1
14
15 package com.liferay.portal.servlet.filters.sso.opensso;
16
17 import com.liferay.portal.kernel.log.Log;
18 import com.liferay.portal.kernel.log.LogFactoryUtil;
19 import com.liferay.portal.kernel.util.GetterUtil;
20 import com.liferay.portal.kernel.util.PropsKeys;
21 import com.liferay.portal.kernel.util.Validator;
22 import com.liferay.portal.servlet.filters.BasePortalFilter;
23 import com.liferay.portal.util.PortalUtil;
24 import com.liferay.portal.util.PrefsPropsUtil;
25 import com.liferay.portal.util.PropsValues;
26
27 import javax.servlet.FilterChain;
28 import javax.servlet.http.HttpServletRequest;
29 import javax.servlet.http.HttpServletResponse;
30 import javax.servlet.http.HttpSession;
31
32
39 public class OpenSSOFilter extends BasePortalFilter {
40
41 protected void processFilter(
42 HttpServletRequest request, HttpServletResponse response,
43 FilterChain filterChain)
44 throws Exception {
45
46 long companyId = PortalUtil.getCompanyId(request);
47
48 boolean enabled = PrefsPropsUtil.getBoolean(
49 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
50 PropsValues.OPEN_SSO_AUTH_ENABLED);
51 String loginUrl = PrefsPropsUtil.getString(
52 companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
53 PropsValues.OPEN_SSO_LOGIN_URL);
54 String logoutUrl = PrefsPropsUtil.getString(
55 companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
56 PropsValues.OPEN_SSO_LOGOUT_URL);
57 String serviceUrl = PrefsPropsUtil.getString(
58 companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
59 PropsValues.OPEN_SSO_SERVICE_URL);
60
61 if (!enabled || Validator.isNull(loginUrl) ||
62 Validator.isNull(logoutUrl) || Validator.isNull(serviceUrl)) {
63
64 processFilter(OpenSSOFilter.class, request, response, filterChain);
65
66 return;
67 }
68
69 String requestURI = GetterUtil.getString(request.getRequestURI());
70
71 if (requestURI.endsWith("/portal/logout")) {
72 HttpSession session = request.getSession();
73
74 session.invalidate();
75
76 response.sendRedirect(logoutUrl);
77 }
78 else {
79 boolean authenticated = false;
80
81 try {
82
83
85 authenticated = OpenSSOUtil.isAuthenticated(
86 request, serviceUrl);
87 }
88 catch (Exception e) {
89 _log.error(e, e);
90
91 processFilter(
92 OpenSSOFilter.class, request, response, filterChain);
93
94 return;
95 }
96
97 if (authenticated) {
98
99
101 String newSubjectId = OpenSSOUtil.getSubjectId(
102 request, serviceUrl);
103
104 HttpSession session = request.getSession();
105
106 String oldSubjectId = (String)session.getAttribute(
107 _SUBJECT_ID_KEY);
108
109 if (oldSubjectId == null) {
110 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
111 }
112 else if (!newSubjectId.equals(oldSubjectId)) {
113 session.invalidate();
114
115 session = request.getSession();
116
117 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
118 }
119
120 processFilter(
121 OpenSSOFilter.class, request, response, filterChain);
122 }
123 else {
124 response.sendRedirect(loginUrl);
125 }
126 }
127 }
128
129 private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
130
131 private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
132
133 }