1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.servlet.filters.sso.cas;
24  
25  import com.liferay.portal.kernel.log.Log;
26  import com.liferay.portal.kernel.log.LogFactoryUtil;
27  import com.liferay.portal.kernel.util.PropsKeys;
28  import com.liferay.portal.servlet.filters.BasePortalFilter;
29  import com.liferay.portal.util.PortalUtil;
30  import com.liferay.portal.util.PrefsPropsUtil;
31  import com.liferay.portal.util.PropsValues;
32  import com.liferay.util.servlet.filters.DynamicFilterConfig;
33  
34  import java.util.Map;
35  import java.util.concurrent.ConcurrentHashMap;
36  
37  import javax.servlet.Filter;
38  import javax.servlet.FilterChain;
39  import javax.servlet.FilterConfig;
40  import javax.servlet.ServletContext;
41  import javax.servlet.http.HttpServletRequest;
42  import javax.servlet.http.HttpServletResponse;
43  import javax.servlet.http.HttpSession;
44  
45  import org.jasig.cas.client.authentication.AttributePrincipal;
46  import org.jasig.cas.client.authentication.AuthenticationFilter;
47  import org.jasig.cas.client.util.AbstractCasFilter;
48  import org.jasig.cas.client.validation.Assertion;
49  import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
50  
51  /**
52   * <a href="CASFilter.java.html"><b><i>View Source</i></b></a>
53   *
54   * @author Michael Young
55   * @author Brian Wing Shun Chan
56   * @author Raymond Augé
57   * @author Tina Tian
58   */
59  public class CASFilter extends BasePortalFilter {
60  
61      public static String SCREEN_NAME =
62          CASFilter.class.getName() + "SCREEN_NAME";
63  
64      public static void reload(long companyId) {
65          _casAuthenticationFilters.remove(companyId);
66          _casTicketValidationFilters.remove(companyId);
67      }
68  
69      public void init(FilterConfig filterConfig) {
70          super.init(filterConfig);
71  
72          _servletContext = getFilterConfig().getServletContext();
73      }
74  
75      protected Filter getCASAuthenticationFilter(long companyId)
76          throws Exception {
77  
78          Filter casAuthenticationFilter = _casAuthenticationFilters.get(
79              companyId);
80  
81          if (casAuthenticationFilter == null) {
82              casAuthenticationFilter = new AuthenticationFilter();
83  
84              DynamicFilterConfig dynamicFilterConfig = new DynamicFilterConfig(
85                  _filterName, _servletContext);
86  
87              String serverName = PrefsPropsUtil.getString(
88                  companyId, PropsKeys.CAS_SERVER_NAME,
89                  PropsValues.CAS_SERVER_NAME);
90              String loginUrl = PrefsPropsUtil.getString(
91                  companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL);
92  
93              dynamicFilterConfig.addInitParameter("serverName", serverName);
94              dynamicFilterConfig.addInitParameter("casServerLoginUrl", loginUrl);
95  
96              casAuthenticationFilter.init(dynamicFilterConfig);
97  
98              _casAuthenticationFilters.put(companyId, casAuthenticationFilter);
99          }
100 
101         return casAuthenticationFilter;
102     }
103 
104     protected Filter getCASTicketValidationFilter(long companyId)
105         throws Exception {
106 
107         Filter casTicketValidationFilter = _casTicketValidationFilters.get(
108             companyId);
109 
110         if (casTicketValidationFilter == null) {
111             casTicketValidationFilter =
112                 new Cas20ProxyReceivingTicketValidationFilter();
113 
114             DynamicFilterConfig dynamicFilterConfig = new DynamicFilterConfig(
115                 _filterName, _servletContext);
116 
117             String serverName = PrefsPropsUtil.getString(
118                 companyId, PropsKeys.CAS_SERVER_NAME,
119                 PropsValues.CAS_SERVER_NAME);
120             String serverUrl = PrefsPropsUtil.getString(
121                 companyId, PropsKeys.CAS_SERVER_URL,
122                 PropsValues.CAS_SERVER_URL);
123             String loginUrl = PrefsPropsUtil.getString(
124                 companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL);
125 
126             dynamicFilterConfig.addInitParameter("serverName", serverName);
127             dynamicFilterConfig.addInitParameter(
128                 "casServerUrlPrefix", serverUrl);
129             dynamicFilterConfig.addInitParameter("casServerLoginUrl", loginUrl);
130             dynamicFilterConfig.addInitParameter(
131                 "redirectAfterValidation", "false");
132 
133             casTicketValidationFilter.init(dynamicFilterConfig);
134 
135             _casTicketValidationFilters.put(
136                 companyId, casTicketValidationFilter);
137         }
138 
139         return casTicketValidationFilter;
140     }
141 
142     protected Log getLog() {
143         return _log;
144     }
145 
146     protected void processFilter(
147             HttpServletRequest request, HttpServletResponse response,
148             FilterChain filterChain)
149         throws Exception {
150 
151         long companyId = PortalUtil.getCompanyId(request);
152 
153         if (PrefsPropsUtil.getBoolean(
154                 companyId, PropsKeys.CAS_AUTH_ENABLED,
155                 PropsValues.CAS_AUTH_ENABLED)) {
156 
157             HttpSession session = request.getSession();
158 
159             String pathInfo = request.getPathInfo();
160 
161             if (pathInfo.indexOf("/portal/logout") != -1) {
162                 session.invalidate();
163 
164                 String logoutUrl = PrefsPropsUtil.getString(
165                     companyId, PropsKeys.CAS_LOGOUT_URL,
166                     PropsValues.CAS_LOGOUT_URL);
167 
168                 response.sendRedirect(logoutUrl);
169             }
170             else {
171                 Filter casAuthenticationFilter = getCASAuthenticationFilter(
172                     companyId);
173 
174                 casAuthenticationFilter.doFilter(
175                     request, response, filterChain);
176 
177                 Filter casTicketValidationFilter = getCASTicketValidationFilter(
178                     companyId);
179 
180                 casTicketValidationFilter.doFilter(
181                     request, response, filterChain);
182 
183                 Assertion assertion = (Assertion)session.getAttribute(
184                     AbstractCasFilter.CONST_CAS_ASSERTION);
185 
186                 if (assertion != null) {
187                     AttributePrincipal attributePrincipal =
188                         assertion.getPrincipal();
189 
190                     String screenName = attributePrincipal.getName();
191 
192                     session.setAttribute(SCREEN_NAME, screenName);
193                 }
194             }
195         }
196         else {
197             processFilter(CASFilter.class, request, response, filterChain);
198         }
199     }
200 
201     private static Log _log = LogFactoryUtil.getLog(CASFilter.class);
202 
203     private static Map<Long, Filter> _casAuthenticationFilters =
204         new ConcurrentHashMap<Long, Filter>();
205     private static Map<Long, Filter> _casTicketValidationFilters =
206         new ConcurrentHashMap<Long, Filter>();
207 
208     private String _filterName;
209     private ServletContext _servletContext;
210 
211 }