* @pa ram passwo rd the pa ssword (if any) used for the a uthenticat ion
546	*	546	*
547	* @re turn <code >true</cod e> if the credential s were upd ated, othe rwise	547	* @re turn <code >true</cod e> if the credential s were upd ated, othe rwise
548	* <code >false</co de>	548	* <code >false</co de>
549	*/	549	*/
550	protec ted boolea n update(S tring ssoI d, Princip al princip al, String authType,	550	protec ted boolea n update(S tring ssoI d, Princip al princip al, String authType,
551	Stri ng usernam e, String password) {	551	Stri ng usernam e, String password) {
552		552
553	Si ngleSignOn Entry sso = cache.ge t(ssoId);	553	Si ngleSignOn Entry sso = cache.ge t(ssoId);
554	if (sso != n ull && !ss o.getCanRe authentica te()) {	554	if (sso != n ull && !ss o.getCanRe authentica te()) {
555	if (cont ainerLog.i sDebugEnab led()) {	555	if (cont ainerLog.i sDebugEnab led()) {
556	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.up date", sso Id, authTy pe));	556	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.up date", sso Id, authTy pe));
557	}	557	}
558		558
559	sso.upda teCredenti als(princi pal, authT ype, usern ame, passw ord);	559	sso.upda teCredenti als(princi pal, authT ype, usern ame, passw ord);
560	return t rue;	560	return t rue;
561	}	561	}
562	re turn false ;	562	re turn false ;
563	}	563	}
564		564
565		565
566	/**	566	/**
567	* Rem ove a sing le Session from a Si ngleSignOn . Called when	567	* Rem ove a sing le Session from a Si ngleSignOn . Called when
568	* a s ession is timed out and no lon ger active .	568	* a s ession is timed out and no lon ger active .
569	*	569	*
570	* @pa ram ssoId Single sig n on ident ifier from which to remove the session.	570	* @pa ram ssoId Single sig n on ident ifier from which to remove the session.
571	* @pa ram sessio n the sess ion to be removed.	571	* @pa ram sessio n the sess ion to be removed.
572	*/	572	*/
573	protec ted void r emoveSessi on(String ssoId, Ses sion sessi on) {	573	protec ted void r emoveSessi on(String ssoId, Ses sion sessi on) {
574		574
575	if (containe rLog.isDeb ugEnabled( )) {	575	if (containe rLog.isDeb ugEnabled( )) {
576	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.remove Session", session, s soId));	576	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.remove Session", session, s soId));
577	}	577	}
578		578
579	// Get a ref erence to the Single SignOn	579	// Get a ref erence to the Single SignOn
580	Si ngleSignOn Entry entr y = cache. get(ssoId) ;	580	Si ngleSignOn Entry entr y = cache. get(ssoId) ;
581	if (entry == null) {	581	if (entry == null) {
582	return;	582	return;
583	}	583	}
584		584
585	// Remove th e inactive session f rom Single SignOnEntr y	585	// Remove th e inactive session f rom Single SignOnEntr y
586	en try.remove Session(se ssion);	586	en try.remove Session(se ssion);
587		587
588	// If there are not se ssions lef t in the S ingleSignO nEntry,	588	// If there are not se ssions lef t in the S ingleSignO nEntry,
589	// deregiste r the entr y.	589	// deregiste r the entr y.
590	if (entry.fi ndSessions ().size() == 0) {	590	if (entry.fi ndSessions ().size() == 0) {
591	deregist er(ssoId);	591	deregist er(ssoId);
592	}	592	}
593	}	593	}
594		594
595		595
596	protec ted Sessio nListener getSession Listener(S tring ssoI d) {	596	protec ted Sessio nListener getSession Listener(S tring ssoI d) {
597	re turn new S ingleSignO nListener( ssoId);	597	re turn new S ingleSignO nListener( ssoId);
598	}	598	}
599		599
600		600
601	@Overr ide	601	@Overr ide
602	protec ted synchr onized voi d startInt ernal() th rows Lifec ycleExcept ion {	602	protec ted synchr onized voi d startInt ernal() th rows Lifec ycleExcept ion {
603	Co ntainer c = getConta iner();	603	Co ntainer c = getConta iner();
604	wh ile (c != null && !( c instance of Engine) ) {	604	wh ile (c != null && !( c instance of Engine) ) {
605	c = c.ge tParent();	605	c = c.ge tParent();
606	}	606	}
607	if (c instan ceof Engin e) {	607	if (c instan ceof Engin e) {
608	engine = (Engine) c;	608	engine = (Engine) c;
609	}	609	}
610	su per.startI nternal();	610	su per.startI nternal();
611	}	611	}
612		612
613		613
614	@Overr ide	614	@Overr ide
615	protec ted synchr onized voi d stopInte rnal() thr ows Lifecy cleExcepti on {	615	protec ted synchr onized voi d stopInte rnal() thr ows Lifecy cleExcepti on {
616	su per.stopIn ternal();	616	su per.stopIn ternal();
617	en gine = nul l;	617	en gine = nul l;
618	}	618	}
619	}	619	}