1
19
20 package com.liferay.portal.servlet.filters.sso.opensso;
21
22 import com.liferay.portal.kernel.log.Log;
23 import com.liferay.portal.kernel.log.LogFactoryUtil;
24 import com.liferay.portal.kernel.util.GetterUtil;
25 import com.liferay.portal.kernel.util.Validator;
26 import com.liferay.portal.servlet.filters.BasePortalFilter;
27 import com.liferay.portal.util.PortalUtil;
28 import com.liferay.portal.util.PrefsPropsUtil;
29 import com.liferay.portal.util.PropsKeys;
30 import com.liferay.portal.util.PropsValues;
31
32 import javax.servlet.FilterChain;
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
35 import javax.servlet.http.HttpSession;
36
37
45 public class OpenSSOFilter extends BasePortalFilter {
46
47 protected void processFilter(
48 HttpServletRequest request, HttpServletResponse response,
49 FilterChain filterChain) {
50
51 try {
52 long companyId = PortalUtil.getCompanyId(request);
53
54 boolean enabled = PrefsPropsUtil.getBoolean(
55 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
56 PropsValues.OPEN_SSO_AUTH_ENABLED);
57 String loginUrl = PrefsPropsUtil.getString(
58 companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
59 PropsValues.OPEN_SSO_LOGIN_URL);
60 String logoutUrl = PrefsPropsUtil.getString(
61 companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
62 PropsValues.OPEN_SSO_LOGOUT_URL);
63 String serviceUrl = PrefsPropsUtil.getString(
64 companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
65 PropsValues.OPEN_SSO_SERVICE_URL);
66
67 if (!enabled || Validator.isNull(loginUrl) ||
68 Validator.isNull(logoutUrl) || Validator.isNull(serviceUrl)) {
69
70 processFilter(
71 OpenSSOFilter.class, request, response, filterChain);
72
73 return;
74 }
75
76 String requestURI = GetterUtil.getString(request.getRequestURI());
77
78 if (requestURI.endsWith("/portal/logout")) {
79 HttpSession httpSes = request.getSession();
80
81 httpSes.invalidate();
82
83 response.sendRedirect(logoutUrl);
84 }
85 else {
86 boolean authenticated = false;
87
88 try {
89
90
92 authenticated = OpenSSOUtil.isAuthenticated(
93 request, serviceUrl);
94 }
95 catch (Exception e) {
96 _log.error(e, e);
97
98 processFilter(
99 OpenSSOFilter.class, request, response, filterChain);
100
101 return;
102 }
103
104 if (authenticated) {
105
106
108 String newSubjectId = OpenSSOUtil.getSubjectId(
109 request, serviceUrl);
110
111 HttpSession httpSes = request.getSession();
112
113 String oldSubjectId = (String)httpSes.getAttribute(
114 _SUBJECT_ID_KEY);
115
116 if (oldSubjectId == null) {
117 httpSes.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
118 }
119 else if (!newSubjectId.equals(oldSubjectId)) {
120 httpSes.invalidate();
121
122 httpSes = request.getSession();
123
124 httpSes.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
125 }
126
127 processFilter(
128 OpenSSOFilter.class, request, response, filterChain);
129 }
130 else {
131 response.sendRedirect(loginUrl);
132 }
133 }
134 }
135 catch (Exception e) {
136 _log.error(e, e);
137 }
138 }
139
140 private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
141
142 private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
143
144 }