1
22
23 package com.liferay.portal.servlet.filters.sso.opensso;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.util.GetterUtil;
28 import com.liferay.portal.kernel.util.Validator;
29 import com.liferay.portal.servlet.filters.BasePortalFilter;
30 import com.liferay.portal.util.PortalUtil;
31 import com.liferay.portal.util.PrefsPropsUtil;
32 import com.liferay.portal.util.PropsKeys;
33 import com.liferay.portal.util.PropsValues;
34
35 import javax.servlet.FilterChain;
36 import javax.servlet.http.HttpServletRequest;
37 import javax.servlet.http.HttpServletResponse;
38 import javax.servlet.http.HttpSession;
39
40
48 public class OpenSSOFilter extends BasePortalFilter {
49
50 protected void processFilter(
51 HttpServletRequest request, HttpServletResponse response,
52 FilterChain filterChain)
53 throws Exception {
54
55 long companyId = PortalUtil.getCompanyId(request);
56
57 boolean enabled = PrefsPropsUtil.getBoolean(
58 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
59 PropsValues.OPEN_SSO_AUTH_ENABLED);
60 String loginUrl = PrefsPropsUtil.getString(
61 companyId, PropsKeys.OPEN_SSO_LOGIN_URL,
62 PropsValues.OPEN_SSO_LOGIN_URL);
63 String logoutUrl = PrefsPropsUtil.getString(
64 companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
65 PropsValues.OPEN_SSO_LOGOUT_URL);
66 String serviceUrl = PrefsPropsUtil.getString(
67 companyId, PropsKeys.OPEN_SSO_SERVICE_URL,
68 PropsValues.OPEN_SSO_SERVICE_URL);
69
70 if (!enabled || Validator.isNull(loginUrl) ||
71 Validator.isNull(logoutUrl) || Validator.isNull(serviceUrl)) {
72
73 processFilter(OpenSSOFilter.class, request, response, filterChain);
74
75 return;
76 }
77
78 String requestURI = GetterUtil.getString(request.getRequestURI());
79
80 if (requestURI.endsWith("/portal/logout")) {
81 HttpSession session = request.getSession();
82
83 session.invalidate();
84
85 response.sendRedirect(logoutUrl);
86 }
87 else {
88 boolean authenticated = false;
89
90 try {
91
92
94 authenticated = OpenSSOUtil.isAuthenticated(
95 request, serviceUrl);
96 }
97 catch (Exception e) {
98 _log.error(e, e);
99
100 processFilter(
101 OpenSSOFilter.class, request, response, filterChain);
102
103 return;
104 }
105
106 if (authenticated) {
107
108
110 String newSubjectId = OpenSSOUtil.getSubjectId(
111 request, serviceUrl);
112
113 HttpSession session = request.getSession();
114
115 String oldSubjectId = (String)session.getAttribute(
116 _SUBJECT_ID_KEY);
117
118 if (oldSubjectId == null) {
119 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
120 }
121 else if (!newSubjectId.equals(oldSubjectId)) {
122 session.invalidate();
123
124 session = request.getSession();
125
126 session.setAttribute(_SUBJECT_ID_KEY, newSubjectId);
127 }
128
129 processFilter(
130 OpenSSOFilter.class, request, response, filterChain);
131 }
132 else {
133 response.sendRedirect(loginUrl);
134 }
135 }
136 }
137
138 private static final String _SUBJECT_ID_KEY = "open.sso.subject.id";
139
140 private static Log _log = LogFactoryUtil.getLog(OpenSSOFilter.class);
141
142 }