1
14
15 package com.liferay.portal.servlet.filters.sso.opensso;
16
17 import com.liferay.portal.kernel.log.Log;
18 import com.liferay.portal.kernel.log.LogFactoryUtil;
19 import com.liferay.portal.kernel.util.GetterUtil;
20 import com.liferay.portal.kernel.util.HttpUtil;
21 import com.liferay.portal.kernel.util.ParamUtil;
22 import com.liferay.portal.kernel.util.PropsKeys;
23 import com.liferay.portal.kernel.util.Validator;
24 import com.liferay.portal.servlet.filters.BasePortalFilter;
25 import com.liferay.portal.util.PortalUtil;
26 import com.liferay.portal.util.PrefsPropsUtil;
27 import com.liferay.portal.util.PropsValues;
28
29 import javax.servlet.FilterChain;
30 import javax.servlet.http.HttpServletRequest;
31 import javax.servlet.http.HttpServletResponse;
32 import javax.servlet.http.HttpSession;
33
34
41 public class OpenSSOFilter extends BasePortalFilter {
42
43 protected void processFilter(
44 HttpServletRequest request, HttpServletResponse response,
45 FilterChain filterChain)
46 throws Exception {
47
48 long companyId = PortalUtil.getCompanyId(request);
49
50 boolean enabled = PrefsPropsUtil.getBoolean(
51 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
52 PropsValues.OPEN_SSO_AUTH_ENABLED);
53 String loginUrl = PrefsPropsUtil.getString(
54 companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
55 PropsValues.OPEN_SSO_LOGIN_URL);
56 String logoutUrl = PrefsPropsUtil.getString(
57 companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
58 PropsValues.OPEN_SSO_LOGOUT_URL);
59 String serviceUrl = PrefsPropsUtil.getString(
60 companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
61 PropsValues.OPEN_SSO_SERVICE_URL);
62
63 if (!enabled || Validator.isNull(loginUrl) ||
64 Validator.isNull(logoutUrl) || Validator.isNull(serviceUrl)) {
65
66 processFilter(OpenSSOFilter.class, request, response, filterChain);
67
68 return;
69 }
70
71 String requestURI = GetterUtil.getString(request.getRequestURI());
72
73 if (requestURI.endsWith("/portal/logout")) {
74 HttpSession session = request.getSession();
75
76 session.invalidate();
77
78 response.sendRedirect(logoutUrl);
79 }
80 else {
81 boolean authenticated = false;
82
83 try {
84
85
87 authenticated = OpenSSOUtil.isAuthenticated(
88 request, serviceUrl);
89 }
90 catch (Exception e) {
91 _log.error(e, e);
92
93 processFilter(
94 OpenSSOFilter.class, request, response, filterChain);
95
96 return;
97 }
98
99 if (authenticated) {
100
101
103 String newSubjectId = OpenSSOUtil.getSubjectId(
104 request, serviceUrl);
105
106 HttpSession session = request.getSession();
107
108 String oldSubjectId = (String)session.getAttribute(
109 _SUBJECT_ID_KEY);
110
111 if (oldSubjectId == null) {
112 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
113 }
114 else if (!newSubjectId.equals(oldSubjectId)) {
115 session.invalidate();
116
117 session = request.getSession();
118
119 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
120 }
121
122 processFilter(
123 OpenSSOFilter.class, request, response, filterChain);
124 }
125 else {
126 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH ||
127 !loginUrl.contains("/portal/login")) {
128
129 response.sendRedirect(loginUrl);
130
131 return;
132 }
133
134 String currentURL = PortalUtil.getCurrentURL(request);
135
136 String redirect = currentURL;
137
138 if (currentURL.contains("/portal/login")) {
139 redirect = ParamUtil.getString(request, "redirect");
140
141 if (Validator.isNull(redirect)) {
142 redirect = PortalUtil.getPathMain();
143 }
144 }
145
146 response.sendRedirect(
147 loginUrl +
148 HttpUtil.encodeURL(
149 "?redirect=" + HttpUtil.encodeURL(redirect)));
150 }
151 }
152 }
153
154 private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
155
156 private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
157
158 }