22. Araxis Merge File Comparison Report

Produced by Araxis Merge on 11/20/2017 2:15:52 PM GMT Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

22.1 Files compared

#	Location	File	Last Modified
1	C:\Merge Test Files\8.0.47\java\org\apache\catalina\authenticator	SingleSignOn.java	Fri Sep 29 16:53:28 2017 UTC
2	C:\Merge Test Files\8.5.23\java\org\apache\catalina\authenticator	SingleSignOn.java	Thu Sep 28 11:32:16 2017 UTC
3	C:\Merge Test Files\9.0.1\java\org\apache\catalina\authenticator	SingleSignOn.java	Wed Sep 27 18:33:40 2017 UTC
Note: Merge considers the second file to be the common ancestor of the others.

22.2 Comparison summary

Description	Between Files 1 and 2		Between Files 2 and 3		Relative to Common Ancestor
Description	Text Blocks	Lines	Text Blocks	Lines	Text Blocks	Lines
Unchanged	2	1236	1	1238
Changed	1	2	0	0	1	2
Inserted	0	0	0	0	0	0
Removed	0	0	0	0	0	0
Note: An automatic merge would leave 0 conflict(s).

22.3 Comparison options

Whitespace	Consecutive whitespace is treated as a single space
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

22.4 Active regular expressions

No regular expressions were active.

22.5 Comparison detail

1	/*	1	/*	1	/*
2	* License d to the A pache Soft ware Found ation (ASF ) under on e or more	2	* License d to the A pache Soft ware Found ation (ASF ) under on e or more	2	* License d to the A pache Soft ware Found ation (ASF ) under on e or more
3	* contrib utor licen se agreeme nts. See the NOTICE file dist ributed wi th	3	* contrib utor licen se agreeme nts. See the NOTICE file dist ributed wi th	3	* contrib utor licen se agreeme nts. See the NOTICE file dist ributed wi th
4	* this wo rk for add itional in formation regarding copyright ownership.	4	* this wo rk for add itional in formation regarding copyright ownership.	4	* this wo rk for add itional in formation regarding copyright ownership.
5	* The ASF licenses this file to You und er the Apa che Licens e, Version 2.0	5	* The ASF licenses this file to You und er the Apa che Licens e, Version 2.0	5	* The ASF licenses this file to You und er the Apa che Licens e, Version 2.0
6	* (the "L icense"); you may no t use this file exce pt in comp liance wit h	6	* (the "L icense"); you may no t use this file exce pt in comp liance wit h	6	* (the "L icense"); you may no t use this file exce pt in comp liance wit h
7	* the Lic ense. You may obtai n a copy o f the Lice nse at	7	* the Lic ense. You may obtai n a copy o f the Lice nse at	7	* the Lic ense. You may obtai n a copy o f the Lice nse at
8	*	8	*	8	*
9	* ht tp://www.a pache.org/ licenses/L ICENSE-2.0	9	* ht tp://www.a pache.org/ licenses/L ICENSE-2.0	9	* ht tp://www.a pache.org/ licenses/L ICENSE-2.0
10	*	10	*	10	*
11	* Unless required b y applicab le law or agreed to in writing , software	11	* Unless required b y applicab le law or agreed to in writing , software	11	* Unless required b y applicab le law or agreed to in writing , software
12	* distrib uted under the Licen se is dist ributed on an "AS IS " BASIS,	12	* distrib uted under the Licen se is dist ributed on an "AS IS " BASIS,	12	* distrib uted under the Licen se is dist ributed on an "AS IS " BASIS,
13	* WITHOUT WARRANTIE S OR CONDI TIONS OF A NY KIND, e ither expr ess or imp lied.	13	* WITHOUT WARRANTIE S OR CONDI TIONS OF A NY KIND, e ither expr ess or imp lied.	13	* WITHOUT WARRANTIE S OR CONDI TIONS OF A NY KIND, e ither expr ess or imp lied.
14	* See the License f or the spe cific lang uage gover ning permi ssions and	14	* See the License f or the spe cific lang uage gover ning permi ssions and	14	* See the License f or the spe cific lang uage gover ning permi ssions and
15	* limitat ions under the Licen se.	15	* limitat ions under the Licen se.	15	* limitat ions under the Licen se.
16	*/	16	*/	16	*/
17	package or g.apache.c atalina.au thenticato r;	17	package or g.apache.c atalina.au thenticato r;	17	package or g.apache.c atalina.au thenticato r;
18		18		18
19	import jav a.io.IOExc eption;	19	import jav a.io.IOExc eption;	19	import jav a.io.IOExc eption;
20	import jav a.security .Principal ;	20	import jav a.security .Principal ;	20	import jav a.security .Principal ;
21	import jav a.util.Map ;	21	import jav a.util.Map ;	21	import jav a.util.Map ;
22	import jav a.util.Set ;	22	import jav a.util.Set ;	22	import jav a.util.Set ;
23	import jav a.util.con current.Co ncurrentHa shMap;	23	import jav a.util.con current.Co ncurrentHa shMap;	23	import jav a.util.con current.Co ncurrentHa shMap;
24		24		24
25	import jav ax.servlet .ServletEx ception;	25	import jav ax.servlet .ServletEx ception;	25	import jav ax.servlet .ServletEx ception;
26	import jav ax.servlet .http.Cook ie;	26	import jav ax.servlet .http.Cook ie;	26	import jav ax.servlet .http.Cook ie;
27		27		27
28	import org .apache.ca talina.Con tainer;	28	import org .apache.ca talina.Con tainer;	28	import org .apache.ca talina.Con tainer;
29	import org .apache.ca talina.Con text;	29	import org .apache.ca talina.Con text;	29	import org .apache.ca talina.Con text;
30	import org .apache.ca talina.Eng ine;	30	import org .apache.ca talina.Eng ine;	30	import org .apache.ca talina.Eng ine;
31	import org .apache.ca talina.Lif ecycleExce ption;	31	import org .apache.ca talina.Lif ecycleExce ption;	31	import org .apache.ca talina.Lif ecycleExce ption;
32	import org .apache.ca talina.Man ager;	32	import org .apache.ca talina.Man ager;	32	import org .apache.ca talina.Man ager;
33	import org .apache.ca talina.Rea lm;	33	import org .apache.ca talina.Rea lm;	33	import org .apache.ca talina.Rea lm;
34	import org .apache.ca talina.Ses sion;	34	import org .apache.ca talina.Ses sion;	34	import org .apache.ca talina.Ses sion;
35	import org .apache.ca talina.Ses sionListen er;	35	import org .apache.ca talina.Ses sionListen er;	35	import org .apache.ca talina.Ses sionListen er;
36	import org .apache.ca talina.con nector.Req uest;	36	import org .apache.ca talina.con nector.Req uest;	36	import org .apache.ca talina.con nector.Req uest;
37	import org .apache.ca talina.con nector.Res ponse;	37	import org .apache.ca talina.con nector.Res ponse;	37	import org .apache.ca talina.con nector.Res ponse;
38	import org .apache.ca talina.val ves.ValveB ase;	38	import org .apache.ca talina.val ves.ValveB ase;	38	import org .apache.ca talina.val ves.ValveB ase;
39	import org .apache.to mcat.util. res.String Manager;	39	import org .apache.to mcat.util. res.String Manager;	39	import org .apache.to mcat.util. res.String Manager;
40		40		40
41	/**	41	/**	41	/**
42	* A <stro ng>Valve</ strong> th at support s a "singl e sign on" user expe rience,	42	* A <stro ng>Valve</ strong> th at support s a "singl e sign on" user expe rience,	42	* A <stro ng>Valve</ strong> th at support s a "singl e sign on" user expe rience,
43	* where t he securit y identity of a user who succe ssfully au thenticate s to one	43	* where t he securit y identity of a user who succe ssfully au thenticate s to one	43	* where t he securit y identity of a user who succe ssfully au thenticate s to one
44	* web app lication i s propagat ed to othe r web appl ications i n the same	44	* web app lication i s propagat ed to othe r web appl ications i n the same	44	* web app lication i s propagat ed to othe r web appl ications i n the same
45	* securit y domain. For succe ssful use, the follo wing requi rements mu st	45	* securit y domain. For succe ssful use, the follo wing requi rements mu st	45	* securit y domain. For succe ssful use, the follo wing requi rements mu st
46	* be met:	46	* be met:	46	* be met:
47	* <ul>	47	* <ul>	47	* <ul>
48	* <li>Thi s Valve mu st be conf igured on the Contai ner that r epresents a	48	* <li>Thi s Valve mu st be conf igured on the Contai ner that r epresents a	48	* <li>Thi s Valve mu st be conf igured on the Contai ner that r epresents a
49	* vir tual host (typically an implem entation o f <code>Ho st</code>) .</li>	49	* vir tual host (typically an implem entation o f <code>Ho st</code>) .</li>	49	* vir tual host (typically an implem entation o f <code>Ho st</code>) .</li>
50	* <li>The <code>Rea lm</code> that conta ins the sh ared user and role	50	* <li>The <code>Rea lm</code> that conta ins the sh ared user and role	50	* <li>The <code>Rea lm</code> that conta ins the sh ared user and role
51	* inf ormation m ust be con figured on the same Container (or a high er	51	* inf ormation m ust be con figured on the same Container (or a high er	51	* inf ormation m ust be con figured on the same Container (or a high er
52	* one ), and not overridde n at the w eb applica tion level .</li>	52	* one ), and not overridde n at the w eb applica tion level .</li>	52	* one ), and not overridde n at the w eb applica tion level .</li>
53	* <li>The web appli cations th emselves m ust use on e of the s tandard	53	* <li>The web appli cations th emselves m ust use on e of the s tandard	53	* <li>The web appli cations th emselves m ust use on e of the s tandard
54	* Aut henticator s found in the	54	* Aut henticator s found in the	54	* Aut henticator s found in the
55	* <co de>org.apa che.catali na.authent icator</co de> packag e.</li>	55	* <co de>org.apa che.catali na.authent icator</co de> packag e.</li>	55	* <co de>org.apa che.catali na.authent icator</co de> packag e.</li>
56	* </ul>	56	* </ul>	56	* </ul>
57	*	57	*	57	*
58	* @author Craig R. McClanahan	58	* @author Craig R. McClanahan	58	* @author Craig R. McClanahan
59	*/	59	*/	59	*/
60	public cla ss SingleS ignOn exte nds ValveB ase {	60	public cla ss SingleS ignOn exte nds ValveB ase {	60	public cla ss SingleS ignOn exte nds ValveB ase {
61		61		61
62	private st atic final StringMan ager sm = StringMana ger.getMan ager( Co n sta n ts . Pa c k a ge );	62	private st atic final StringMan ager sm = StringMana ger.getMan ager( Si n gleSignO n . c l a ss );	62	privat e static f inal Strin gManager s m = String Manager.ge tManager(S ingleSignO n.class);
63		63		63
64	/* The engine at the top o f the cont ainer hier archy in w hich this SSO Valve	64	/* The engine at the top o f the cont ainer hier archy in w hich this SSO Valve	64	/* The engine at the top o f the cont ainer hier archy in w hich this SSO Valve
65	* has been plac ed. It is used to ge t back to a session object fro m a	65	* has been plac ed. It is used to ge t back to a session object fro m a	65	* has been plac ed. It is used to ge t back to a session object fro m a
66	* Sin gleSignOnS essionKey and is upd ated when the Valve starts and stops.	66	* Sin gleSignOnS essionKey and is upd ated when the Valve starts and stops.	66	* Sin gleSignOnS essionKey and is upd ated when the Valve starts and stops.
67	*/	67	*/	67	*/
68	privat e Engine e ngine;	68	privat e Engine e ngine;	68	privat e Engine e ngine;
69		69		69
70	//---- ---------- ---------- ---------- ---------- ---------- Construct or	70	//---- ---------- ---------- ---------- ---------- ---------- Construct or	70	//---- ---------- ---------- ---------- ---------- ---------- Construct or
71		71		71
72	public SingleSig nOn() {	72	public SingleSig nOn() {	72	public SingleSig nOn() {
73	su per(true);	73	su per(true);	73	su per(true);
74	}	74	}	74	}
75		75		75
76		76		76
77	// --- ---------- ---------- ---------- ---------- ---------- Instance Variables	77	// --- ---------- ---------- ---------- ---------- ---------- Instance Variables	77	// --- ---------- ---------- ---------- ---------- ---------- Instance Variables
78		78		78
79	/**	79	/**	79	/**
80	* The cache of SingleSign OnEntry in stances fo r authenti cated Prin cipals,	80	* The cache of SingleSign OnEntry in stances fo r authenti cated Prin cipals,	80	* The cache of SingleSign OnEntry in stances fo r authenti cated Prin cipals,
81	* key ed by the cookie val ue that is used to s elect them .	81	* key ed by the cookie val ue that is used to s elect them .	81	* key ed by the cookie val ue that is used to s elect them .
82	*/	82	*/	82	*/
83	protec ted Map<St ring,Singl eSignOnEnt ry> cache = new Conc urrentHash Map<>();	83	protec ted Map<St ring,Singl eSignOnEnt ry> cache = new Conc urrentHash Map<>();	83	protec ted Map<St ring,Singl eSignOnEnt ry> cache = new Conc urrentHash Map<>();
84		84		84
85	/**	85	/**	85	/**
86	* Ind icates whe ther this valve shou ld require a downstr eam Authen ticator to	86	* Ind icates whe ther this valve shou ld require a downstr eam Authen ticator to	86	* Ind icates whe ther this valve shou ld require a downstr eam Authen ticator to
87	* rea uthenticat e each req uest, or i f it itsel f can bind a UserPri ncipal	87	* rea uthenticat e each req uest, or i f it itsel f can bind a UserPri ncipal	87	* rea uthenticat e each req uest, or i f it itsel f can bind a UserPri ncipal
88	* and AuthType object to the reques t.	88	* and AuthType object to the reques t.	88	* and AuthType object to the reques t.
89	*/	89	*/	89	*/
90	privat e boolean requireRea uthenticat ion = fals e;	90	privat e boolean requireRea uthenticat ion = fals e;	90	privat e boolean requireRea uthenticat ion = fals e;
91		91		91
92	/**	92	/**	92	/**
93	* Opt ional SSO cookie dom ain.	93	* Opt ional SSO cookie dom ain.	93	* Opt ional SSO cookie dom ain.
94	*/	94	*/	94	*/
95	privat e String c ookieDomai n;	95	privat e String c ookieDomai n;	95	privat e String c ookieDomai n;
96		96		96
97		97		97
98	// --- ---------- ---------- ---------- ---------- ---------- -------- P roperties	98	// --- ---------- ---------- ---------- ---------- ---------- -------- P roperties	98	// --- ---------- ---------- ---------- ---------- ---------- -------- P roperties
99		99		99
100	/**	100	/**	100	/**
101	* Ret urns the o ptional co okie domai n.	101	* Ret urns the o ptional co okie domai n.	101	* Ret urns the o ptional co okie domai n.
102	* May return nu ll.	102	* May return nu ll.	102	* May return nu ll.
103	*	103	*	103	*
104	* @re turn The c ookie doma in	104	* @re turn The c ookie doma in	104	* @re turn The c ookie doma in
105	*/	105	*/	105	*/
106	public String ge tCookieDom ain() {	106	public String ge tCookieDom ain() {	106	public String ge tCookieDom ain() {
107	re turn cooki eDomain;	107	re turn cooki eDomain;	107	re turn cooki eDomain;
108	}	108	}	108	}
109		109		109
110		110		110
111	/**	111	/**	111	/**
112	* Set s the doma in to be u sed for ss o cookies.	112	* Set s the doma in to be u sed for ss o cookies.	112	* Set s the doma in to be u sed for ss o cookies.
113	*	113	*	113	*
114	* @pa ram cookie Domain coo kie domain name	114	* @pa ram cookie Domain coo kie domain name	114	* @pa ram cookie Domain coo kie domain name
115	*/	115	*/	115	*/
116	public void setC ookieDomai n(String c ookieDomai n) {	116	public void setC ookieDomai n(String c ookieDomai n) {	116	public void setC ookieDomai n(String c ookieDomai n) {
117	if (cookieDo main != nu ll && cook ieDomain.t rim().leng th() == 0) {	117	if (cookieDo main != nu ll && cook ieDomain.t rim().leng th() == 0) {	117	if (cookieDo main != nu ll && cook ieDomain.t rim().leng th() == 0) {
118	this.coo kieDomain = null;	118	this.coo kieDomain = null;	118	this.coo kieDomain = null;
119	} else {	119	} else {	119	} else {
120	this.coo kieDomain = cookieDo main;	120	this.coo kieDomain = cookieDo main;	120	this.coo kieDomain = cookieDo main;
121	}	121	}	121	}
122	}	122	}	122	}
123		123		123
124		124		124
125	/**	125	/**	125	/**
126	* Get s whether each reque st needs t o be reaut henticated (by an	126	* Get s whether each reque st needs t o be reaut henticated (by an	126	* Get s whether each reque st needs t o be reaut henticated (by an
127	* Aut henticator downstrea m in the p ipeline) t o the secu rity	127	* Aut henticator downstrea m in the p ipeline) t o the secu rity	127	* Aut henticator downstrea m in the p ipeline) t o the secu rity
128	* <co de>Realm</ code>, or if this Va lve can it self bind security i nfo	128	* <co de>Realm</ code>, or if this Va lve can it self bind security i nfo	128	* <co de>Realm</ code>, or if this Va lve can it self bind security i nfo
129	* to the reques t based on the prese nce of a v alid SSO e ntry witho ut	129	* to the reques t based on the prese nce of a v alid SSO e ntry witho ut	129	* to the reques t based on the prese nce of a v alid SSO e ntry witho ut
130	* rec hecking wi th the <co de>Realm</ code>.	130	* rec hecking wi th the <co de>Realm</ code>.	130	* rec hecking wi th the <co de>Realm</ code>.
131	*	131	*	131	*
132	* @re turn <cod e>true</co de> if it is require d that a d ownstream	132	* @re turn <cod e>true</co de> if it is require d that a d ownstream	132	* @re turn <cod e>true</co de> if it is require d that a d ownstream
133	* Auth enticator reauthenti cate each request be fore calls to	133	* Auth enticator reauthenti cate each request be fore calls to	133	* Auth enticator reauthenti cate each request be fore calls to
134	* <cod e>HttpServ letRequest .setUserPr incipal()< /code>	134	* <cod e>HttpServ letRequest .setUserPr incipal()< /code>	134	* <cod e>HttpServ letRequest .setUserPr incipal()< /code>
135	* and <code>Http ServletReq uest.setAu thType()</ code> are made;	135	* and <code>Http ServletReq uest.setAu thType()</ code> are made;	135	* and <code>Http ServletReq uest.setAu thType()</ code> are made;
136	* <cod e>false</c ode> if th e <code>Va lve</code> can itsel f make	136	* <cod e>false</c ode> if th e <code>Va lve</code> can itsel f make	136	* <cod e>false</c ode> if th e <code>Va lve</code> can itsel f make
137	* thos e calls re lying on t he presenc e of a val id SingleS ignOn	137	* thos e calls re lying on t he presenc e of a val id SingleS ignOn	137	* thos e calls re lying on t he presenc e of a val id SingleS ignOn
138	* entr y associat ed with th e request.	138	* entr y associat ed with th e request.	138	* entr y associat ed with th e request.
139	*	139	*	139	*
140	* @se e #setRequ ireReauthe ntication	140	* @se e #setRequ ireReauthe ntication	140	* @se e #setRequ ireReauthe ntication
141	*/	141	*/	141	*/
142	public boolean g etRequireR eauthentic ation() {	142	public boolean g etRequireR eauthentic ation() {	142	public boolean g etRequireR eauthentic ation() {
143	re turn requi reReauthen tication;	143	re turn requi reReauthen tication;	143	re turn requi reReauthen tication;
144	}	144	}	144	}
145		145		145
146		146		146
147	/**	147	/**	147	/**
148	* Set s whether each reque st needs t o be reaut henticated (by an	148	* Set s whether each reque st needs t o be reaut henticated (by an	148	* Set s whether each reque st needs t o be reaut henticated (by an
149	* Aut henticator downstrea m in the p ipeline) t o the secu rity	149	* Aut henticator downstrea m in the p ipeline) t o the secu rity	149	* Aut henticator downstrea m in the p ipeline) t o the secu rity
150	* <co de>Realm</ code>, or if this Va lve can it self bind security i nfo	150	* <co de>Realm</ code>, or if this Va lve can it self bind security i nfo	150	* <co de>Realm</ code>, or if this Va lve can it self bind security i nfo
151	* to the reques t, based o n the pres ence of a valid SSO entry, wit hout	151	* to the reques t, based o n the pres ence of a valid SSO entry, wit hout	151	* to the reques t, based o n the pres ence of a valid SSO entry, wit hout
152	* rec hecking wi th the <co de>Realm</ code>.	152	* rec hecking wi th the <co de>Realm</ code>.	152	* rec hecking wi th the <co de>Realm</ code>.
153	* <p>	153	* <p>	153	* <p>
154	* If this prope rty is <co de>false</ code> (the default), this	154	* If this prope rty is <co de>false</ code> (the default), this	154	* If this prope rty is <co de>false</ code> (the default), this
155	* <co de>Valve</ code> will bind a Us erPrincipa l and Auth Type to th e request	155	* <co de>Valve</ code> will bind a Us erPrincipa l and Auth Type to th e request	155	* <co de>Valve</ code> will bind a Us erPrincipa l and Auth Type to th e request
156	* if a valid SS O entry is associate d with the request. It will n ot notify	156	* if a valid SS O entry is associate d with the request. It will n ot notify	156	* if a valid SS O entry is associate d with the request. It will n ot notify
157	* the security <code>Real m</code> o f the inco ming reque st.	157	* the security <code>Real m</code> o f the inco ming reque st.	157	* the security <code>Real m</code> o f the inco ming reque st.
158	* <p>	158	* <p>	158	* <p>
159	* Thi s property should be set to <c ode>true</ code> if t he overall server	159	* Thi s property should be set to <c ode>true</ code> if t he overall server	159	* Thi s property should be set to <c ode>true</ code> if t he overall server
160	* con figuration requires that the < code>Realm </code> re authentica te each	160	* con figuration requires that the < code>Realm </code> re authentica te each	160	* con figuration requires that the < code>Realm </code> re authentica te each
161	* req uest threa d. An exa mple of su ch a confi guration w ould be on e where	161	* req uest threa d. An exa mple of su ch a confi guration w ould be on e where	161	* req uest threa d. An exa mple of su ch a confi guration w ould be on e where
162	* the <code>Rea lm</code> implementa tion provi des securi ty for bot h a	162	* the <code>Rea lm</code> implementa tion provi des securi ty for bot h a	162	* the <code>Rea lm</code> implementa tion provi des securi ty for bot h a
163	* web tier and an associa ted EJB ti er, and ne eds to set security	163	* web tier and an associa ted EJB ti er, and ne eds to set security	163	* web tier and an associa ted EJB ti er, and ne eds to set security
164	* cre dentials o n each req uest threa d in order to suppor t EJB acce ss.	164	* cre dentials o n each req uest threa d in order to suppor t EJB acce ss.	164	* cre dentials o n each req uest threa d in order to suppor t EJB acce ss.
165	* <p>	165	* <p>	165	* <p>
166	* If this prope rty is set to <code> true</code >, this Va lve will s et flags	166	* If this prope rty is set to <code> true</code >, this Va lve will s et flags	166	* If this prope rty is set to <code> true</code >, this Va lve will s et flags
167	* on the reques t notifyin g the down stream Aut henticator that the request	167	* on the reques t notifyin g the down stream Aut henticator that the request	167	* on the reques t notifyin g the down stream Aut henticator that the request
168	* is associated with an S SO session . The Aut henticator will then call its	168	* is associated with an S SO session . The Aut henticator will then call its	168	* is associated with an S SO session . The Aut henticator will then call its
169	* {@l ink Authen ticatorBas e#reauthen ticateFrom SSO reauth enticateFr omSSO}	169	* {@l ink Authen ticatorBas e#reauthen ticateFrom SSO reauth enticateFr omSSO}	169	* {@l ink Authen ticatorBas e#reauthen ticateFrom SSO reauth enticateFr omSSO}
170	* met hod to att empt to re authentica te the req uest to th e	170	* met hod to att empt to re authentica te the req uest to th e	170	* met hod to att empt to re authentica te the req uest to th e
171	* <co de>Realm</ code>, usi ng any cre dentials t hat were c ached with this	171	* <co de>Realm</ code>, usi ng any cre dentials t hat were c ached with this	171	* <co de>Realm</ code>, usi ng any cre dentials t hat were c ached with this
172	* Val ve.	172	* Val ve.	172	* Val ve.
173	* <p>	173	* <p>	173	* <p>
174	* The default v alue of th is propert y is <code >false</co de>, in or der	174	* The default v alue of th is propert y is <code >false</co de>, in or der	174	* The default v alue of th is propert y is <code >false</co de>, in or der
175	* to maintain b ackward co mpatibilit y with pre vious vers ions of To mcat.	175	* to maintain b ackward co mpatibilit y with pre vious vers ions of To mcat.	175	* to maintain b ackward co mpatibilit y with pre vious vers ions of To mcat.
176	*	176	*	176	*
177	* @pa ram requir ed <code> true</code > if it is required that a dow nstream	177	* @pa ram requir ed <code> true</code > if it is required that a dow nstream	177	* @pa ram requir ed <code> true</code > if it is required that a dow nstream
178	* Authen ticator re authentica te each re quest befo re calls	178	* Authen ticator re authentica te each re quest befo re calls	178	* Authen ticator re authentica te each re quest befo re calls
179	* to <c ode>HttpSe rvletReque st.setUser Principal( )</code>	179	* to <c ode>HttpSe rvletReque st.setUser Principal( )</code>	179	* to <c ode>HttpSe rvletReque st.setUser Principal( )</code>
180	* and <c ode>HttpSe rvletReque st.setAuth Type()</co de> are	180	* and <c ode>HttpSe rvletReque st.setAuth Type()</co de> are	180	* and <c ode>HttpSe rvletReque st.setAuth Type()</co de> are
181	* made; <code>fals e</code> i f the <cod e>Valve</c ode> can	181	* made; <code>fals e</code> i f the <cod e>Valve</c ode> can	181	* made; <code>fals e</code> i f the <cod e>Valve</c ode> can
182	* itself make thos e calls re lying on t he presenc e of a	182	* itself make thos e calls re lying on t he presenc e of a	182	* itself make thos e calls re lying on t he presenc e of a
183	* valid SingleSign On entry a ssociated with the r equest.	183	* valid SingleSign On entry a ssociated with the r equest.	183	* valid SingleSign On entry a ssociated with the r equest.
184	*	184	*	184	*
185	* @se e Authenti catorBase# reauthenti cateFromSS O	185	* @se e Authenti catorBase# reauthenti cateFromSS O	185	* @se e Authenti catorBase# reauthenti cateFromSS O
186	*/	186	*/	186	*/
187	public void setR equireReau thenticati on(boolean required) {	187	public void setR equireReau thenticati on(boolean required) {	187	public void setR equireReau thenticati on(boolean required) {
188	th is.require Reauthenti cation = r equired;	188	th is.require Reauthenti cation = r equired;	188	th is.require Reauthenti cation = r equired;
189	}	189	}	189	}
190		190		190
191		191		191
192	// --- ---------- ---------- ---------- ---------- ---------- ----- Valv e Methods	192	// --- ---------- ---------- ---------- ---------- ---------- ----- Valv e Methods	192	// --- ---------- ---------- ---------- ---------- ---------- ----- Valv e Methods
193		193		193
194	/**	194	/**	194	/**
195	* Per form singl e-sign-on support pr ocessing f or this re quest.	195	* Per form singl e-sign-on support pr ocessing f or this re quest.	195	* Per form singl e-sign-on support pr ocessing f or this re quest.
196	*	196	*	196	*
197	* @pa ram reques t The serv let reques t we are p rocessing	197	* @pa ram reques t The serv let reques t we are p rocessing	197	* @pa ram reques t The serv let reques t we are p rocessing
198	* @pa ram respon se The ser vlet respo nse we are creating	198	* @pa ram respon se The ser vlet respo nse we are creating	198	* @pa ram respon se The ser vlet respo nse we are creating
199	*	199	*	199	*
200	* @ex ception IO Exception if an inpu t/output e rror occur s	200	* @ex ception IO Exception if an inpu t/output e rror occur s	200	* @ex ception IO Exception if an inpu t/output e rror occur s
201	* @ex ception Se rvletExcep tion if a servlet er ror occurs	201	* @ex ception Se rvletExcep tion if a servlet er ror occurs	201	* @ex ception Se rvletExcep tion if a servlet er ror occurs
202	*/	202	*/	202	*/
203	@Overr ide	203	@Overr ide	203	@Overr ide
204	public void invo ke(Request request, Response r esponse)	204	public void invo ke(Request request, Response r esponse)	204	public void invo ke(Request request, Response r esponse)
205	th rows IOExc eption, Se rvletExcep tion {	205	th rows IOExc eption, Se rvletExcep tion {	205	th rows IOExc eption, Se rvletExcep tion {
206		206		206
207	re quest.remo veNote(Con stants.REQ _SSOID_NOT E);	207	re quest.remo veNote(Con stants.REQ _SSOID_NOT E);	207	re quest.remo veNote(Con stants.REQ _SSOID_NOT E);
208		208		208
209	// Has a val id user al ready been authentic ated?	209	// Has a val id user al ready been authentic ated?	209	// Has a val id user al ready been authentic ated?
210	if (containe rLog.isDeb ugEnabled( )) {	210	if (containe rLog.isDeb ugEnabled( )) {	210	if (containe rLog.isDeb ugEnabled( )) {
211	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.invoke ", request .getReques tURI()));	211	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.invoke ", request .getReques tURI()));	211	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.invoke ", request .getReques tURI()));
212	}	212	}	212	}
213	if (request. getUserPri ncipal() ! = null) {	213	if (request. getUserPri ncipal() ! = null) {	213	if (request. getUserPri ncipal() ! = null) {
214	if (cont ainerLog.i sDebugEnab led()) {	214	if (cont ainerLog.i sDebugEnab led()) {	214	if (cont ainerLog.i sDebugEnab led()) {
215	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.ha sPrincipal ",	215	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.ha sPrincipal ",	215	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.ha sPrincipal ",
216	reques t.getUserP rincipal() .getName() ));	216	reques t.getUserP rincipal() .getName() ));	216	reques t.getUserP rincipal() .getName() ));
217	}	217	}	217	}
218	getNext( ).invoke(r equest, re sponse);	218	getNext( ).invoke(r equest, re sponse);	218	getNext( ).invoke(r equest, re sponse);
219	return;	219	return;	219	return;
220	}	220	}	220	}
221		221		221
222	// Check for the singl e sign on cookie	222	// Check for the singl e sign on cookie	222	// Check for the singl e sign on cookie
223	if (containe rLog.isDeb ugEnabled( )) {	223	if (containe rLog.isDeb ugEnabled( )) {	223	if (containe rLog.isDeb ugEnabled( )) {
224	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.cookie Check"));	224	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.cookie Check"));	224	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.cookie Check"));
225	}	225	}	225	}
226	Co okie cooki e = null;	226	Co okie cooki e = null;	226	Co okie cooki e = null;
227	Co okie cooki es[] = req uest.getCo okies();	227	Co okie cooki es[] = req uest.getCo okies();	227	Co okie cooki es[] = req uest.getCo okies();
228	if (cookies != null) {	228	if (cookies != null) {	228	if (cookies != null) {
229	for (int i = 0; i < cookies. length; i+ +) {	229	for (int i = 0; i < cookies. length; i+ +) {	229	for (int i = 0; i < cookies. length; i+ +) {
230	if ( Constants. SINGLE_SIG N_ON_COOKI E.equals(c ookies[i]. getName()) ) {	230	if ( Constants. SINGLE_SIG N_ON_COOKI E.equals(c ookies[i]. getName()) ) {	230	if ( Constants. SINGLE_SIG N_ON_COOKI E.equals(c ookies[i]. getName()) ) {
231	cookie = c ookies[i];	231	cookie = c ookies[i];	231	cookie = c ookies[i];
232	break;	232	break;	232	break;
233	}	233	}	233	}
234	}	234	}	234	}
235	}	235	}	235	}
236	if (cookie = = null) {	236	if (cookie = = null) {	236	if (cookie = = null) {
237	if (cont ainerLog.i sDebugEnab led()) {	237	if (cont ainerLog.i sDebugEnab led()) {	237	if (cont ainerLog.i sDebugEnab led()) {
238	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.co okieNotFou nd"));	238	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.co okieNotFou nd"));	238	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.co okieNotFou nd"));
239	}	239	}	239	}
240	getNext( ).invoke(r equest, re sponse);	240	getNext( ).invoke(r equest, re sponse);	240	getNext( ).invoke(r equest, re sponse);
241	return;	241	return;	241	return;
242	}	242	}	242	}
243		243		243
244	// Look up t he cached Principal associated with this cookie va lue	244	// Look up t he cached Principal associated with this cookie va lue	244	// Look up t he cached Principal associated with this cookie va lue
245	if (containe rLog.isDeb ugEnabled( )) {	245	if (containe rLog.isDeb ugEnabled( )) {	245	if (containe rLog.isDeb ugEnabled( )) {
246	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.princi palCheck",	246	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.princi palCheck",	246	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.princi palCheck",
247	cookie.get Value()));	247	cookie.get Value()));	247	cookie.get Value()));
248	}	248	}	248	}
249	Si ngleSignOn Entry entr y = cache. get(cookie .getValue( ));	249	Si ngleSignOn Entry entr y = cache. get(cookie .getValue( ));	249	Si ngleSignOn Entry entr y = cache. get(cookie .getValue( ));
250	if (entry != null) {	250	if (entry != null) {	250	if (entry != null) {
251	if (cont ainerLog.i sDebugEnab led()) {	251	if (cont ainerLog.i sDebugEnab led()) {	251	if (cont ainerLog.i sDebugEnab led()) {
252	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.pr incipalFou nd",	252	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.pr incipalFou nd",	252	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.pr incipalFou nd",
253	entry. getPrincip al() != nu ll ? entry .getPrinci pal().getN ame() : "" ,	253	entry. getPrincip al() != nu ll ? entry .getPrinci pal().getN ame() : "" ,	253	entry. getPrincip al() != nu ll ? entry .getPrinci pal().getN ame() : "" ,
254	entry. getAuthTyp e()));	254	entry. getAuthTyp e()));	254	entry. getAuthTyp e()));
255	}	255	}	255	}
256	request. setNote(Co nstants.RE Q_SSOID_NO TE, cookie .getValue( ));	256	request. setNote(Co nstants.RE Q_SSOID_NO TE, cookie .getValue( ));	256	request. setNote(Co nstants.RE Q_SSOID_NO TE, cookie .getValue( ));
257	// Only set securi ty element s if reaut henticatio n is not r equired	257	// Only set securi ty element s if reaut henticatio n is not r equired	257	// Only set securi ty element s if reaut henticatio n is not r equired
258	if (!get RequireRea uthenticat ion()) {	258	if (!get RequireRea uthenticat ion()) {	258	if (!get RequireRea uthenticat ion()) {
259	requ est.setAut hType(entr y.getAuthT ype());	259	requ est.setAut hType(entr y.getAuthT ype());	259	requ est.setAut hType(entr y.getAuthT ype());
260	requ est.setUse rPrincipal (entry.get Principal( ));	260	requ est.setUse rPrincipal (entry.get Principal( ));	260	requ est.setUse rPrincipal (entry.get Principal( ));
261	}	261	}	261	}
262	} else {	262	} else {	262	} else {
263	if (cont ainerLog.i sDebugEnab led()) {	263	if (cont ainerLog.i sDebugEnab led()) {	263	if (cont ainerLog.i sDebugEnab led()) {
264	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.pr incipalNot Found",	264	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.pr incipalNot Found",	264	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.pr incipalNot Found",
265	cookie .getValue( )));	265	cookie .getValue( )));	265	cookie .getValue( )));
266	}	266	}	266	}
267	// No ne ed to retu rn a valid SSO sessi on ID	267	// No ne ed to retu rn a valid SSO sessi on ID	267	// No ne ed to retu rn a valid SSO sessi on ID
268	cookie.s etValue("R EMOVE");	268	cookie.s etValue("R EMOVE");	268	cookie.s etValue("R EMOVE");
269	// Age o f zero wil l trigger removal	269	// Age o f zero wil l trigger removal	269	// Age o f zero wil l trigger removal
270	cookie.s etMaxAge(0 );	270	cookie.s etMaxAge(0 );	270	cookie.s etMaxAge(0 );
271	// Domai n and path have to m atch the o riginal co okie to 'r eplace'	271	// Domai n and path have to m atch the o riginal co okie to 'r eplace'	271	// Domai n and path have to m atch the o riginal co okie to 'r eplace'
272	// the o riginal co okie	272	// the o riginal co okie	272	// the o riginal co okie
273	cookie.s etPath("/" );	273	cookie.s etPath("/" );	273	cookie.s etPath("/" );
274	String d omain = ge tCookieDom ain();	274	String d omain = ge tCookieDom ain();	274	String d omain = ge tCookieDom ain();
275	if (doma in != null ) {	275	if (doma in != null ) {	275	if (doma in != null ) {
276	cook ie.setDoma in(domain) ;	276	cook ie.setDoma in(domain) ;	276	cook ie.setDoma in(domain) ;
277	}	277	}	277	}
278	// This is going t o trigger a Set-Cook ie header. While the value is	278	// This is going t o trigger a Set-Cook ie header. While the value is	278	// This is going t o trigger a Set-Cook ie header. While the value is
279	// not s ecurity se nsitive, e nsure that expectati ons for se cure and	279	// not s ecurity se nsitive, e nsure that expectati ons for se cure and	279	// not s ecurity se nsitive, e nsure that expectati ons for se cure and
280	// httpO nly are me t	280	// httpO nly are me t	280	// httpO nly are me t
281	cookie.s etSecure(r equest.isS ecure());	281	cookie.s etSecure(r equest.isS ecure());	281	cookie.s etSecure(r equest.isS ecure());
282	if (requ est.getSer vletContex t().getSes sionCookie Config().i sHttpOnly( ) \|\|	282	if (requ est.getSer vletContex t().getSes sionCookie Config().i sHttpOnly( ) \|\|	282	if (requ est.getSer vletContex t().getSes sionCookie Config().i sHttpOnly( ) \|\|
283	request.ge tContext() .getUseHtt pOnly()) {	283	request.ge tContext() .getUseHtt pOnly()) {	283	request.ge tContext() .getUseHtt pOnly()) {
284	cook ie.setHttp Only(true) ;	284	cook ie.setHttp Only(true) ;	284	cook ie.setHttp Only(true) ;
285	}	285	}	285	}
286		286		286
287	response .addCookie (cookie);	287	response .addCookie (cookie);	287	response .addCookie (cookie);
288	}	288	}	288	}
289		289		289
290	// Invoke th e next Val ve in our pipeline	290	// Invoke th e next Val ve in our pipeline	290	// Invoke th e next Val ve in our pipeline
291	ge tNext().in voke(reque st, respon se);	291	ge tNext().in voke(reque st, respon se);	291	ge tNext().in voke(reque st, respon se);
292	}	292	}	292	}
293		293		293
294		294		294
295	// --- ---------- ---------- ---------- ---------- ---------- - Protecte d Methods	295	// --- ---------- ---------- ---------- ---------- ---------- - Protecte d Methods	295	// --- ---------- ---------- ---------- ---------- ---------- - Protecte d Methods
296		296		296
297	/**	297	/**	297	/**
298	* Pro cess a ses sion destr oyed event by removi ng referen ces to tha t session	298	* Pro cess a ses sion destr oyed event by removi ng referen ces to tha t session	298	* Pro cess a ses sion destr oyed event by removi ng referen ces to tha t session
299	* fro m the cach es and - i f the sess ion destru ction is t he result of a	299	* fro m the cach es and - i f the sess ion destru ction is t he result of a	299	* fro m the cach es and - i f the sess ion destru ction is t he result of a
300	* log out - dest roy the as sociated S SO session .	300	* log out - dest roy the as sociated S SO session .	300	* log out - dest roy the as sociated S SO session .
301	*	301	*	301	*
302	* @pa ram ssoId The ID o f the SSO session wh ich which the destro yed	302	* @pa ram ssoId The ID o f the SSO session wh ich which the destro yed	302	* @pa ram ssoId The ID o f the SSO session wh ich which the destro yed
303	* session was associ ated	303	* session was associ ated	303	* session was associ ated
304	* @pa ram sessio n The sess ion that h as been de stroyed	304	* @pa ram sessio n The sess ion that h as been de stroyed	304	* @pa ram sessio n The sess ion that h as been de stroyed
305	*/	305	*/	305	*/
306	public void sess ionDestroy ed(String ssoId, Ses sion sessi on) {	306	public void sess ionDestroy ed(String ssoId, Ses sion sessi on) {	306	public void sess ionDestroy ed(String ssoId, Ses sion sessi on) {
307		307		307
308	if (!getStat e().isAvai lable()) {	308	if (!getStat e().isAvai lable()) {	308	if (!getStat e().isAvai lable()) {
309	return;	309	return;	309	return;
310	}	310	}	310	}
311		311		311
312	// Was the s ession des troyed as the result of a time out or con text stop?	312	// Was the s ession des troyed as the result of a time out or con text stop?	312	// Was the s ession des troyed as the result of a time out or con text stop?
313	// If so, we 'll just r emove the expired se ssion from the SSO. If the	313	// If so, we 'll just r emove the expired se ssion from the SSO. If the	313	// If so, we 'll just r emove the expired se ssion from the SSO. If the
314	// session w as logged out, we'll log out o f all sess ion associ ated with	314	// session w as logged out, we'll log out o f all sess ion associ ated with	314	// session w as logged out, we'll log out o f all sess ion associ ated with
315	// the SSO.	315	// the SSO.	315	// the SSO.
316	if (((sessio n.getMaxIn activeInte rval() > 0 )	316	if (((sessio n.getMaxIn activeInte rval() > 0 )	316	if (((sessio n.getMaxIn activeInte rval() > 0 )
317	&& (sess ion.getIdl eTimeInter nal() >= s ession.get MaxInactiv eInterval( ) * 1000))	317	&& (sess ion.getIdl eTimeInter nal() >= s ession.get MaxInactiv eInterval( ) * 1000))	317	&& (sess ion.getIdl eTimeInter nal() >= s ession.get MaxInactiv eInterval( ) * 1000))
318	\|\| (!ses sion.getMa nager().ge tContext() .getState( ).isAvaila ble())) {	318	\|\| (!ses sion.getMa nager().ge tContext() .getState( ).isAvaila ble())) {	318	\|\| (!ses sion.getMa nager().ge tContext() .getState( ).isAvaila ble())) {
319	if (cont ainerLog.i sDebugEnab led()) {	319	if (cont ainerLog.i sDebugEnab led()) {	319	if (cont ainerLog.i sDebugEnab led()) {
320	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.se ssionTimeo ut",	320	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.se ssionTimeo ut",	320	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.se ssionTimeo ut",
321	ssoId, session)) ;	321	ssoId, session)) ;	321	ssoId, session)) ;
322	}	322	}	322	}
323	removeSe ssion(ssoI d, session );	323	removeSe ssion(ssoI d, session );	323	removeSe ssion(ssoI d, session );
324	} else {	324	} else {	324	} else {
325	// The s ession was logged ou t.	325	// The s ession was logged ou t.	325	// The s ession was logged ou t.
326	// Dereg ister this single se ssion id, invalidati ng	326	// Dereg ister this single se ssion id, invalidati ng	326	// Dereg ister this single se ssion id, invalidati ng
327	// assoc iated sess ions	327	// assoc iated sess ions	327	// assoc iated sess ions
328	if (cont ainerLog.i sDebugEnab led()) {	328	if (cont ainerLog.i sDebugEnab led()) {	328	if (cont ainerLog.i sDebugEnab led()) {
329	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.se ssionLogou t",	329	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.se ssionLogou t",	329	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.se ssionLogou t",
330	ssoId, session)) ;	330	ssoId, session)) ;	330	ssoId, session)) ;
331	}	331	}	331	}
332	// First remove th e session that we kn ow has exp ired / bee n logged	332	// First remove th e session that we kn ow has exp ired / bee n logged	332	// First remove th e session that we kn ow has exp ired / bee n logged
333	// out s ince it ha s already been remov ed from it s Manager and, if	333	// out s ince it ha s already been remov ed from it s Manager and, if	333	// out s ince it ha s already been remov ed from it s Manager and, if
334	// we do n't remove it first, deregiste r() will l og a warni ng that it	334	// we do n't remove it first, deregiste r() will l og a warni ng that it	334	// we do n't remove it first, deregiste r() will l og a warni ng that it
335	// can't be found	335	// can't be found	335	// can't be found
336	removeSe ssion(ssoI d, session );	336	removeSe ssion(ssoI d, session );	336	removeSe ssion(ssoI d, session );
337	// If th e SSO sess ion was on ly associa ted with o ne web app the call	337	// If th e SSO sess ion was on ly associa ted with o ne web app the call	337	// If th e SSO sess ion was on ly associa ted with o ne web app the call
338	// above will have removed t he SSO ses sion from the cache	338	// above will have removed t he SSO ses sion from the cache	338	// above will have removed t he SSO ses sion from the cache
339	if (cach e.contains Key(ssoId) ) {	339	if (cach e.contains Key(ssoId) ) {	339	if (cach e.contains Key(ssoId) ) {
340	dere gister(sso Id);	340	dere gister(sso Id);	340	dere gister(sso Id);
341	}	341	}	341	}
342	}	342	}	342	}
343	}	343	}	343	}
344		344		344
345		345		345
346	/**	346	/**	346	/**
347	* Ass ociate the specified single si gn on iden tifier wit h the	347	* Ass ociate the specified single si gn on iden tifier wit h the	347	* Ass ociate the specified single si gn on iden tifier wit h the
348	* spe cified Ses sion.	348	* spe cified Ses sion.	348	* spe cified Ses sion.
349	*	349	*	349	*
350	* @pa ram ssoId Single sig n on ident ifier	350	* @pa ram ssoId Single sig n on ident ifier	350	* @pa ram ssoId Single sig n on ident ifier
351	* @pa ram sessio n Session to be asso ciated	351	* @pa ram sessio n Session to be asso ciated	351	* @pa ram sessio n Session to be asso ciated
352	*	352	*	352	*
353	* @re turn <code >true</cod e> if the session wa s associat ed to the given SSO	353	* @re turn <code >true</cod e> if the session wa s associat ed to the given SSO	353	* @re turn <code >true</cod e> if the session wa s associat ed to the given SSO
354	* sessi on, otherw ise <code> false</cod e>	354	* sessi on, otherw ise <code> false</cod e>	354	* sessi on, otherw ise <code> false</cod e>
355	*/	355	*/	355	*/
356	protec ted boolea n associat e(String s soId, Sess ion sessio n) {	356	protec ted boolea n associat e(String s soId, Sess ion sessio n) {	356	protec ted boolea n associat e(String s soId, Sess ion sessio n) {
357	Si ngleSignOn Entry sso = cache.ge t(ssoId);	357	Si ngleSignOn Entry sso = cache.ge t(ssoId);	357	Si ngleSignOn Entry sso = cache.ge t(ssoId);
358	if (sso == n ull) {	358	if (sso == n ull) {	358	if (sso == n ull) {
359	if (cont ainerLog.i sDebugEnab led()) {	359	if (cont ainerLog.i sDebugEnab led()) {	359	if (cont ainerLog.i sDebugEnab led()) {
360	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.as sociateFai l",	360	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.as sociateFai l",	360	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.as sociateFai l",
361	ssoId, session)) ;	361	ssoId, session)) ;	361	ssoId, session)) ;
362	}	362	}	362	}
363	return f alse;	363	return f alse;	363	return f alse;
364	} else {	364	} else {	364	} else {
365	if (cont ainerLog.i sDebugEnab led()) {	365	if (cont ainerLog.i sDebugEnab led()) {	365	if (cont ainerLog.i sDebugEnab led()) {
366	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.as sociate",	366	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.as sociate",	366	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.as sociate",
367	ssoId, session)) ;	367	ssoId, session)) ;	367	ssoId, session)) ;
368	}	368	}	368	}
369	sso.addS ession(thi s, ssoId, session);	369	sso.addS ession(thi s, ssoId, session);	369	sso.addS ession(thi s, ssoId, session);
370	return t rue;	370	return t rue;	370	return t rue;
371	}	371	}	371	}
372	}	372	}	372	}
373		373		373
374		374		374
375	/**	375	/**	375	/**
376	* Der egister th e specifie d single s ign on ide ntifier, a nd invalid ate	376	* Der egister th e specifie d single s ign on ide ntifier, a nd invalid ate	376	* Der egister th e specifie d single s ign on ide ntifier, a nd invalid ate
377	* any associate d sessions .	377	* any associate d sessions .	377	* any associate d sessions .
378	*	378	*	378	*
379	* @pa ram ssoId Single sig n on ident ifier to d eregister	379	* @pa ram ssoId Single sig n on ident ifier to d eregister	379	* @pa ram ssoId Single sig n on ident ifier to d eregister
380	*/	380	*/	380	*/
381	protec ted void d eregister( String sso Id) {	381	protec ted void d eregister( String sso Id) {	381	protec ted void d eregister( String sso Id) {
382		382		382
383	// Look up a nd remove the corres ponding Si ngleSignOn Entry	383	// Look up a nd remove the corres ponding Si ngleSignOn Entry	383	// Look up a nd remove the corres ponding Si ngleSignOn Entry
384	Si ngleSignOn Entry sso = cache.re move(ssoId );	384	Si ngleSignOn Entry sso = cache.re move(ssoId );	384	Si ngleSignOn Entry sso = cache.re move(ssoId );
385		385		385
386	if (sso == n ull) {	386	if (sso == n ull) {	386	if (sso == n ull) {
387	if (cont ainerLog.i sDebugEnab led()) {	387	if (cont ainerLog.i sDebugEnab led()) {	387	if (cont ainerLog.i sDebugEnab led()) {
388	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de registerFa il", ssoId ));	388	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de registerFa il", ssoId ));	388	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de registerFa il", ssoId ));
389	}	389	}	389	}
390	return;	390	return;	390	return;
391	}	391	}	391	}
392		392		392
393	// Expire an y associat ed session s	393	// Expire an y associat ed session s	393	// Expire an y associat ed session s
394	Se t<SingleSi gnOnSessio nKey> ssoK eys = sso. findSessio ns();	394	Se t<SingleSi gnOnSessio nKey> ssoK eys = sso. findSessio ns();	394	Se t<SingleSi gnOnSessio nKey> ssoK eys = sso. findSessio ns();
395	if (ssoKeys. size() == 0) {	395	if (ssoKeys. size() == 0) {	395	if (ssoKeys. size() == 0) {
396	if (cont ainerLog.i sDebugEnab led()) {	396	if (cont ainerLog.i sDebugEnab led()) {	396	if (cont ainerLog.i sDebugEnab led()) {
397	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de registerNo ne", ssoId ));	397	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de registerNo ne", ssoId ));	397	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de registerNo ne", ssoId ));
398	}	398	}	398	}
399	}	399	}	399	}
400	fo r (SingleS ignOnSessi onKey ssoK ey : ssoKe ys) {	400	fo r (SingleS ignOnSessi onKey ssoK ey : ssoKe ys) {	400	fo r (SingleS ignOnSessi onKey ssoK ey : ssoKe ys) {
401	if (cont ainerLog.i sDebugEnab led()) {	401	if (cont ainerLog.i sDebugEnab led()) {	401	if (cont ainerLog.i sDebugEnab led()) {
402	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de register", ssoKey, s soId));	402	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de register", ssoKey, s soId));	402	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.de register", ssoKey, s soId));
403	}	403	}	403	}
404	// Inval idate this session	404	// Inval idate this session	404	// Inval idate this session
405	expire(s soKey);	405	expire(s soKey);	405	expire(s soKey);
406	}	406	}	406	}
407		407		407
408	// NOTE: Cl ients may still poss ess the ol d single s ign on coo kie,	408	// NOTE: Cl ients may still poss ess the ol d single s ign on coo kie,	408	// NOTE: Cl ients may still poss ess the ol d single s ign on coo kie,
409	// but it wi ll be remo ved on the next requ est since it is no l onger	409	// but it wi ll be remo ved on the next requ est since it is no l onger	409	// but it wi ll be remo ved on the next requ est since it is no l onger
410	// in the ca che	410	// in the ca che	410	// in the ca che
411	}	411	}	411	}
412		412		412
413		413		413
414	privat e void exp ire(Single SignOnSess ionKey key ) {	414	privat e void exp ire(Single SignOnSess ionKey key ) {	414	privat e void exp ire(Single SignOnSess ionKey key ) {
415	if (engine = = null) {	415	if (engine = = null) {	415	if (engine = = null) {
416	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .engineNul l", key));	416	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .engineNul l", key));	416	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .engineNul l", key));
417	return;	417	return;	417	return;
418	}	418	}	418	}
419	Co ntainer ho st = engin e.findChil d(key.getH ostName()) ;	419	Co ntainer ho st = engin e.findChil d(key.getH ostName()) ;	419	Co ntainer ho st = engin e.findChil d(key.getH ostName()) ;
420	if (host == null) {	420	if (host == null) {	420	if (host == null) {
421	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .hostNotFo und", key) );	421	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .hostNotFo und", key) );	421	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .hostNotFo und", key) );
422	return;	422	return;	422	return;
423	}	423	}	423	}
424	Co ntext cont ext = (Con text) host .findChild (key.getCo ntextName( ));	424	Co ntext cont ext = (Con text) host .findChild (key.getCo ntextName( ));	424	Co ntext cont ext = (Con text) host .findChild (key.getCo ntextName( ));
425	if (context == null) {	425	if (context == null) {	425	if (context == null) {
426	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .contextNo tFound", k ey));	426	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .contextNo tFound", k ey));	426	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .contextNo tFound", k ey));
427	return;	427	return;	427	return;
428	}	428	}	428	}
429	Ma nager mana ger = cont ext.getMan ager();	429	Ma nager mana ger = cont ext.getMan ager();	429	Ma nager mana ger = cont ext.getMan ager();
430	if (manager == null) {	430	if (manager == null) {	430	if (manager == null) {
431	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .managerNo tFound", k ey));	431	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .managerNo tFound", k ey));	431	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .managerNo tFound", k ey));
432	return;	432	return;	432	return;
433	}	433	}	433	}
434	Se ssion sess ion = null ;	434	Se ssion sess ion = null ;	434	Se ssion sess ion = null ;
435	tr y {	435	tr y {	435	tr y {
436	session = manager. findSessio n(key.getS essionId() );	436	session = manager. findSessio n(key.getS essionId() );	436	session = manager. findSessio n(key.getS essionId() );
437	} catch (IOE xception e ) {	437	} catch (IOE xception e ) {	437	} catch (IOE xception e ) {
438	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .managerEr ror", key) , e);	438	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .managerEr ror", key) , e);	438	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .managerEr ror", key) , e);
439	return;	439	return;	439	return;
440	}	440	}	440	}
441	if (session == null) {	441	if (session == null) {	441	if (session == null) {
442	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .sessionNo tFound", k ey));	442	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .sessionNo tFound", k ey));	442	containe rLog.warn( sm.getStri ng("single SignOn.ses sionExpire .sessionNo tFound", k ey));
443	return;	443	return;	443	return;
444	}	444	}	444	}
445	se ssion.expi re();	445	se ssion.expi re();	445	se ssion.expi re();
446	}	446	}	446	}
447		447		447
448		448		448
449	/**	449	/**	449	/**
450	* Att empts reau thenticati on to the given <cod e>Realm</c ode> using	450	* Att empts reau thenticati on to the given <cod e>Realm</c ode> using	450	* Att empts reau thenticati on to the given <cod e>Realm</c ode> using
451	* the credentia ls associa ted with t he single sign-on se ssion	451	* the credentia ls associa ted with t he single sign-on se ssion	451	* the credentia ls associa ted with t he single sign-on se ssion
452	* ide ntified by argument <code>ssoI d</code>.	452	* ide ntified by argument <code>ssoI d</code>.	452	* ide ntified by argument <code>ssoI d</code>.
453	* <p>	453	* <p>	453	* <p>
454	* If reauthenti cation is successful , the <cod e>Principa l</code> a nd	454	* If reauthenti cation is successful , the <cod e>Principa l</code> a nd	454	* If reauthenti cation is successful , the <cod e>Principa l</code> a nd
455	* aut horization type asso ciated wit h the SSO session wi ll be boun d	455	* aut horization type asso ciated wit h the SSO session wi ll be boun d	455	* aut horization type asso ciated wit h the SSO session wi ll be boun d
456	* to the given <code>Requ est</code> object vi a calls to	456	* to the given <code>Requ est</code> object vi a calls to	456	* to the given <code>Requ est</code> object vi a calls to
457	* {@l ink Reques t#setAuthT ype Reques t.setAuthT ype()} and	457	* {@l ink Reques t#setAuthT ype Reques t.setAuthT ype()} and	457	* {@l ink Reques t#setAuthT ype Reques t.setAuthT ype()} and
458	* {@l ink Reques t#setUserP rincipal R equest.set UserPrinci pal()}	458	* {@l ink Reques t#setUserP rincipal R equest.set UserPrinci pal()}	458	* {@l ink Reques t#setUserP rincipal R equest.set UserPrinci pal()}
459	* </p >	459	* </p >	459	* </p >
460	*	460	*	460	*
461	* @pa ram ssoId identi fier of Si ngleSignOn session w ith which the	461	* @pa ram ssoId identi fier of Si ngleSignOn session w ith which the	461	* @pa ram ssoId identi fier of Si ngleSignOn session w ith which the
462	* caller is associ ated	462	* caller is associ ated	462	* caller is associ ated
463	* @pa ram realm Realm implementa tion again st which t he caller is to	463	* @pa ram realm Realm implementa tion again st which t he caller is to	463	* @pa ram realm Realm implementa tion again st which t he caller is to
464	* be aut henticated	464	* be aut henticated	464	* be aut henticated
465	* @pa ram reques t the re quest that needs to be authent icated	465	* @pa ram reques t the re quest that needs to be authent icated	465	* @pa ram reques t the re quest that needs to be authent icated
466	*	466	*	466	*
467	* @re turn <cod e>true</co de> if rea uthenticat ion was su ccessful,	467	* @re turn <cod e>true</co de> if rea uthenticat ion was su ccessful,	467	* @re turn <cod e>true</co de> if rea uthenticat ion was su ccessful,
468	* <cod e>false</c ode> other wise.	468	* <cod e>false</c ode> other wise.	468	* <cod e>false</c ode> other wise.
469	*/	469	*/	469	*/
470	protec ted boolea n reauthen ticate(Str ing ssoId, Realm rea lm,	470	protec ted boolea n reauthen ticate(Str ing ssoId, Realm rea lm,	470	protec ted boolea n reauthen ticate(Str ing ssoId, Realm rea lm,
471	Req uest reque st) {	471	Req uest reque st) {	471	Req uest reque st) {
472		472		472
473	if (ssoId == null \|\| r ealm == nu ll) {	473	if (ssoId == null \|\| r ealm == nu ll) {	473	if (ssoId == null \|\| r ealm == nu ll) {
474	return f alse;	474	return f alse;	474	return f alse;
475	}	475	}	475	}
476		476		476
477	bo olean reau thenticate d = false;	477	bo olean reau thenticate d = false;	477	bo olean reau thenticate d = false;
478		478		478
479	Si ngleSignOn Entry entr y = cache. get(ssoId) ;	479	Si ngleSignOn Entry entr y = cache. get(ssoId) ;	479	Si ngleSignOn Entry entr y = cache. get(ssoId) ;
480	if (entry != null && e ntry.getCa nReauthent icate()) {	480	if (entry != null && e ntry.getCa nReauthent icate()) {	480	if (entry != null && e ntry.getCa nReauthent icate()) {
481		481		481
482	String u sername = entry.getU sername();	482	String u sername = entry.getU sername();	482	String u sername = entry.getU sername();
483	if (user name != nu ll) {	483	if (user name != nu ll) {	483	if (user name != nu ll) {
484	Prin cipal reau thPrincipa l =	484	Prin cipal reau thPrincipa l =	484	Prin cipal reau thPrincipa l =
485	realm. authentica te(usernam e, entry.g etPassword ());	485	realm. authentica te(usernam e, entry.g etPassword ());	485	realm. authentica te(usernam e, entry.g etPassword ());
486	if ( reauthPrin cipal != n ull) {	486	if ( reauthPrin cipal != n ull) {	486	if ( reauthPrin cipal != n ull) {
487	reauthenti cated = tr ue;	487	reauthenti cated = tr ue;	487	reauthenti cated = tr ue;
488	// Bind th e authoriz ation cred entials to the reque st	488	// Bind th e authoriz ation cred entials to the reque st	488	// Bind th e authoriz ation cred entials to the reque st
489	request.se tAuthType( entry.getA uthType()) ;	489	request.se tAuthType( entry.getA uthType()) ;	489	request.se tAuthType( entry.getA uthType()) ;
490	request.se tUserPrinc ipal(reaut hPrincipal );	490	request.se tUserPrinc ipal(reaut hPrincipal );	490	request.se tUserPrinc ipal(reaut hPrincipal );
491	}	491	}	491	}
492	}	492	}	492	}
493	}	493	}	493	}
494		494		494
495	re turn reaut henticated ;	495	re turn reaut henticated ;	495	re turn reaut henticated ;
496	}	496	}	496	}
497		497		497
498		498		498
499	/**	499	/**	499	/**
500	* Reg ister the specified Principal as being a ssociated with the s pecified	500	* Reg ister the specified Principal as being a ssociated with the s pecified	500	* Reg ister the specified Principal as being a ssociated with the s pecified
501	* val ue for the single si gn on iden tifier.	501	* val ue for the single si gn on iden tifier.	501	* val ue for the single si gn on iden tifier.
502	*	502	*	502	*
503	* @pa ram ssoId Single sig n on ident ifier to r egister	503	* @pa ram ssoId Single sig n on ident ifier to r egister	503	* @pa ram ssoId Single sig n on ident ifier to r egister
504	* @pa ram princi pal Associ ated user principal that is id entified	504	* @pa ram princi pal Associ ated user principal that is id entified	504	* @pa ram princi pal Associ ated user principal that is id entified
505	* @pa ram authTy pe Authent ication ty pe used to authentic ate this	505	* @pa ram authTy pe Authent ication ty pe used to authentic ate this	505	* @pa ram authTy pe Authent ication ty pe used to authentic ate this
506	* us er princip al	506	* us er princip al	506	* us er princip al
507	* @pa ram userna me Usernam e used to authentica te this us er	507	* @pa ram userna me Usernam e used to authentica te this us er	507	* @pa ram userna me Usernam e used to authentica te this us er
508	* @pa ram passwo rd Passwor d used to authentica te this us er	508	* @pa ram passwo rd Passwor d used to authentica te this us er	508	* @pa ram passwo rd Passwor d used to authentica te this us er
509	*/	509	*/	509	*/
510	protec ted void r egister(St ring ssoId , Principa l principa l, String authType,	510	protec ted void r egister(St ring ssoId , Principa l principa l, String authType,	510	protec ted void r egister(St ring ssoId , Principa l principa l, String authType,
511	St ring usern ame, Strin g password ) {	511	St ring usern ame, Strin g password ) {	511	St ring usern ame, Strin g password ) {
512		512		512
513	if (containe rLog.isDeb ugEnabled( )) {	513	if (containe rLog.isDeb ugEnabled( )) {	513	if (containe rLog.isDeb ugEnabled( )) {
514	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.regist er", ssoId ,	514	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.regist er", ssoId ,	514	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.regist er", ssoId ,
515	principal != null ? principal. getName() : "", auth Type));	515	principal != null ? principal. getName() : "", auth Type));	515	principal != null ? principal. getName() : "", auth Type));
516	}	516	}	516	}
517		517		517
518	ca che.put(ss oId, new S ingleSignO nEntry(pri ncipal, au thType, us ername, pa ssword));	518	ca che.put(ss oId, new S ingleSignO nEntry(pri ncipal, au thType, us ername, pa ssword));	518	ca che.put(ss oId, new S ingleSignO nEntry(pri ncipal, au thType, us ername, pa ssword));
519	}	519	}	519	}
520		520		520
521		521		521
522	/**	522	/**	522	/**
523	* Upd ates any < code>Singl eSignOnEnt ry</code> found unde r key	523	* Upd ates any < code>Singl eSignOnEnt ry</code> found unde r key	523	* Upd ates any < code>Singl eSignOnEnt ry</code> found unde r key
524	* <co de>ssoId</ code> with the given authentic ation data .	524	* <co de>ssoId</ code> with the given authentic ation data .	524	* <co de>ssoId</ code> with the given authentic ation data .
525	* <p>	525	* <p>	525	* <p>
526	* The purpose o f this met hod is to allow an S SO entry t hat was	526	* The purpose o f this met hod is to allow an S SO entry t hat was	526	* The purpose o f this met hod is to allow an S SO entry t hat was
527	* est ablished w ithout a u sername/pa ssword com bination ( i.e. estab lished	527	* est ablished w ithout a u sername/pa ssword com bination ( i.e. estab lished	527	* est ablished w ithout a u sername/pa ssword com bination ( i.e. estab lished
528	* fol lowing DIG EST or CLI ENT_CERT a uthenticat ion) to be updated w ith	528	* fol lowing DIG EST or CLI ENT_CERT a uthenticat ion) to be updated w ith	528	* fol lowing DIG EST or CLI ENT_CERT a uthenticat ion) to be updated w ith
529	* a u sername an d password if one be comes avai lable thro ugh a subs equent	529	* a u sername an d password if one be comes avai lable thro ugh a subs equent	529	* a u sername an d password if one be comes avai lable thro ugh a subs equent
530	* BAS IC or FORM authentic ation. Th e SSO entr y will the n be usabl e for	530	* BAS IC or FORM authentic ation. Th e SSO entr y will the n be usabl e for	530	* BAS IC or FORM authentic ation. Th e SSO entr y will the n be usabl e for
531	* rea uthenticat ion.	531	* rea uthenticat ion.	531	* rea uthenticat ion.
532	* <p>	532	* <p>	532	* <p>
533	* <b> NOTE:</b> Only updat es the SSO entry if a call to	533	* <b> NOTE:</b> Only updat es the SSO entry if a call to	533	* <b> NOTE:</b> Only updat es the SSO entry if a call to
534	* <co de>SingleS ignOnEntry .getCanRea uthenticat e()</code> returns	534	* <co de>SingleS ignOnEntry .getCanRea uthenticat e()</code> returns	534	* <co de>SingleS ignOnEntry .getCanRea uthenticat e()</code> returns
535	* <co de>false</ code>; oth erwise, it is assume d that the SSO entry already	535	* <co de>false</ code>; oth erwise, it is assume d that the SSO entry already	535	* <co de>false</ code>; oth erwise, it is assume d that the SSO entry already
536	* has sufficien t informat ion to all ow reauthe ntication and that n o update	536	* has sufficien t informat ion to all ow reauthe ntication and that n o update	536	* has sufficien t informat ion to all ow reauthe ntication and that n o update
537	* is needed.	537	* is needed.	537	* is needed.
538	*	538	*	538	*
539	* @pa ram ssoId identi fier of Si ngle sign to be upda ted	539	* @pa ram ssoId identi fier of Si ngle sign to be upda ted	539	* @pa ram ssoId identi fier of Si ngle sign to be upda ted
540	* @pa ram princi pal the <c ode>Princi pal</code> returned by the lat est	540	* @pa ram princi pal the <c ode>Princi pal</code> returned by the lat est	540	* @pa ram princi pal the <c ode>Princi pal</code> returned by the lat est
541	* call t o <code>Re alm.authen ticate</co de>.	541	* call t o <code>Re alm.authen ticate</co de>.	541	* call t o <code>Re alm.authen ticate</co de>.
542	* @pa ram authTy pe the ty pe of auth enticator used (BASI C, CLIENT_ CERT,	542	* @pa ram authTy pe the ty pe of auth enticator used (BASI C, CLIENT_ CERT,	542	* @pa ram authTy pe the ty pe of auth enticator used (BASI C, CLIENT_ CERT,
543	* DIGEST or FORM)	543	* DIGEST or FORM)	543	* DIGEST or FORM)
544	* @pa ram userna me the us ername (if any) used for the a uthenticat ion	544	* @pa ram userna me the us ername (if any) used for the a uthenticat ion	544	* @pa ram userna me the us ername (if any) used for the a uthenticat ion
545	* @pa ram passwo rd the pa ssword (if any) used for the a uthenticat ion	545	* @pa ram passwo rd the pa ssword (if any) used for the a uthenticat ion	545	* @pa ram passwo rd the pa ssword (if any) used for the a uthenticat ion
546	*	546	*	546	*
547	* @re turn <code >true</cod e> if the credential s were upd ated, othe rwise	547	* @re turn <code >true</cod e> if the credential s were upd ated, othe rwise	547	* @re turn <code >true</cod e> if the credential s were upd ated, othe rwise
548	* <code >false</co de>	548	* <code >false</co de>	548	* <code >false</co de>
549	*/	549	*/	549	*/
550	protec ted boolea n update(S tring ssoI d, Princip al princip al, String authType,	550	protec ted boolea n update(S tring ssoI d, Princip al princip al, String authType,	550	protec ted boolea n update(S tring ssoI d, Princip al princip al, String authType,
551	Stri ng usernam e, String password) {	551	Stri ng usernam e, String password) {	551	Stri ng usernam e, String password) {
552		552		552
553	Si ngleSignOn Entry sso = cache.ge t(ssoId);	553	Si ngleSignOn Entry sso = cache.ge t(ssoId);	553	Si ngleSignOn Entry sso = cache.ge t(ssoId);
554	if (sso != n ull && !ss o.getCanRe authentica te()) {	554	if (sso != n ull && !ss o.getCanRe authentica te()) {	554	if (sso != n ull && !ss o.getCanRe authentica te()) {
555	if (cont ainerLog.i sDebugEnab led()) {	555	if (cont ainerLog.i sDebugEnab led()) {	555	if (cont ainerLog.i sDebugEnab led()) {
556	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.up date", sso Id, authTy pe));	556	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.up date", sso Id, authTy pe));	556	cont ainerLog.d ebug(sm.ge tString("s ingleSignO n.debug.up date", sso Id, authTy pe));
557	}	557	}	557	}
558		558		558
559	sso.upda teCredenti als(princi pal, authT ype, usern ame, passw ord);	559	sso.upda teCredenti als(princi pal, authT ype, usern ame, passw ord);	559	sso.upda teCredenti als(princi pal, authT ype, usern ame, passw ord);
560	return t rue;	560	return t rue;	560	return t rue;
561	}	561	}	561	}
562	re turn false ;	562	re turn false ;	562	re turn false ;
563	}	563	}	563	}
564		564		564
565		565		565
566	/**	566	/**	566	/**
567	* Rem ove a sing le Session from a Si ngleSignOn . Called when	567	* Rem ove a sing le Session from a Si ngleSignOn . Called when	567	* Rem ove a sing le Session from a Si ngleSignOn . Called when
568	* a s ession is timed out and no lon ger active .	568	* a s ession is timed out and no lon ger active .	568	* a s ession is timed out and no lon ger active .
569	*	569	*	569	*
570	* @pa ram ssoId Single sig n on ident ifier from which to remove the session.	570	* @pa ram ssoId Single sig n on ident ifier from which to remove the session.	570	* @pa ram ssoId Single sig n on ident ifier from which to remove the session.
571	* @pa ram sessio n the sess ion to be removed.	571	* @pa ram sessio n the sess ion to be removed.	571	* @pa ram sessio n the sess ion to be removed.
572	*/	572	*/	572	*/
573	protec ted void r emoveSessi on(String ssoId, Ses sion sessi on) {	573	protec ted void r emoveSessi on(String ssoId, Ses sion sessi on) {	573	protec ted void r emoveSessi on(String ssoId, Ses sion sessi on) {
574		574		574
575	if (containe rLog.isDeb ugEnabled( )) {	575	if (containe rLog.isDeb ugEnabled( )) {	575	if (containe rLog.isDeb ugEnabled( )) {
576	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.remove Session", session, s soId));	576	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.remove Session", session, s soId));	576	containe rLog.debug (sm.getStr ing("singl eSignOn.de bug.remove Session", session, s soId));
577	}	577	}	577	}
578		578		578
579	// Get a ref erence to the Single SignOn	579	// Get a ref erence to the Single SignOn	579	// Get a ref erence to the Single SignOn
580	Si ngleSignOn Entry entr y = cache. get(ssoId) ;	580	Si ngleSignOn Entry entr y = cache. get(ssoId) ;	580	Si ngleSignOn Entry entr y = cache. get(ssoId) ;
581	if (entry == null) {	581	if (entry == null) {	581	if (entry == null) {
582	return;	582	return;	582	return;
583	}	583	}	583	}
584		584		584
585	// Remove th e inactive session f rom Single SignOnEntr y	585	// Remove th e inactive session f rom Single SignOnEntr y	585	// Remove th e inactive session f rom Single SignOnEntr y
586	en try.remove Session(se ssion);	586	en try.remove Session(se ssion);	586	en try.remove Session(se ssion);
587		587		587
588	// If there are not se ssions lef t in the S ingleSignO nEntry,	588	// If there are not se ssions lef t in the S ingleSignO nEntry,	588	// If there are not se ssions lef t in the S ingleSignO nEntry,
589	// deregiste r the entr y.	589	// deregiste r the entr y.	589	// deregiste r the entr y.
590	if (entry.fi ndSessions ().size() == 0) {	590	if (entry.fi ndSessions ().size() == 0) {	590	if (entry.fi ndSessions ().size() == 0) {
591	deregist er(ssoId);	591	deregist er(ssoId);	591	deregist er(ssoId);
592	}	592	}	592	}
593	}	593	}	593	}
594		594		594
595		595		595
596	protec ted Sessio nListener getSession Listener(S tring ssoI d) {	596	protec ted Sessio nListener getSession Listener(S tring ssoI d) {	596	protec ted Sessio nListener getSession Listener(S tring ssoI d) {
597	re turn new S ingleSignO nListener( ssoId);	597	re turn new S ingleSignO nListener( ssoId);	597	re turn new S ingleSignO nListener( ssoId);
598	}	598	}	598	}
599		599		599
600		600		600
601	@Overr ide	601	@Overr ide	601	@Overr ide
602	protec ted synchr onized voi d startInt ernal() th rows Lifec ycleExcept ion {	602	protec ted synchr onized voi d startInt ernal() th rows Lifec ycleExcept ion {	602	protec ted synchr onized voi d startInt ernal() th rows Lifec ycleExcept ion {
603	Co ntainer c = getConta iner();	603	Co ntainer c = getConta iner();	603	Co ntainer c = getConta iner();
604	wh ile (c != null && !( c instance of Engine) ) {	604	wh ile (c != null && !( c instance of Engine) ) {	604	wh ile (c != null && !( c instance of Engine) ) {
605	c = c.ge tParent();	605	c = c.ge tParent();	605	c = c.ge tParent();
606	}	606	}	606	}
607	if (c instan ceof Engin e) {	607	if (c instan ceof Engin e) {	607	if (c instan ceof Engin e) {
608	engine = (Engine) c;	608	engine = (Engine) c;	608	engine = (Engine) c;
609	}	609	}	609	}
610	su per.startI nternal();	610	su per.startI nternal();	610	su per.startI nternal();
611	}	611	}	611	}
612		612		612
613		613		613
614	@Overr ide	614	@Overr ide	614	@Overr ide
615	protec ted synchr onized voi d stopInte rnal() thr ows Lifecy cleExcepti on {	615	protec ted synchr onized voi d stopInte rnal() thr ows Lifecy cleExcepti on {	615	protec ted synchr onized voi d stopInte rnal() thr ows Lifecy cleExcepti on {
616	su per.stopIn ternal();	616	su per.stopIn ternal();	616	su per.stopIn ternal();
617	en gine = nul l;	617	en gine = nul l;	617	en gine = nul l;
618	}	618	}	618	}
619	}	619	}	619	}