Details

    • Branch Version/s:
      6.0.x
    • Backported to Branch:
      Committed

      Description

      Problem

      For efficiency, the OpenSSOFilter should not invoke "isTokenValid" on the OpenAM server if the current request has no SSO cookies.

      Resolution

      At the following test to OpenSSOUtil to short-circuit the "isTokenValid" test when there are no SSO cookies. During testing, it was found that this test worked best by checking if all SSO cookies are null rather than any one SSO cookie.

      private boolean _isAuthenticated(
      HttpServletRequest request, String serviceUrl)
      throws IOException {

      boolean authenticated = false;

      // Short-circuit the test if all of the SSO cookies are missing
      String[] cookieNames = _getCookieNames(serviceUrl);

      int cookieCount = 0;
      for (String cookieName : cookieNames) {
      if (CookieUtil.get(request, cookieName) != null)

      { cookieCount++; }

      }

      if (cookieCount == 0)

      { _log.warn("Request has no SSO cookies. User is not logged in."); return false; }

      String url = serviceUrl + _VALIDATE_TOKEN;

      URL urlObj = new URL(url);

      HttpURLConnection urlc = (HttpURLConnection)urlObj.openConnection();

      ...

        Attachments

          Activity

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years, 38 weeks ago