1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.servlet.filters.sso.opensso;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.util.GetterUtil;
20  import com.liferay.portal.kernel.util.HttpUtil;
21  import com.liferay.portal.kernel.util.ParamUtil;
22  import com.liferay.portal.kernel.util.PropsKeys;
23  import com.liferay.portal.kernel.util.Validator;
24  import com.liferay.portal.servlet.filters.BasePortalFilter;
25  import com.liferay.portal.util.PortalUtil;
26  import com.liferay.portal.util.PrefsPropsUtil;
27  import com.liferay.portal.util.PropsValues;
28  
29  import javax.servlet.FilterChain;
30  import javax.servlet.http.HttpServletRequest;
31  import javax.servlet.http.HttpServletResponse;
32  import javax.servlet.http.HttpSession;
33  
34  /**
35   * <a href="OpenSSOFilter.java.html"><b><i>View Source</i></b></a>
36   *
37   * @author Brian Wing Shun Chan
38   * @author Raymond Augé
39   * @author Prashant Dighe
40   */
41  public class OpenSSOFilter extends BasePortalFilter {
42  
43      protected void processFilter(
44              HttpServletRequest request, HttpServletResponse response,
45              FilterChain filterChain)
46          throws Exception {
47  
48          long companyId = PortalUtil.getCompanyId(request);
49  
50          boolean enabled = PrefsPropsUtil.getBoolean(
51              companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
52              PropsValues.OPEN_SSO_AUTH_ENABLED);
53          String loginUrl = PrefsPropsUtil.getString(
54              companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
55              PropsValues.OPEN_SSO_LOGIN_URL);
56          String logoutUrl = PrefsPropsUtil.getString(
57              companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
58              PropsValues.OPEN_SSO_LOGOUT_URL);
59          String serviceUrl = PrefsPropsUtil.getString(
60              companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
61              PropsValues.OPEN_SSO_SERVICE_URL);
62  
63          if (!enabled || Validator.isNull(loginUrl) ||
64              Validator.isNull(logoutUrl) || Validator.isNull(serviceUrl)) {
65  
66              processFilter(OpenSSOFilter.class, request, response, filterChain);
67  
68              return;
69          }
70  
71          String requestURI = GetterUtil.getString(request.getRequestURI());
72  
73          if (requestURI.endsWith("/portal/logout")) {
74              HttpSession session = request.getSession();
75  
76              session.invalidate();
77  
78              response.sendRedirect(logoutUrl);
79          }
80          else {
81              boolean authenticated = false;
82  
83              try {
84  
85                  // LEP-5943
86  
87                  authenticated = OpenSSOUtil.isAuthenticated(
88                      request, serviceUrl);
89              }
90              catch (Exception e) {
91                  _log.error(e, e);
92  
93                  processFilter(
94                      OpenSSOFilter.class, request, response, filterChain);
95  
96                  return;
97              }
98  
99              if (authenticated) {
100 
101                 // LEP-5943
102 
103                 String newSubjectId = OpenSSOUtil.getSubjectId(
104                     request, serviceUrl);
105 
106                 HttpSession session = request.getSession();
107 
108                 String oldSubjectId = (String)session.getAttribute(
109                     _SUBJECT_ID_KEY);
110 
111                 if (oldSubjectId == null) {
112                     session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
113                 }
114                 else if (!newSubjectId.equals(oldSubjectId)) {
115                     session.invalidate();
116 
117                     session = request.getSession();
118 
119                     session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
120                 }
121 
122                 processFilter(
123                     OpenSSOFilter.class, request, response, filterChain);
124             }
125             else {
126                 if (!loginUrl.contains("/portal/login")) {
127                     response.sendRedirect(loginUrl);
128 
129                     return;
130                 }
131 
132                 String currentURL = PortalUtil.getCurrentURL(request);
133 
134                 String redirect = currentURL;
135 
136                 if (currentURL.contains("/portal/login")) {
137                     redirect = ParamUtil.getString(request, "redirect");
138 
139                     if (Validator.isNull(redirect)) {
140                         redirect = PortalUtil.getPathMain();
141                     }
142                 }
143 
144                 response.sendRedirect(
145                     loginUrl +
146                         HttpUtil.encodeURL(
147                             "?redirect=" + HttpUtil.encodeURL(redirect)));
148             }
149         }
150     }
151 
152     private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
153 
154     private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
155 
156 }