1
22
23 package com.liferay.portal.servlet.filters.sso.cas;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.util.PropsKeys;
28 import com.liferay.portal.servlet.filters.BasePortalFilter;
29 import com.liferay.portal.util.PortalUtil;
30 import com.liferay.portal.util.PrefsPropsUtil;
31 import com.liferay.portal.util.PropsValues;
32 import com.liferay.util.servlet.filters.DynamicFilterConfig;
33
34 import java.util.Map;
35 import java.util.concurrent.ConcurrentHashMap;
36
37 import javax.servlet.Filter;
38 import javax.servlet.FilterChain;
39 import javax.servlet.FilterConfig;
40 import javax.servlet.ServletContext;
41 import javax.servlet.http.HttpServletRequest;
42 import javax.servlet.http.HttpServletResponse;
43 import javax.servlet.http.HttpSession;
44
45 import org.jasig.cas.client.authentication.AttributePrincipal;
46 import org.jasig.cas.client.authentication.AuthenticationFilter;
47 import org.jasig.cas.client.util.AbstractCasFilter;
48 import org.jasig.cas.client.validation.Assertion;
49 import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
50
51
59 public class CASFilter extends BasePortalFilter {
60
61 public static String SCREEN_NAME =
62 CASFilter.class.getName() + "SCREEN_NAME";
63
64 public static void reload(long companyId) {
65 _casAuthenticationFilters.remove(companyId);
66 _casTicketValidationFilters.remove(companyId);
67 }
68
69 public void init(FilterConfig filterConfig) {
70 super.init(filterConfig);
71
72 _servletContext = getFilterConfig().getServletContext();
73 }
74
75 protected Filter getCASAuthenticationFilter(long companyId)
76 throws Exception {
77
78 Filter casAuthenticationFilter = _casAuthenticationFilters.get(
79 companyId);
80
81 if (casAuthenticationFilter == null) {
82 casAuthenticationFilter = new AuthenticationFilter();
83
84 DynamicFilterConfig dynamicFilterConfig = new DynamicFilterConfig(
85 _filterName, _servletContext);
86
87 String serverName = PrefsPropsUtil.getString(
88 companyId, PropsKeys.CAS_SERVER_NAME,
89 PropsValues.CAS_SERVER_NAME);
90 String loginUrl = PrefsPropsUtil.getString(
91 companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL);
92
93 dynamicFilterConfig.addInitParameter("serverName", serverName);
94 dynamicFilterConfig.addInitParameter("casServerLoginUrl", loginUrl);
95
96 casAuthenticationFilter.init(dynamicFilterConfig);
97
98 _casAuthenticationFilters.put(companyId, casAuthenticationFilter);
99 }
100
101 return casAuthenticationFilter;
102 }
103
104 protected Filter getCASTicketValidationFilter(long companyId)
105 throws Exception {
106
107 Filter casTicketValidationFilter = _casTicketValidationFilters.get(
108 companyId);
109
110 if (casTicketValidationFilter == null) {
111 casTicketValidationFilter =
112 new Cas20ProxyReceivingTicketValidationFilter();
113
114 DynamicFilterConfig dynamicFilterConfig = new DynamicFilterConfig(
115 _filterName, _servletContext);
116
117 String serverName = PrefsPropsUtil.getString(
118 companyId, PropsKeys.CAS_SERVER_NAME,
119 PropsValues.CAS_SERVER_NAME);
120 String serverUrl = PrefsPropsUtil.getString(
121 companyId, PropsKeys.CAS_SERVER_URL,
122 PropsValues.CAS_SERVER_URL);
123 String loginUrl = PrefsPropsUtil.getString(
124 companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL);
125
126 dynamicFilterConfig.addInitParameter("serverName", serverName);
127 dynamicFilterConfig.addInitParameter(
128 "casServerUrlPrefix", serverUrl);
129 dynamicFilterConfig.addInitParameter("casServerLoginUrl", loginUrl);
130 dynamicFilterConfig.addInitParameter(
131 "redirectAfterValidation", "false");
132
133 casTicketValidationFilter.init(dynamicFilterConfig);
134
135 _casTicketValidationFilters.put(
136 companyId, casTicketValidationFilter);
137 }
138
139 return casTicketValidationFilter;
140 }
141
142 protected Log getLog() {
143 return _log;
144 }
145
146 protected void processFilter(
147 HttpServletRequest request, HttpServletResponse response,
148 FilterChain filterChain)
149 throws Exception {
150
151 long companyId = PortalUtil.getCompanyId(request);
152
153 if (PrefsPropsUtil.getBoolean(
154 companyId, PropsKeys.CAS_AUTH_ENABLED,
155 PropsValues.CAS_AUTH_ENABLED)) {
156
157 HttpSession session = request.getSession();
158
159 String pathInfo = request.getPathInfo();
160
161 if (pathInfo.indexOf("/portal/logout") != -1) {
162 session.invalidate();
163
164 String logoutUrl = PrefsPropsUtil.getString(
165 companyId, PropsKeys.CAS_LOGOUT_URL,
166 PropsValues.CAS_LOGOUT_URL);
167
168 response.sendRedirect(logoutUrl);
169 }
170 else {
171 Filter casAuthenticationFilter = getCASAuthenticationFilter(
172 companyId);
173
174 casAuthenticationFilter.doFilter(
175 request, response, filterChain);
176
177 Filter casTicketValidationFilter = getCASTicketValidationFilter(
178 companyId);
179
180 casTicketValidationFilter.doFilter(
181 request, response, filterChain);
182
183 Assertion assertion = (Assertion)session.getAttribute(
184 AbstractCasFilter.CONST_CAS_ASSERTION);
185
186 if (assertion != null) {
187 AttributePrincipal attributePrincipal =
188 assertion.getPrincipal();
189
190 String screenName = attributePrincipal.getName();
191
192 session.setAttribute(SCREEN_NAME, screenName);
193 }
194 }
195 }
196 else {
197 processFilter(CASFilter.class, request, response, filterChain);
198 }
199 }
200
201 private static Log _log = LogFactoryUtil.getLog(CASFilter.class);
202
203 private static Map<Long, Filter> _casAuthenticationFilters =
204 new ConcurrentHashMap<Long, Filter>();
205 private static Map<Long, Filter> _casTicketValidationFilters =
206 new ConcurrentHashMap<Long, Filter>();
207
208 private String _filterName;
209 private ServletContext _servletContext;
210
211 }