001
014
015 package com.liferay.portal.servlet.filters.sso.opensso;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.kernel.util.HttpUtil;
021 import com.liferay.portal.kernel.util.ParamUtil;
022 import com.liferay.portal.kernel.util.PropsKeys;
023 import com.liferay.portal.kernel.util.Validator;
024 import com.liferay.portal.servlet.filters.BasePortalFilter;
025 import com.liferay.portal.util.PortalUtil;
026 import com.liferay.portal.util.PrefsPropsUtil;
027 import com.liferay.portal.util.PropsValues;
028
029 import javax.servlet.FilterChain;
030 import javax.servlet.http.HttpServletRequest;
031 import javax.servlet.http.HttpServletResponse;
032 import javax.servlet.http.HttpSession;
033
034
040 public class OpenSSOFilter extends BasePortalFilter {
041
042 @Override
043 public boolean isFilterEnabled(
044 HttpServletRequest request, HttpServletResponse response) {
045
046 try {
047 long companyId = PortalUtil.getCompanyId(request);
048
049 boolean enabled = PrefsPropsUtil.getBoolean(
050 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
051 PropsValues.OPEN_SSO_AUTH_ENABLED);
052 String loginUrl = PrefsPropsUtil.getString(
053 companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
054 PropsValues.OPEN_SSO_LOGIN_URL);
055 String logoutUrl = PrefsPropsUtil.getString(
056 companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
057 PropsValues.OPEN_SSO_LOGOUT_URL);
058 String serviceUrl = PrefsPropsUtil.getString(
059 companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
060 PropsValues.OPEN_SSO_SERVICE_URL);
061
062 if (enabled && Validator.isNotNull(loginUrl) &&
063 Validator.isNotNull(logoutUrl) &&
064 Validator.isNotNull(serviceUrl)) {
065
066 return true;
067 }
068 }
069 catch (Exception e) {
070 _log.error(e, e);
071 }
072
073 return false;
074 }
075
076 @Override
077 protected void processFilter(
078 HttpServletRequest request, HttpServletResponse response,
079 FilterChain filterChain)
080 throws Exception {
081
082 long companyId = PortalUtil.getCompanyId(request);
083
084 String loginUrl = PrefsPropsUtil.getString(
085 companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
086 PropsValues.OPEN_SSO_LOGIN_URL);
087 String logoutUrl = PrefsPropsUtil.getString(
088 companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
089 PropsValues.OPEN_SSO_LOGOUT_URL);
090 String serviceUrl = PrefsPropsUtil.getString(
091 companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
092 PropsValues.OPEN_SSO_SERVICE_URL);
093
094 String requestURI = GetterUtil.getString(request.getRequestURI());
095
096 if (requestURI.endsWith("/portal/logout")) {
097 HttpSession session = request.getSession();
098
099 session.invalidate();
100
101 response.sendRedirect(logoutUrl);
102
103 return;
104 }
105
106 boolean authenticated = false;
107
108 try {
109
110
111
112 authenticated = OpenSSOUtil.isAuthenticated(request, serviceUrl);
113 }
114 catch (Exception e) {
115 _log.error(e, e);
116
117 processFilter(OpenSSOFilter.class, request, response, filterChain);
118
119 return;
120 }
121
122 HttpSession session = request.getSession();
123
124 if (authenticated) {
125
126
127
128 String newSubjectId = OpenSSOUtil.getSubjectId(request, serviceUrl);
129
130 String oldSubjectId = (String)session.getAttribute(_SUBJECT_ID_KEY);
131
132 if (oldSubjectId == null) {
133 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
134 }
135 else if (!newSubjectId.equals(oldSubjectId)) {
136 session.invalidate();
137
138 session = request.getSession();
139
140 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
141 }
142
143 processFilter(OpenSSOFilter.class, request, response, filterChain);
144
145 return;
146 }
147 else if (PortalUtil.getUserId(request) > 0) {
148 session.invalidate();
149 }
150
151 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH ||
152 !loginUrl.contains("/portal/login")) {
153
154 response.sendRedirect(loginUrl);
155
156 return;
157 }
158
159 String currentURL = PortalUtil.getCurrentURL(request);
160
161 String redirect = currentURL;
162
163 if (currentURL.contains("/portal/login")) {
164 redirect = ParamUtil.getString(request, "redirect");
165
166 if (Validator.isNull(redirect)) {
167 redirect = PortalUtil.getPathMain();
168 }
169 }
170
171 redirect =
172 loginUrl +
173 HttpUtil.encodeURL("?redirect=" + HttpUtil.encodeURL(redirect));
174
175 response.sendRedirect(redirect);
176 }
177
178 private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
179
180 private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
181
182 }