1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.servlet.filters.sso.cas;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.util.HttpUtil;
20  import com.liferay.portal.kernel.util.ParamUtil;
21  import com.liferay.portal.kernel.util.PropsKeys;
22  import com.liferay.portal.kernel.util.Validator;
23  import com.liferay.portal.servlet.filters.BasePortalFilter;
24  import com.liferay.portal.util.PortalUtil;
25  import com.liferay.portal.util.PrefsPropsUtil;
26  import com.liferay.portal.util.PropsValues;
27  
28  import java.util.HashMap;
29  import java.util.Map;
30  import java.util.concurrent.ConcurrentHashMap;
31  
32  import javax.servlet.FilterChain;
33  import javax.servlet.http.HttpServletRequest;
34  import javax.servlet.http.HttpServletResponse;
35  import javax.servlet.http.HttpSession;
36  
37  import org.jasig.cas.client.authentication.AttributePrincipal;
38  import org.jasig.cas.client.util.CommonUtils;
39  import org.jasig.cas.client.validation.Assertion;
40  import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
41  import org.jasig.cas.client.validation.TicketValidator;
42  
43  /**
44   * <a href="CASFilter.java.html"><b><i>View Source</i></b></a>
45   *
46   * @author Michael Young
47   * @author Brian Wing Shun Chan
48   * @author Raymond Augé
49   * @author Tina Tian
50   * @author Zsolt Balogh
51   */
52  public class CASFilter extends BasePortalFilter {
53  
54      public static String LOGIN = CASFilter.class.getName() + "LOGIN";
55  
56      public static void reload(long companyId) {
57          _ticketValidators.remove(companyId);
58      }
59  
60      protected Log getLog() {
61          return _log;
62      }
63  
64      protected TicketValidator getTicketValidator(long companyId)
65          throws Exception {
66  
67          TicketValidator ticketValidator = _ticketValidators.get(companyId);
68  
69          if (ticketValidator != null) {
70              return ticketValidator;
71          }
72  
73          String serverName = PrefsPropsUtil.getString(
74              companyId, PropsKeys.CAS_SERVER_NAME, PropsValues.CAS_SERVER_NAME);
75          String serverUrl = PrefsPropsUtil.getString(
76              companyId, PropsKeys.CAS_SERVER_URL, PropsValues.CAS_SERVER_URL);
77          String loginUrl = PrefsPropsUtil.getString(
78              companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL);
79  
80          Cas20ProxyTicketValidator cas20ProxyTicketValidator =
81              new Cas20ProxyTicketValidator(serverUrl);
82  
83          Map<String, String> parameters = new HashMap<String, String>();
84  
85          parameters.put("serverName", serverName);
86          parameters.put("casServerUrlPrefix", serverUrl);
87          parameters.put("casServerLoginUrl", loginUrl);
88          parameters.put("redirectAfterValidation", "false");
89  
90          cas20ProxyTicketValidator.setCustomParameters(parameters);
91  
92          _ticketValidators.put(companyId, cas20ProxyTicketValidator);
93  
94          return cas20ProxyTicketValidator;
95      }
96  
97      protected void processFilter(
98              HttpServletRequest request, HttpServletResponse response,
99              FilterChain filterChain)
100         throws Exception {
101 
102         long companyId = PortalUtil.getCompanyId(request);
103 
104         if (PrefsPropsUtil.getBoolean(
105                 companyId, PropsKeys.CAS_AUTH_ENABLED,
106                 PropsValues.CAS_AUTH_ENABLED)) {
107 
108             HttpSession session = request.getSession();
109 
110             String pathInfo = request.getPathInfo();
111 
112             if (pathInfo.indexOf("/portal/logout") != -1) {
113                 session.invalidate();
114 
115                 String logoutUrl = PrefsPropsUtil.getString(
116                     companyId, PropsKeys.CAS_LOGOUT_URL,
117                     PropsValues.CAS_LOGOUT_URL);
118 
119                 response.sendRedirect(logoutUrl);
120 
121                 return;
122             }
123             else {
124                 String login = (String)session.getAttribute(LOGIN);
125 
126                 String serverName = PrefsPropsUtil.getString(
127                     companyId, PropsKeys.CAS_SERVER_NAME,
128                     PropsValues.CAS_SERVER_NAME);
129 
130                 String serviceUrl = PrefsPropsUtil.getString(
131                     companyId, PropsKeys.CAS_SERVICE_URL,
132                     PropsValues.CAS_SERVICE_URL);
133 
134                 if (Validator.isNull(serviceUrl)) {
135                     serviceUrl = CommonUtils.constructServiceUrl(
136                         request, response, serviceUrl, serverName, "ticket",
137                         false);
138                 }
139 
140                 String ticket = ParamUtil.getString(request, "ticket");
141 
142                 if (Validator.isNull(ticket)) {
143                     if (Validator.isNotNull(login)) {
144                         processFilter(
145                             CASFilter.class, request, response, filterChain);
146                     }
147                     else {
148                         String loginUrl = PrefsPropsUtil.getString(
149                             companyId, PropsKeys.CAS_LOGIN_URL,
150                             PropsValues.CAS_LOGIN_URL);
151 
152                         loginUrl = HttpUtil.addParameter(
153                             loginUrl, "service", serviceUrl);
154 
155                         response.sendRedirect(loginUrl);
156                     }
157 
158                     return;
159                 }
160 
161                 TicketValidator ticketValidator = getTicketValidator(
162                     companyId);
163 
164                 Assertion assertion = ticketValidator.validate(
165                     ticket, serviceUrl);
166 
167                 if (assertion != null) {
168                     AttributePrincipal attributePrincipal =
169                         assertion.getPrincipal();
170 
171                     login = attributePrincipal.getName();
172 
173                     session.setAttribute(LOGIN, login);
174                 }
175             }
176         }
177 
178         processFilter(CASFilter.class, request, response, filterChain);
179     }
180 
181     private static Log _log = LogFactoryUtil.getLog(CASFilter.class);
182 
183     private static Map<Long, TicketValidator> _ticketValidators =
184         new ConcurrentHashMap<Long, TicketValidator>();
185 
186 }