001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet.filters.sso.opensso;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.kernel.util.HttpUtil;
021    import com.liferay.portal.kernel.util.ParamUtil;
022    import com.liferay.portal.kernel.util.PropsKeys;
023    import com.liferay.portal.kernel.util.Validator;
024    import com.liferay.portal.servlet.filters.BasePortalFilter;
025    import com.liferay.portal.util.PortalUtil;
026    import com.liferay.portal.util.PrefsPropsUtil;
027    import com.liferay.portal.util.PropsValues;
028    
029    import javax.servlet.FilterChain;
030    import javax.servlet.http.HttpServletRequest;
031    import javax.servlet.http.HttpServletResponse;
032    import javax.servlet.http.HttpSession;
033    
034    /**
035     * @author Brian Wing Shun Chan
036     * @author Raymond Augé
037     * @author Prashant Dighe
038     * @author Hugo Huijser
039     */
040    public class OpenSSOFilter extends BasePortalFilter {
041    
042            @Override
043            public boolean isFilterEnabled(
044                    HttpServletRequest request, HttpServletResponse response) {
045    
046                    try {
047                            long companyId = PortalUtil.getCompanyId(request);
048    
049                            boolean enabled = PrefsPropsUtil.getBoolean(
050                                    companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
051                                    PropsValues.OPEN_SSO_AUTH_ENABLED);
052                            String loginUrl = PrefsPropsUtil.getString(
053                                    companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
054                                    PropsValues.OPEN_SSO_LOGIN_URL);
055                            String logoutUrl = PrefsPropsUtil.getString(
056                                    companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
057                                    PropsValues.OPEN_SSO_LOGOUT_URL);
058                            String serviceUrl = PrefsPropsUtil.getString(
059                                    companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
060                                    PropsValues.OPEN_SSO_SERVICE_URL);
061    
062                            if (enabled && Validator.isNotNull(loginUrl) &&
063                                    Validator.isNotNull(logoutUrl) &&
064                                    Validator.isNotNull(serviceUrl)) {
065    
066                                    return true;
067                            }
068                    }
069                    catch (Exception e) {
070                            _log.error(e, e);
071                    }
072    
073                    return false;
074            }
075    
076            @Override
077            protected void processFilter(
078                            HttpServletRequest request, HttpServletResponse response,
079                            FilterChain filterChain)
080                    throws Exception {
081    
082                    long companyId = PortalUtil.getCompanyId(request);
083    
084                    String loginUrl = PrefsPropsUtil.getString(
085                            companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
086                            PropsValues.OPEN_SSO_LOGIN_URL);
087                    String logoutUrl = PrefsPropsUtil.getString(
088                            companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
089                            PropsValues.OPEN_SSO_LOGOUT_URL);
090                    String serviceUrl = PrefsPropsUtil.getString(
091                            companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
092                            PropsValues.OPEN_SSO_SERVICE_URL);
093    
094                    String requestURI = GetterUtil.getString(request.getRequestURI());
095    
096                    if (requestURI.endsWith("/portal/logout")) {
097                            HttpSession session = request.getSession();
098    
099                            session.invalidate();
100    
101                            response.sendRedirect(logoutUrl);
102    
103                            return;
104                    }
105    
106                    boolean authenticated = false;
107    
108                    try {
109    
110                            // LEP-5943
111    
112                            authenticated = OpenSSOUtil.isAuthenticated(request, serviceUrl);
113                    }
114                    catch (Exception e) {
115                            _log.error(e, e);
116    
117                            processFilter(OpenSSOFilter.class, request, response, filterChain);
118    
119                            return;
120                    }
121    
122                    if (authenticated) {
123    
124                            // LEP-5943
125    
126                            String newSubjectId = OpenSSOUtil.getSubjectId(request, serviceUrl);
127    
128                            HttpSession session = request.getSession();
129    
130                            String oldSubjectId = (String)session.getAttribute(_SUBJECT_ID_KEY);
131    
132                            if (oldSubjectId == null) {
133                                    session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
134                            }
135                            else if (!newSubjectId.equals(oldSubjectId)) {
136                                    session.invalidate();
137    
138                                    session = request.getSession();
139    
140                                    session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
141                            }
142    
143                            processFilter(OpenSSOFilter.class, request, response, filterChain);
144    
145                            return;
146                    }
147    
148                    if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH ||
149                            !loginUrl.contains("/portal/login")) {
150    
151                            response.sendRedirect(loginUrl);
152    
153                            return;
154                    }
155    
156                    String currentURL = PortalUtil.getCurrentURL(request);
157    
158                    String redirect = currentURL;
159    
160                    if (currentURL.contains("/portal/login")) {
161                            redirect = ParamUtil.getString(request, "redirect");
162    
163                            if (Validator.isNull(redirect)) {
164                                    redirect = PortalUtil.getPathMain();
165                            }
166                    }
167    
168                    redirect =
169                            loginUrl +
170                                    HttpUtil.encodeURL("?redirect=" + HttpUtil.encodeURL(redirect));
171    
172                    response.sendRedirect(redirect);
173            }
174    
175            private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
176    
177            private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
178    
179    }