This content has been marked as final. Show 28 replies
You can do this by creating a modified version of org.jboss.web.catalina.EmbeddedCatalinaServiceSX MBean.
Add the following line into the appropriate place in the initHttpConnector() and initWarpConnector() methods:
The easiest way to deploy this is to cut and paste a new class from EmbeddedCatalinaServiceSX.java, jar up the resulting class files (3 in all), put the jar in jboss/lib/ext and change the catalina entry in jboss.jcml to point to your new MBean.
SSO should now work.
I should point out that the solution in my previous post does only work with catalina.
Thanx David. I did exactly what you said and I got it to work.
Just a quick update to this one for 3.0.0RC2.
The current version of EmbeddedCatalinaServiceSX allows valves to be added in the service.xml. To enable SSO, add the following snippet to tomcat4-service.xml under the 'Host' tag:
Valve className = "org.apache.catalina.authenticator.SingleSignOn"
prefix = "SSO" suffix = ".log"
pattern = "common" directory = "../server/default/log" />
Does anyone know how to do this for Jetty rather than Tomcat ?
I'm trying to do exactly the same thing, but with the
standard JBoss 3.0.3 that includes Jetty...
"Alexander Benker" wrote:
your valve-entry doesn't work for me - JBoss 3.0.3 + Tomcat 4.1.12.
I did the valve job on JBoss3.0.2/Tomcat 4.0.4 that David explained and it works seamlessly. Thanx again David.
This does not work for me either (consistently)...
I get intermittent 'Access Denied' messages on pages that I have accessed already in the session. I can't see a pattern.
Does Tomcat spawning new Http threads have any bearing on this?
...I got it working!
Under IE6.0 (XP) - JBoss 3.0.3 Tomcat 4.1.12 - I was getting intermittent 'Access Denied' with the SingleSignOn valve added to my 'tomcat41-service.xml' descriptor.
All I did was to clear my IE cache (Temporary Internet Files (inc offline content))...and it started working reliably....so far!
...now it's not!
Even clearing the browser cache (a long shot) does not solve my problem. Even going to a page in the same WAR gives me 'Access Denied'....
I'll have to leave this for now...
Trying to migrate to 4.1.12 I wasn't able to use the SingleSignon Entry that worked in 4.0.5:
<Valve className="org.apache.catalina.authenticator.SingleSignOn" prefix="SSO" suffix=".log" pattern="common" directory="../server/default/log"/>
I now receive an error during JBoss startup:
08:37:23,515 ERROR [Digester] Begin event threw exception
I am sticking to 4.0.5 since I am having many upgrade issues trying to migrate to 4.1.12
You have to remove SingleSignOn class's toString() method. This toString() method uses ValveBase's container field before the ValveBase.setContainer() function is called. This is why you see NullPointerException.
The only impact of this change is when you turn on the log, it will log class name instead of "SingleSignOn[container]... ".
Much thanks to Lin for diagnosing the problem.
For anyone else having NullPointer problem, attached is a simple class that implements Lin's suggestion. It subclasses org.apache.catalina.authenticator.SingleSignOn and overrides toString(). No need to edit the tomcat code and rebuild.
Put this class in a valid package, jar it and put the jar in the JBoss /server/.../lib folder. The valve entry in the tomcat41-service.xml file then becomes:
<Valve className="whatever.your.package.is.SingleSignOnValve" prefix="SSO" suffix=".log" pattern="common" directory="../server/default/log"/>
I've put in a JBoss bug (#673669) suggesting they add a version of this to their distribution so you don't have to put your own jar in /server/.../lib. Also submitted a bug report (#16378) to Tomcat, as the real problem is w/ their code.
Thanks for your work.
The valve doesn't involve NullPointer exceptions anymore but my browser still sends me "HTTP status 403" errors in reply to 95 % (at least!) of my requests.
Does someone still have this issue? Is there any solution or do I need to give up the valve based sso solution and search for something else?