001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet.filters.sso.opensso;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.kernel.util.HttpUtil;
021    import com.liferay.portal.kernel.util.ParamUtil;
022    import com.liferay.portal.kernel.util.PropsKeys;
023    import com.liferay.portal.kernel.util.Validator;
024    import com.liferay.portal.servlet.filters.BasePortalFilter;
025    import com.liferay.portal.util.PortalUtil;
026    import com.liferay.portal.util.PrefsPropsUtil;
027    import com.liferay.portal.util.PropsValues;
028    
029    import javax.servlet.FilterChain;
030    import javax.servlet.http.HttpServletRequest;
031    import javax.servlet.http.HttpServletResponse;
032    import javax.servlet.http.HttpSession;
033    
034    /**
035     * @author Brian Wing Shun Chan
036     * @author Raymond Aug??
037     * @author Prashant Dighe
038     * @author Hugo Huijser
039     */
040    public class OpenSSOFilter extends BasePortalFilter {
041    
042            @Override
043            public boolean isFilterEnabled(
044                    HttpServletRequest request, HttpServletResponse response) {
045    
046                    try {
047                            long companyId = PortalUtil.getCompanyId(request);
048    
049                            boolean enabled = PrefsPropsUtil.getBoolean(
050                                    companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
051                                    PropsValues.OPEN_SSO_AUTH_ENABLED);
052                            String loginUrl = PrefsPropsUtil.getString(
053                                    companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
054                                    PropsValues.OPEN_SSO_LOGIN_URL);
055                            String logoutUrl = PrefsPropsUtil.getString(
056                                    companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
057                                    PropsValues.OPEN_SSO_LOGOUT_URL);
058                            String serviceUrl = PrefsPropsUtil.getString(
059                                    companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
060                                    PropsValues.OPEN_SSO_SERVICE_URL);
061    
062                            if (enabled && Validator.isNotNull(loginUrl) &&
063                                    Validator.isNotNull(logoutUrl) &&
064                                    Validator.isNotNull(serviceUrl)) {
065    
066                                    return true;
067                            }
068                    }
069                    catch (Exception e) {
070                            _log.error(e, e);
071                    }
072    
073                    return false;
074            }
075    
076            @Override
077            protected void processFilter(
078                            HttpServletRequest request, HttpServletResponse response,
079                            FilterChain filterChain)
080                    throws Exception {
081    
082                    long companyId = PortalUtil.getCompanyId(request);
083    
084                    String loginUrl = PrefsPropsUtil.getString(
085                            companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
086                            PropsValues.OPEN_SSO_LOGIN_URL);
087                    String logoutUrl = PrefsPropsUtil.getString(
088                            companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
089                            PropsValues.OPEN_SSO_LOGOUT_URL);
090                    String serviceUrl = PrefsPropsUtil.getString(
091                            companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
092                            PropsValues.OPEN_SSO_SERVICE_URL);
093    
094                    String requestURI = GetterUtil.getString(request.getRequestURI());
095    
096                    if (requestURI.endsWith("/portal/logout")) {
097                            HttpSession session = request.getSession();
098    
099                            session.invalidate();
100    
101                            response.sendRedirect(logoutUrl);
102    
103                            return;
104                    }
105    
106                    boolean authenticated = false;
107    
108                    try {
109    
110                            // LEP-5943
111    
112                            authenticated = OpenSSOUtil.isAuthenticated(request, serviceUrl);
113                    }
114                    catch (Exception e) {
115                            _log.error(e, e);
116    
117                            processFilter(OpenSSOFilter.class, request, response, filterChain);
118    
119                            return;
120                    }
121    
122                    HttpSession session = request.getSession();
123    
124                    if (authenticated) {
125    
126                            // LEP-5943
127    
128                            String newSubjectId = OpenSSOUtil.getSubjectId(request, serviceUrl);
129    
130                            String oldSubjectId = (String)session.getAttribute(_SUBJECT_ID_KEY);
131    
132                            if (oldSubjectId == null) {
133                                    session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
134                            }
135                            else if (!newSubjectId.equals(oldSubjectId)) {
136                                    session.invalidate();
137    
138                                    session = request.getSession();
139    
140                                    session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
141                            }
142    
143                            processFilter(OpenSSOFilter.class, request, response, filterChain);
144    
145                            return;
146                    }
147                    else if (PortalUtil.getUserId(request) > 0) {
148                            session.invalidate();
149                    }
150    
151                    if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH ||
152                            !loginUrl.contains("/portal/login")) {
153    
154                            response.sendRedirect(loginUrl);
155    
156                            return;
157                    }
158    
159                    String currentURL = PortalUtil.getCurrentURL(request);
160    
161                    String redirect = currentURL;
162    
163                    if (currentURL.contains("/portal/login")) {
164                            redirect = ParamUtil.getString(request, "redirect");
165    
166                            if (Validator.isNull(redirect)) {
167                                    redirect = PortalUtil.getPathMain();
168                            }
169                    }
170    
171                    redirect =
172                            loginUrl +
173                                    HttpUtil.encodeURL("?redirect=" + HttpUtil.encodeURL(redirect));
174    
175                    response.sendRedirect(redirect);
176            }
177    
178            private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
179    
180            private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
181    
182    }