1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.servlet.filters.sso.opensso;
21  
22  import com.liferay.portal.kernel.log.Log;
23  import com.liferay.portal.kernel.log.LogFactoryUtil;
24  import com.liferay.portal.kernel.util.GetterUtil;
25  import com.liferay.portal.kernel.util.Validator;
26  import com.liferay.portal.servlet.filters.BasePortalFilter;
27  import com.liferay.portal.util.PortalUtil;
28  import com.liferay.portal.util.PrefsPropsUtil;
29  import com.liferay.portal.util.PropsKeys;
30  import com.liferay.portal.util.PropsValues;
31  
32  import javax.servlet.FilterChain;
33  import javax.servlet.http.HttpServletRequest;
34  import javax.servlet.http.HttpServletResponse;
35  import javax.servlet.http.HttpSession;
36  
37  /**
38   * <a href="OpenSSOFilter.java.html"><b><i>View Source</i></b></a>
39   *
40   * @author Brian Wing Shun Chan
41   * @author Raymond Augé
42   * @author Prashant Dighe
43   *
44   */
45  public class OpenSSOFilter extends BasePortalFilter {
46  
47      protected void processFilter(
48          HttpServletRequest request, HttpServletResponse response,
49          FilterChain filterChain) {
50  
51          try {
52              long companyId = PortalUtil.getCompanyId(request);
53  
54              boolean enabled = PrefsPropsUtil.getBoolean(
55                  companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
56                  PropsValues.OPEN_SSO_AUTH_ENABLED);
57              String loginUrl = PrefsPropsUtil.getString(
58                  companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
59                  PropsValues.OPEN_SSO_LOGIN_URL);
60              String logoutUrl = PrefsPropsUtil.getString(
61                  companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
62                  PropsValues.OPEN_SSO_LOGOUT_URL);
63              String serviceUrl = PrefsPropsUtil.getString(
64                  companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
65                  PropsValues.OPEN_SSO_SERVICE_URL);
66  
67              if (!enabled || Validator.isNull(loginUrl) ||
68                  Validator.isNull(logoutUrl) || Validator.isNull(serviceUrl)) {
69  
70                  processFilter(
71                      OpenSSOFilter.class, request, response, filterChain);
72  
73                  return;
74              }
75  
76              String requestURI = GetterUtil.getString(request.getRequestURI());
77  
78              if (requestURI.endsWith("/portal/logout")) {
79                  HttpSession httpSes = request.getSession();
80  
81                  httpSes.invalidate();
82  
83                  response.sendRedirect(logoutUrl);
84              }
85              else {
86                  boolean authenticated = false;
87  
88                  try {
89  
90                      // LEP-5943
91  
92                      authenticated = OpenSSOUtil.isAuthenticated(
93                          request, serviceUrl);
94                  }
95                  catch (Exception e) {
96                      _log.error(e, e);
97  
98                      processFilter(
99                          OpenSSOFilter.class, request, response, filterChain);
100 
101                     return;
102                 }
103 
104                 if (authenticated) {
105 
106                     // LEP-5943
107 
108                     String newSubjectId = OpenSSOUtil.getSubjectId(
109                         request, serviceUrl);
110 
111                     HttpSession httpSes = request.getSession();
112 
113                     String oldSubjectId = (String)httpSes.getAttribute(
114                         _SUBJECT_ID_KEY);
115 
116                     if (oldSubjectId == null) {
117                         httpSes.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
118                     }
119                     else if (!newSubjectId.equals(oldSubjectId)) {
120                         httpSes.invalidate();
121 
122                         httpSes = request.getSession();
123 
124                         httpSes.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
125                     }
126 
127                     processFilter(
128                         OpenSSOFilter.class, request, response, filterChain);
129                 }
130                 else {
131                     response.sendRedirect(loginUrl);
132                 }
133             }
134         }
135         catch (Exception e) {
136             _log.error(e, e);
137         }
138     }
139 
140     private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
141 
142     private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
143 
144 }