1
14
15 package com.liferay.portal.servlet.filters.sso.cas;
16
17 import com.liferay.portal.kernel.log.Log;
18 import com.liferay.portal.kernel.log.LogFactoryUtil;
19 import com.liferay.portal.kernel.util.HttpUtil;
20 import com.liferay.portal.kernel.util.ParamUtil;
21 import com.liferay.portal.kernel.util.PropsKeys;
22 import com.liferay.portal.kernel.util.Validator;
23 import com.liferay.portal.servlet.filters.BasePortalFilter;
24 import com.liferay.portal.util.PortalUtil;
25 import com.liferay.portal.util.PrefsPropsUtil;
26 import com.liferay.portal.util.PropsValues;
27
28 import java.util.HashMap;
29 import java.util.Map;
30 import java.util.concurrent.ConcurrentHashMap;
31
32 import javax.servlet.FilterChain;
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
35 import javax.servlet.http.HttpSession;
36
37 import org.jasig.cas.client.authentication.AttributePrincipal;
38 import org.jasig.cas.client.util.CommonUtils;
39 import org.jasig.cas.client.validation.Assertion;
40 import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
41 import org.jasig.cas.client.validation.TicketValidator;
42
43
52 public class CASFilter extends BasePortalFilter {
53
54 public static String LOGIN = CASFilter.class.getName() + "LOGIN";
55
56 public static void reload(long companyId) {
57 _ticketValidators.remove(companyId);
58 }
59
60 protected Log getLog() {
61 return _log;
62 }
63
64 protected TicketValidator getTicketValidator(long companyId)
65 throws Exception {
66
67 TicketValidator ticketValidator = _ticketValidators.get(companyId);
68
69 if (ticketValidator != null) {
70 return ticketValidator;
71 }
72
73 String serverName = PrefsPropsUtil.getString(
74 companyId, PropsKeys.CAS_SERVER_NAME, PropsValues.CAS_SERVER_NAME);
75 String serverUrl = PrefsPropsUtil.getString(
76 companyId, PropsKeys.CAS_SERVER_URL, PropsValues.CAS_SERVER_URL);
77 String loginUrl = PrefsPropsUtil.getString(
78 companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL);
79
80 Cas20ProxyTicketValidator cas20ProxyTicketValidator =
81 new Cas20ProxyTicketValidator(serverUrl);
82
83 Map<String, String> parameters = new HashMap<String, String>();
84
85 parameters.put("serverName", serverName);
86 parameters.put("casServerUrlPrefix", serverUrl);
87 parameters.put("casServerLoginUrl", loginUrl);
88 parameters.put("redirectAfterValidation", "false");
89
90 cas20ProxyTicketValidator.setCustomParameters(parameters);
91
92 _ticketValidators.put(companyId, cas20ProxyTicketValidator);
93
94 return cas20ProxyTicketValidator;
95 }
96
97 protected void processFilter(
98 HttpServletRequest request, HttpServletResponse response,
99 FilterChain filterChain)
100 throws Exception {
101
102 long companyId = PortalUtil.getCompanyId(request);
103
104 if (PrefsPropsUtil.getBoolean(
105 companyId, PropsKeys.CAS_AUTH_ENABLED,
106 PropsValues.CAS_AUTH_ENABLED)) {
107
108 HttpSession session = request.getSession();
109
110 String pathInfo = request.getPathInfo();
111
112 if (pathInfo.indexOf("/portal/logout") != -1) {
113 session.invalidate();
114
115 String logoutUrl = PrefsPropsUtil.getString(
116 companyId, PropsKeys.CAS_LOGOUT_URL,
117 PropsValues.CAS_LOGOUT_URL);
118
119 response.sendRedirect(logoutUrl);
120
121 return;
122 }
123 else {
124 String login = (String)session.getAttribute(LOGIN);
125
126 String serverName = PrefsPropsUtil.getString(
127 companyId, PropsKeys.CAS_SERVER_NAME,
128 PropsValues.CAS_SERVER_NAME);
129
130 String serviceUrl = PrefsPropsUtil.getString(
131 companyId, PropsKeys.CAS_SERVICE_URL,
132 PropsValues.CAS_SERVICE_URL);
133
134 if (Validator.isNull(serviceUrl)) {
135 serviceUrl = CommonUtils.constructServiceUrl(
136 request, response, serviceUrl, serverName, "ticket",
137 false);
138 }
139
140 String ticket = ParamUtil.getString(request, "ticket");
141
142 if (Validator.isNull(ticket)) {
143 if (Validator.isNotNull(login)) {
144 processFilter(
145 CASFilter.class, request, response, filterChain);
146 }
147 else {
148 String loginUrl = PrefsPropsUtil.getString(
149 companyId, PropsKeys.CAS_LOGIN_URL,
150 PropsValues.CAS_LOGIN_URL);
151
152 loginUrl = HttpUtil.addParameter(
153 loginUrl, "service", serviceUrl);
154
155 response.sendRedirect(loginUrl);
156 }
157
158 return;
159 }
160
161 TicketValidator ticketValidator = getTicketValidator(
162 companyId);
163
164 Assertion assertion = ticketValidator.validate(
165 ticket, serviceUrl);
166
167 if (assertion != null) {
168 AttributePrincipal attributePrincipal =
169 assertion.getPrincipal();
170
171 login = attributePrincipal.getName();
172
173 session.setAttribute(LOGIN, login);
174 }
175 }
176 }
177
178 processFilter(CASFilter.class, request, response, filterChain);
179 }
180
181 private static Log _log = LogFactoryUtil.getLog(CASFilter.class);
182
183 private static Map<Long, TicketValidator> _ticketValidators =
184 new ConcurrentHashMap<Long, TicketValidator>();
185
186 }