001
014
015 package com.liferay.portal.servlet.filters.sso.opensso;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.kernel.util.HttpUtil;
021 import com.liferay.portal.kernel.util.ParamUtil;
022 import com.liferay.portal.kernel.util.PropsKeys;
023 import com.liferay.portal.kernel.util.Validator;
024 import com.liferay.portal.servlet.filters.BasePortalFilter;
025 import com.liferay.portal.util.PortalUtil;
026 import com.liferay.portal.util.PrefsPropsUtil;
027 import com.liferay.portal.util.PropsValues;
028
029 import javax.servlet.FilterChain;
030 import javax.servlet.http.HttpServletRequest;
031 import javax.servlet.http.HttpServletResponse;
032 import javax.servlet.http.HttpSession;
033
034
039 public class OpenSSOFilter extends BasePortalFilter {
040
041 protected void processFilter(
042 HttpServletRequest request, HttpServletResponse response,
043 FilterChain filterChain)
044 throws Exception {
045
046 long companyId = PortalUtil.getCompanyId(request);
047
048 boolean enabled = PrefsPropsUtil.getBoolean(
049 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
050 PropsValues.OPEN_SSO_AUTH_ENABLED);
051 String loginUrl = PrefsPropsUtil.getString(
052 companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
053 PropsValues.OPEN_SSO_LOGIN_URL);
054 String logoutUrl = PrefsPropsUtil.getString(
055 companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
056 PropsValues.OPEN_SSO_LOGOUT_URL);
057 String serviceUrl = PrefsPropsUtil.getString(
058 companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
059 PropsValues.OPEN_SSO_SERVICE_URL);
060
061 if (!enabled || Validator.isNull(loginUrl) ||
062 Validator.isNull(logoutUrl) || Validator.isNull(serviceUrl)) {
063
064 processFilter(OpenSSOFilter.class, request, response, filterChain);
065
066 return;
067 }
068
069 String requestURI = GetterUtil.getString(request.getRequestURI());
070
071 if (requestURI.endsWith("/portal/logout")) {
072 HttpSession session = request.getSession();
073
074 session.invalidate();
075
076 response.sendRedirect(logoutUrl);
077 }
078 else {
079 boolean authenticated = false;
080
081 try {
082
083
084
085 authenticated = OpenSSOUtil.isAuthenticated(
086 request, serviceUrl);
087 }
088 catch (Exception e) {
089 _log.error(e, e);
090
091 processFilter(
092 OpenSSOFilter.class, request, response, filterChain);
093
094 return;
095 }
096
097 if (authenticated) {
098
099
100
101 String newSubjectId = OpenSSOUtil.getSubjectId(
102 request, serviceUrl);
103
104 HttpSession session = request.getSession();
105
106 String oldSubjectId = (String)session.getAttribute(
107 _SUBJECT_ID_KEY);
108
109 if (oldSubjectId == null) {
110 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
111 }
112 else if (!newSubjectId.equals(oldSubjectId)) {
113 session.invalidate();
114
115 session = request.getSession();
116
117 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
118 }
119
120 processFilter(
121 OpenSSOFilter.class, request, response, filterChain);
122 }
123 else {
124 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH ||
125 !loginUrl.contains("/portal/login")) {
126
127 response.sendRedirect(loginUrl);
128
129 return;
130 }
131
132 String currentURL = PortalUtil.getCurrentURL(request);
133
134 String redirect = currentURL;
135
136 if (currentURL.contains("/portal/login")) {
137 redirect = ParamUtil.getString(request, "redirect");
138
139 if (Validator.isNull(redirect)) {
140 redirect = PortalUtil.getPathMain();
141 }
142 }
143
144 response.sendRedirect(
145 loginUrl +
146 HttpUtil.encodeURL(
147 "?redirect=" + HttpUtil.encodeURL(redirect)));
148 }
149 }
150 }
151
152 private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
153
154 private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
155
156 }