1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.servlet.filters.sso.opensso;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.util.GetterUtil;
20  import com.liferay.portal.kernel.util.PropsKeys;
21  import com.liferay.portal.kernel.util.Validator;
22  import com.liferay.portal.servlet.filters.BasePortalFilter;
23  import com.liferay.portal.util.PortalUtil;
24  import com.liferay.portal.util.PrefsPropsUtil;
25  import com.liferay.portal.util.PropsValues;
26  
27  import javax.servlet.FilterChain;
28  import javax.servlet.http.HttpServletRequest;
29  import javax.servlet.http.HttpServletResponse;
30  import javax.servlet.http.HttpSession;
31  
32  /**
33   * <a href="OpenSSOFilter.java.html"><b><i>View Source</i></b></a>
34   *
35   * @author Brian Wing Shun Chan
36   * @author Raymond Augé
37   * @author Prashant Dighe
38   */
39  public class OpenSSOFilter extends BasePortalFilter {
40  
41      protected void processFilter(
42              HttpServletRequest request, HttpServletResponse response,
43              FilterChain filterChain)
44          throws Exception {
45  
46          long companyId = PortalUtil.getCompanyId(request);
47  
48          boolean enabled = PrefsPropsUtil.getBoolean(
49              companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
50              PropsValues.OPEN_SSO_AUTH_ENABLED);
51          String loginUrl = PrefsPropsUtil.getString(
52              companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
53              PropsValues.OPEN_SSO_LOGIN_URL);
54          String logoutUrl = PrefsPropsUtil.getString(
55              companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
56              PropsValues.OPEN_SSO_LOGOUT_URL);
57          String serviceUrl = PrefsPropsUtil.getString(
58              companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
59              PropsValues.OPEN_SSO_SERVICE_URL);
60  
61          if (!enabled || Validator.isNull(loginUrl) ||
62              Validator.isNull(logoutUrl) || Validator.isNull(serviceUrl)) {
63  
64              processFilter(OpenSSOFilter.class, request, response, filterChain);
65  
66              return;
67          }
68  
69          String requestURI = GetterUtil.getString(request.getRequestURI());
70  
71          if (requestURI.endsWith("/portal/logout")) {
72              HttpSession session = request.getSession();
73  
74              session.invalidate();
75  
76              response.sendRedirect(logoutUrl);
77          }
78          else {
79              boolean authenticated = false;
80  
81              try {
82  
83                  // LEP-5943
84  
85                  authenticated = OpenSSOUtil.isAuthenticated(
86                      request, serviceUrl);
87              }
88              catch (Exception e) {
89                  _log.error(e, e);
90  
91                  processFilter(
92                      OpenSSOFilter.class, request, response, filterChain);
93  
94                  return;
95              }
96  
97              if (authenticated) {
98  
99                  // LEP-5943
100 
101                 String newSubjectId = OpenSSOUtil.getSubjectId(
102                     request, serviceUrl);
103 
104                 HttpSession session = request.getSession();
105 
106                 String oldSubjectId = (String)session.getAttribute(
107                     _SUBJECT_ID_KEY);
108 
109                 if (oldSubjectId == null) {
110                     session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
111                 }
112                 else if (!newSubjectId.equals(oldSubjectId)) {
113                     session.invalidate();
114 
115                     session = request.getSession();
116 
117                     session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
118                 }
119 
120                 processFilter(
121                     OpenSSOFilter.class, request, response, filterChain);
122             }
123             else {
124                 response.sendRedirect(loginUrl);
125             }
126         }
127     }
128 
129     private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
130 
131     private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
132 
133 }