1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.servlet.filters.sso.opensso;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.util.GetterUtil;
20  import com.liferay.portal.kernel.util.HttpUtil;
21  import com.liferay.portal.kernel.util.ParamUtil;
22  import com.liferay.portal.kernel.util.PropsKeys;
23  import com.liferay.portal.kernel.util.Validator;
24  import com.liferay.portal.servlet.filters.BasePortalFilter;
25  import com.liferay.portal.util.PortalUtil;
26  import com.liferay.portal.util.PrefsPropsUtil;
27  import com.liferay.portal.util.PropsValues;
28  
29  import javax.servlet.FilterChain;
30  import javax.servlet.http.HttpServletRequest;
31  import javax.servlet.http.HttpServletResponse;
32  import javax.servlet.http.HttpSession;
33  
34  /**
35   * <a href="OpenSSOFilter.java.html"><b><i>View Source</i></b></a>
36   *
37   * @author Brian Wing Shun Chan
38   * @author Raymond Augé
39   * @author Prashant Dighe
40   */
41  public class OpenSSOFilter extends BasePortalFilter {
42  
43      protected void processFilter(
44              HttpServletRequest request, HttpServletResponse response,
45              FilterChain filterChain)
46          throws Exception {
47  
48          long companyId = PortalUtil.getCompanyId(request);
49  
50          boolean enabled = PrefsPropsUtil.getBoolean(
51              companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
52              PropsValues.OPEN_SSO_AUTH_ENABLED);
53          String loginUrl = PrefsPropsUtil.getString(
54              companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
55              PropsValues.OPEN_SSO_LOGIN_URL);
56          String logoutUrl = PrefsPropsUtil.getString(
57              companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
58              PropsValues.OPEN_SSO_LOGOUT_URL);
59          String serviceUrl = PrefsPropsUtil.getString(
60              companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
61              PropsValues.OPEN_SSO_SERVICE_URL);
62  
63          if (!enabled || Validator.isNull(loginUrl) ||
64              Validator.isNull(logoutUrl) || Validator.isNull(serviceUrl)) {
65  
66              processFilter(OpenSSOFilter.class, request, response, filterChain);
67  
68              return;
69          }
70  
71          String requestURI = GetterUtil.getString(request.getRequestURI());
72  
73          if (requestURI.endsWith("/portal/logout")) {
74              HttpSession session = request.getSession();
75  
76              session.invalidate();
77  
78              response.sendRedirect(logoutUrl);
79          }
80          else {
81              boolean authenticated = false;
82  
83              try {
84  
85                  // LEP-5943
86  
87                  authenticated = OpenSSOUtil.isAuthenticated(
88                      request, serviceUrl);
89              }
90              catch (Exception e) {
91                  _log.error(e, e);
92  
93                  processFilter(
94                      OpenSSOFilter.class, request, response, filterChain);
95  
96                  return;
97              }
98  
99              if (authenticated) {
100 
101                 // LEP-5943
102 
103                 String newSubjectId = OpenSSOUtil.getSubjectId(
104                     request, serviceUrl);
105 
106                 HttpSession session = request.getSession();
107 
108                 String oldSubjectId = (String)session.getAttribute(
109                     _SUBJECT_ID_KEY);
110 
111                 if (oldSubjectId == null) {
112                     session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
113                 }
114                 else if (!newSubjectId.equals(oldSubjectId)) {
115                     session.invalidate();
116 
117                     session = request.getSession();
118 
119                     session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
120                 }
121 
122                 processFilter(
123                     OpenSSOFilter.class, request, response, filterChain);
124             }
125             else {
126                 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH ||
127                     !loginUrl.contains("/portal/login")) {
128 
129                     response.sendRedirect(loginUrl);
130 
131                     return;
132                 }
133 
134                 String currentURL = PortalUtil.getCurrentURL(request);
135 
136                 String redirect = currentURL;
137 
138                 if (currentURL.contains("/portal/login")) {
139                     redirect = ParamUtil.getString(request, "redirect");
140 
141                     if (Validator.isNull(redirect)) {
142                         redirect = PortalUtil.getPathMain();
143                     }
144                 }
145 
146                 response.sendRedirect(
147                     loginUrl +
148                         HttpUtil.encodeURL(
149                             "?redirect=" + HttpUtil.encodeURL(redirect)));
150             }
151         }
152     }
153 
154     private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
155 
156     private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
157 
158 }