--- /dev/null
+/**\r
+ * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.\r
+ *\r
+ * This library is free software; you can redistribute it and/or modify it under\r
+ * the terms of the GNU Lesser General Public License as published by the Free\r
+ * Software Foundation; either version 2.1 of the License, or (at your option)\r
+ * any later version.\r
+ *\r
+ * This library is distributed in the hope that it will be useful, but WITHOUT\r
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS\r
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more\r
+ * details.\r
+ */\r
+\r
+package com.liferay.portal.servlet.filters.sso.cas;\r
+\r
+import com.liferay.portal.kernel.log.Log;\r
+import com.liferay.portal.kernel.log.LogFactoryUtil;\r
+import com.liferay.portal.kernel.util.HttpUtil;\r
+import com.liferay.portal.kernel.util.ParamUtil;\r
+import com.liferay.portal.kernel.util.PropsKeys;\r
+import com.liferay.portal.kernel.util.Validator;\r
+import com.liferay.portal.model.User;\r
+import com.liferay.portal.security.ldap.PortalLDAPUtil;\r
+import com.liferay.portal.servlet.filters.BasePortalFilter;\r
+import com.liferay.portal.theme.ThemeDisplay;\r
+import com.liferay.portal.util.PortalUtil;\r
+import com.liferay.portal.util.PrefsPropsUtil;\r
+import com.liferay.portal.util.PropsValues;\r
+import com.liferay.portal.util.WebKeys;\r
+import com.pentila.entSavoie.utils.XmppUtil;\r
+\r
+import java.util.HashMap;\r
+import java.util.Map;\r
+import java.util.concurrent.ConcurrentHashMap;\r
+\r
+import javax.servlet.FilterChain;\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+import javax.servlet.http.HttpSession;\r
+\r
+import org.jasig.cas.client.authentication.AttributePrincipal;\r
+import org.jasig.cas.client.util.CommonUtils;\r
+import org.jasig.cas.client.validation.Assertion;\r
+import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;\r
+import org.jasig.cas.client.validation.TicketValidator;\r
+\r
+/**\r
+ * @author Michael Young\r
+ * @author Brian Wing Shun Chan\r
+ * @author Raymond Augé\r
+ * @author Tina Tian\r
+ * @author Zsolt Balogh\r
+ */\r
+public class CASFilter extends BasePortalFilter {\r
+\r
+ public static void reload(long companyId) {\r
+ _ticketValidators.remove(companyId);\r
+ }\r
+\r
+ @Override\r
+ public boolean isFilterEnabled(\r
+ HttpServletRequest request, HttpServletResponse response) {\r
+\r
+ try {\r
+ long companyId = PortalUtil.getCompanyId(request);\r
+ /*\r
+ * remove filter on Cas Login Enable which terminate the login function. always authorized cas filter\r
+ * see previous version for more information\r
+ */\r
+ return true ;\r
+\r
+ }\r
+ catch (Exception e) {\r
+ _log.error(e, e);\r
+ }\r
+\r
+ return false;\r
+ }\r
+\r
+ @Override\r
+ protected Log getLog() {\r
+ return _log;\r
+ }\r
+\r
+ protected TicketValidator getTicketValidator(long companyId)\r
+ throws Exception {\r
+\r
+ TicketValidator ticketValidator = _ticketValidators.get(companyId);\r
+\r
+ if (ticketValidator != null) {\r
+ return ticketValidator;\r
+ }\r
+\r
+ String serverName = PrefsPropsUtil.getString(\r
+ companyId, PropsKeys.CAS_SERVER_NAME, PropsValues.CAS_SERVER_NAME);\r
+ String serverUrl = PrefsPropsUtil.getString(\r
+ companyId, PropsKeys.CAS_SERVER_URL, PropsValues.CAS_SERVER_URL);\r
+ String loginUrl = PrefsPropsUtil.getString(\r
+ companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL);\r
+\r
+ Cas20ProxyTicketValidator cas20ProxyTicketValidator =\r
+ new Cas20ProxyTicketValidator(serverUrl);\r
+\r
+ Map<String, String> parameters = new HashMap<String, String>();\r
+\r
+ parameters.put("serverName", serverName);\r
+ parameters.put("casServerUrlPrefix", serverUrl);\r
+ parameters.put("casServerLoginUrl", loginUrl);\r
+ parameters.put("redirectAfterValidation", "false");\r
+\r
+ cas20ProxyTicketValidator.setCustomParameters(parameters);\r
+\r
+ _ticketValidators.put(companyId, cas20ProxyTicketValidator);\r
+\r
+ return cas20ProxyTicketValidator;\r
+ }\r
+\r
+ @Override\r
+ protected void processFilter(\r
+ HttpServletRequest request, HttpServletResponse response,\r
+ FilterChain filterChain)\r
+ throws Exception {\r
+\r
+ HttpSession session = request.getSession();\r
+\r
+ long companyId = PortalUtil.getCompanyId(request);\r
+\r
+ String pathInfo = request.getPathInfo();\r
+\r
+ Object forceLogout = session.getAttribute(WebKeys.CAS_FORCE_LOGOUT);\r
+\r
+ if (forceLogout != null) {\r
+ session.removeAttribute(WebKeys.CAS_FORCE_LOGOUT);\r
+\r
+ String logoutUrl = PrefsPropsUtil.getString(\r
+ companyId, PropsKeys.CAS_LOGOUT_URL,\r
+ PropsValues.CAS_LOGOUT_URL);\r
+\r
+ response.sendRedirect(logoutUrl);\r
+\r
+ return;\r
+ }\r
+\r
+ if (pathInfo.indexOf("/portal/logout") != -1) {\r
+ session.invalidate();\r
+\r
+ // Deconnect from Xmpp (chat)\r
+ try {\r
+ User user = PortalUtil.getUser(request);\r
+ XmppUtil.logoutUser(user);\r
+ } catch (Exception e) {\r
+ _log.error("Failed to logout from Xmpp chat");\r
+ }\r
+ \r
+ String logoutUrl = PrefsPropsUtil.getString(\r
+ companyId, PropsKeys.CAS_LOGOUT_URL,\r
+ PropsValues.CAS_LOGOUT_URL);\r
+\r
+ response.sendRedirect(logoutUrl);\r
+\r
+ return;\r
+ }\r
+ else {\r
+ String login = (String)session.getAttribute(WebKeys.CAS_LOGIN);\r
+\r
+ if (Validator.isNotNull(login)) {\r
+ processFilter(CASFilter.class, request, response, filterChain);\r
+\r
+ return;\r
+ }\r
+\r
+ String serverName = PrefsPropsUtil.getString(\r
+ companyId, PropsKeys.CAS_SERVER_NAME,\r
+ PropsValues.CAS_SERVER_NAME);\r
+\r
+ String serviceUrl = PrefsPropsUtil.getString(\r
+ companyId, PropsKeys.CAS_SERVICE_URL,\r
+ PropsValues.CAS_SERVICE_URL);\r
+\r
+ if (Validator.isNull(serviceUrl)) {\r
+ serviceUrl = CommonUtils.constructServiceUrl(\r
+ request, response, serviceUrl, serverName, "ticket", false);\r
+ }\r
+\r
+ String ticket = ParamUtil.getString(request, "ticket");\r
+\r
+ if (Validator.isNull(ticket)) {\r
+ String loginUrl = PrefsPropsUtil.getString(\r
+ companyId, PropsKeys.CAS_LOGIN_URL,\r
+ PropsValues.CAS_LOGIN_URL);\r
+\r
+ loginUrl = HttpUtil.addParameter(\r
+ loginUrl, "service", serviceUrl);\r
+\r
+ response.sendRedirect(loginUrl);\r
+\r
+ return;\r
+ }\r
+\r
+ TicketValidator ticketValidator = getTicketValidator(companyId);\r
+ Assertion assertion = ticketValidator.validate(ticket, serviceUrl);\r
+\r
+ if (assertion != null) {\r
+ AttributePrincipal attributePrincipal =\r
+ assertion.getPrincipal();\r
+\r
+ login = attributePrincipal.getName();\r
+\r
+ session.setAttribute(WebKeys.CAS_LOGIN, login);\r
+ }\r
+ }\r
+\r
+ processFilter(CASFilter.class, request, response, filterChain);\r
+ }\r
+\r
+ private static Log _log = LogFactoryUtil.getLog(CASFilter.class);\r
+\r
+ private static Map<Long, TicketValidator> _ticketValidators =\r
+ new ConcurrentHashMap<Long, TicketValidator>();\r
+\r
+}
\ No newline at end of file