1
22
23 package com.liferay.portal.servlet.filters.sso.opensso;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.util.GetterUtil;
28 import com.liferay.portal.kernel.util.Validator;
29 import com.liferay.portal.servlet.filters.BasePortalFilter;
30 import com.liferay.portal.util.PortalUtil;
31 import com.liferay.portal.util.PrefsPropsUtil;
32 import com.liferay.portal.util.PropsKeys;
33 import com.liferay.portal.util.PropsValues;
34
35 import javax.servlet.FilterChain;
36 import javax.servlet.http.HttpServletRequest;
37 import javax.servlet.http.HttpServletResponse;
38 import javax.servlet.http.HttpSession;
39
40
48 public class OpenSSOFilter extends BasePortalFilter {
49
50 protected void processFilter(
51 HttpServletRequest request, HttpServletResponse response,
52 FilterChain filterChain) {
53
54 try {
55 long companyId = PortalUtil.getCompanyId(request);
56
57 boolean enabled = PrefsPropsUtil.getBoolean(
58 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
59 PropsValues.OPEN_SSO_AUTH_ENABLED);
60 String loginUrl = PrefsPropsUtil.getString(
61 companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
62 PropsValues.OPEN_SSO_LOGIN_URL);
63 String logoutUrl = PrefsPropsUtil.getString(
64 companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
65 PropsValues.OPEN_SSO_LOGOUT_URL);
66 String serviceUrl = PrefsPropsUtil.getString(
67 companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
68 PropsValues.OPEN_SSO_SERVICE_URL);
69
70 if (!enabled || Validator.isNull(loginUrl) ||
71 Validator.isNull(logoutUrl) || Validator.isNull(serviceUrl)) {
72
73 processFilter(
74 OpenSSOFilter.class, request, response, filterChain);
75
76 return;
77 }
78
79 String requestURI = GetterUtil.getString(request.getRequestURI());
80
81 if (requestURI.endsWith("/portal/logout")) {
82 HttpSession httpSes = request.getSession();
83
84 httpSes.invalidate();
85
86 response.sendRedirect(logoutUrl);
87 }
88 else {
89 boolean authenticated = false;
90
91 try {
92
93
95 authenticated = OpenSSOUtil.isAuthenticated(
96 request, serviceUrl);
97 }
98 catch (Exception e) {
99 _log.error(e, e);
100
101 processFilter(
102 OpenSSOFilter.class, request, response, filterChain);
103
104 return;
105 }
106
107 if (authenticated) {
108
109
111 String newSubjectId = OpenSSOUtil.getSubjectId(
112 request, serviceUrl);
113
114 HttpSession httpSes = request.getSession();
115
116 String oldSubjectId = (String)httpSes.getAttribute(
117 _SUBJECT_ID_KEY);
118
119 if (oldSubjectId == null) {
120 httpSes.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
121 }
122 else if (!newSubjectId.equals(oldSubjectId)) {
123 httpSes.invalidate();
124
125 httpSes = request.getSession();
126
127 httpSes.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
128 }
129
130 processFilter(
131 OpenSSOFilter.class, request, response, filterChain);
132 }
133 else {
134 response.sendRedirect(loginUrl);
135 }
136 }
137 }
138 catch (Exception e) {
139 _log.error(e, e);
140 }
141 }
142
143 private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
144
145 private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
146
147 }