2 * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
\r
4 * This library is free software; you can redistribute it and/or modify it under
\r
5 * the terms of the GNU Lesser General Public License as published by the Free
\r
6 * Software Foundation; either version 2.1 of the License, or (at your option)
\r
9 * This library is distributed in the hope that it will be useful, but WITHOUT
\r
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
\r
11 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
\r
15 package com.liferay.portal.servlet.filters.sso.cas;
\r
17 import com.liferay.portal.kernel.log.Log;
\r
18 import com.liferay.portal.kernel.log.LogFactoryUtil;
\r
19 import com.liferay.portal.kernel.util.HttpUtil;
\r
20 import com.liferay.portal.kernel.util.ParamUtil;
\r
21 import com.liferay.portal.kernel.util.PropsKeys;
\r
22 import com.liferay.portal.kernel.util.Validator;
\r
23 import com.liferay.portal.model.User;
\r
24 import com.liferay.portal.security.ldap.PortalLDAPUtil;
\r
25 import com.liferay.portal.servlet.filters.BasePortalFilter;
\r
26 import com.liferay.portal.theme.ThemeDisplay;
\r
27 import com.liferay.portal.util.PortalUtil;
\r
28 import com.liferay.portal.util.PrefsPropsUtil;
\r
29 import com.liferay.portal.util.PropsValues;
\r
30 import com.liferay.portal.util.WebKeys;
\r
31 import com.pentila.entSavoie.utils.XmppUtil;
\r
33 import java.util.HashMap;
\r
34 import java.util.Map;
\r
35 import java.util.concurrent.ConcurrentHashMap;
\r
37 import javax.servlet.FilterChain;
\r
38 import javax.servlet.http.HttpServletRequest;
\r
39 import javax.servlet.http.HttpServletResponse;
\r
40 import javax.servlet.http.HttpSession;
\r
42 import org.jasig.cas.client.authentication.AttributePrincipal;
\r
43 import org.jasig.cas.client.util.CommonUtils;
\r
44 import org.jasig.cas.client.validation.Assertion;
\r
45 import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
\r
46 import org.jasig.cas.client.validation.TicketValidator;
\r
49 * @author Michael Young
\r
50 * @author Brian Wing Shun Chan
\r
51 * @author Raymond Augé
\r
53 * @author Zsolt Balogh
\r
55 public class CASFilter extends BasePortalFilter {
\r
57 public static void reload(long companyId) {
\r
58 _ticketValidators.remove(companyId);
\r
62 public boolean isFilterEnabled(
\r
63 HttpServletRequest request, HttpServletResponse response) {
\r
66 long companyId = PortalUtil.getCompanyId(request);
\r
68 * remove filter on Cas Login Enable which terminate the login function. always authorized cas filter
\r
69 * see previous version for more information
\r
74 catch (Exception e) {
\r
82 protected Log getLog() {
\r
86 protected TicketValidator getTicketValidator(long companyId)
\r
89 TicketValidator ticketValidator = _ticketValidators.get(companyId);
\r
91 if (ticketValidator != null) {
\r
92 return ticketValidator;
\r
95 String serverName = PrefsPropsUtil.getString(
\r
96 companyId, PropsKeys.CAS_SERVER_NAME, PropsValues.CAS_SERVER_NAME);
\r
97 String serverUrl = PrefsPropsUtil.getString(
\r
98 companyId, PropsKeys.CAS_SERVER_URL, PropsValues.CAS_SERVER_URL);
\r
99 String loginUrl = PrefsPropsUtil.getString(
\r
100 companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL);
\r
102 Cas20ProxyTicketValidator cas20ProxyTicketValidator =
\r
103 new Cas20ProxyTicketValidator(serverUrl);
\r
105 Map<String, String> parameters = new HashMap<String, String>();
\r
107 parameters.put("serverName", serverName);
\r
108 parameters.put("casServerUrlPrefix", serverUrl);
\r
109 parameters.put("casServerLoginUrl", loginUrl);
\r
110 parameters.put("redirectAfterValidation", "false");
\r
112 cas20ProxyTicketValidator.setCustomParameters(parameters);
\r
114 _ticketValidators.put(companyId, cas20ProxyTicketValidator);
\r
116 return cas20ProxyTicketValidator;
\r
120 protected void processFilter(
\r
121 HttpServletRequest request, HttpServletResponse response,
\r
122 FilterChain filterChain)
\r
125 HttpSession session = request.getSession();
\r
127 long companyId = PortalUtil.getCompanyId(request);
\r
129 String pathInfo = request.getPathInfo();
\r
131 Object forceLogout = session.getAttribute(WebKeys.CAS_FORCE_LOGOUT);
\r
133 if (forceLogout != null) {
\r
134 session.removeAttribute(WebKeys.CAS_FORCE_LOGOUT);
\r
136 String logoutUrl = PrefsPropsUtil.getString(
\r
137 companyId, PropsKeys.CAS_LOGOUT_URL,
\r
138 PropsValues.CAS_LOGOUT_URL);
\r
140 response.sendRedirect(logoutUrl);
\r
145 if (pathInfo.indexOf("/portal/logout") != -1) {
\r
146 session.invalidate();
\r
148 // Deconnect from Xmpp (chat)
\r
150 User user = PortalUtil.getUser(request);
\r
151 XmppUtil.logoutUser(user);
\r
152 } catch (Exception e) {
\r
153 _log.error("Failed to logout from Xmpp chat");
\r
156 String logoutUrl = PrefsPropsUtil.getString(
\r
157 companyId, PropsKeys.CAS_LOGOUT_URL,
\r
158 PropsValues.CAS_LOGOUT_URL);
\r
160 response.sendRedirect(logoutUrl);
\r
165 String login = (String)session.getAttribute(WebKeys.CAS_LOGIN);
\r
167 if (Validator.isNotNull(login)) {
\r
168 processFilter(CASFilter.class, request, response, filterChain);
\r
173 String serverName = PrefsPropsUtil.getString(
\r
174 companyId, PropsKeys.CAS_SERVER_NAME,
\r
175 PropsValues.CAS_SERVER_NAME);
\r
177 String serviceUrl = PrefsPropsUtil.getString(
\r
178 companyId, PropsKeys.CAS_SERVICE_URL,
\r
179 PropsValues.CAS_SERVICE_URL);
\r
181 if (Validator.isNull(serviceUrl)) {
\r
182 serviceUrl = CommonUtils.constructServiceUrl(
\r
183 request, response, serviceUrl, serverName, "ticket", false);
\r
186 String ticket = ParamUtil.getString(request, "ticket");
\r
188 if (Validator.isNull(ticket)) {
\r
189 String loginUrl = PrefsPropsUtil.getString(
\r
190 companyId, PropsKeys.CAS_LOGIN_URL,
\r
191 PropsValues.CAS_LOGIN_URL);
\r
193 loginUrl = HttpUtil.addParameter(
\r
194 loginUrl, "service", serviceUrl);
\r
196 response.sendRedirect(loginUrl);
\r
201 TicketValidator ticketValidator = getTicketValidator(companyId);
\r
202 Assertion assertion = ticketValidator.validate(ticket, serviceUrl);
\r
204 if (assertion != null) {
\r
205 AttributePrincipal attributePrincipal =
\r
206 assertion.getPrincipal();
\r
208 login = attributePrincipal.getName();
\r
210 session.setAttribute(WebKeys.CAS_LOGIN, login);
\r
214 processFilter(CASFilter.class, request, response, filterChain);
\r
217 private static Log _log = LogFactoryUtil.getLog(CASFilter.class);
\r
219 private static Map<Long, TicketValidator> _ticketValidators =
\r
220 new ConcurrentHashMap<Long, TicketValidator>();
\r