/*
* (C) Copyright 2006-2009 Nuxeo SA (http://nuxeo.com/) and others.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Contributors:
* Nuxeo - initial API and implementation
*
* $Id: ClearTrustAuthenticator.java 33212 2009-04-22 14:06:56Z madarche $
*/
package org.nuxeo.ecm.platform.ui.web.auth.cleartrust;
import java.io.IOException;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPluginLogoutExtension;
/**
* @author M.-A. Darche
*/
public class ClearTrustAuthenticator implements NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension {
protected static final String CLEARTRUST_HEADER_UID = "REMOTE_USER";
protected static final String CLEARTRUST_COOKIE_SESSION_A = "ACTSESSION";
protected static final String CLEARTRUST_COOKIE_SESSION = "CTSESSION";
protected String cookieDomain = "";
protected String cleartrustLoginUrl = "";
protected String cleartrustLogoutUrl = "";
private static final Log log = LogFactory.getLog(ClearTrustAuthenticator.class);
@Override
public List<String> getUnAuthenticatedURLPrefix() {
// There isn't any URL that should not need authentication
return null;
}
/**
* Redirects to the ClearTrust login page if the request doesn't contain cookies indicating that a positive
* authentication occurred.
*
* @return true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise
*/
@Override
public Boolean handleLoginPrompt(HttpServletRequest request, HttpServletResponse response, String baseURL) {
log.debug("handleLoginPrompt ...");
log.debug("handleLoginPrompt requestURL = " + request.getRequestURL());
Cookie[] cookies = getCookies(request);
displayRequestInformation(request);
displayCookieInformation(cookies);
String ctSession = getCookieValue(CLEARTRUST_COOKIE_SESSION, cookies);
String ctSessionA = getCookieValue(CLEARTRUST_COOKIE_SESSION_A, cookies);
log.debug("ctSession = " + ctSession);
log.debug("ctSessionA = " + ctSessionA);
boolean redirectToClearTrustLoginPage = false;
if (ctSession == null) {
log.debug("No ClearTrust session: not authorizing + redirecting to ClearTrust");
redirectToClearTrustLoginPage = true;
}
if ("%20".equals(ctSessionA)) {
log.debug("User has logout from ClearTrust: not authorizing + redirecting to ClearTrust");
redirectToClearTrustLoginPage = true;
}
String ctUid = request.getHeader(CLEARTRUST_HEADER_UID);
log.debug("ctUid = [" + ctUid + "]");
if (ctUid == null) {
redirectToClearTrustLoginPage = true;
}
if (redirectToClearTrustLoginPage) {
String loginUrl = cleartrustLoginUrl;
try {
if (cleartrustLoginUrl == null || "".equals(cleartrustLoginUrl)) {
// loginUrl = baseURL
// + LoginScreenHelper.getStartupPagePath();
loginUrl = baseURL + "login.jsp";
}
log.debug("Redirecting to loginUrl: " + loginUrl);
response.sendRedirect(loginUrl);
return true;
} catch (IOException ex) {
log.error("Unable to redirect to ClearTrust login URL [" + loginUrl + "]:", ex);
return false;
}
}
log.debug("ClearTrust authentication is OK, letting the user in.");
return false;
}
@Override
public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest request, HttpServletResponse httpResponse) {
log.debug("handleRetrieveIdentity ...");
Cookie[] cookies = getCookies(request);
displayRequestInformation(request);
displayCookieInformation(cookies);
String ctUid = request.getHeader(CLEARTRUST_HEADER_UID);
log.debug("handleRetrieveIdentity ctUid = [" + ctUid + "]");
String userName = ctUid;
UserIdentificationInfo uui = new UserIdentificationInfo(userName,
"No password needed for ClearTrust authentication");
log.debug("handleRetrieveIdentity going on with authenticated user = [" + userName + "]");
return uui;
}
@Override
public Boolean needLoginPrompt(HttpServletRequest request) {
// Returning true means that the handleLoginPrompt method will be called
return true;
}
/**
* @return true if there is a redirection
*/
@Override
public Boolean handleLogout(HttpServletRequest request, HttpServletResponse response) {
log.debug("handleLogout ...");
expireCookie(CLEARTRUST_COOKIE_SESSION, request, response);
expireCookie(CLEARTRUST_COOKIE_SESSION_A, request, response);
if (cleartrustLogoutUrl == null || "".equals(cleartrustLogoutUrl)) {
return false;
}
try {
log.debug("Redirecting to logoutUrl = [" + cleartrustLogoutUrl + "] ...");
response.sendRedirect(cleartrustLogoutUrl);
log.debug("handleLogout DONE!");
return true;
} catch (IOException e) {
log.error("Unable to redirect to the logout URL [" + cleartrustLogoutUrl + "] :", e);
return false;
}
}
protected Cookie[] getCookies(HttpServletRequest request) {
Cookie[] cookies = request.getCookies();
if (cookies == null) {
cookies = new Cookie[0];
}
return cookies;
}
private String getCookieValue(String cookieName, Cookie[] cookies) {
String cookieValue = null;
for (Cookie cookie : cookies) {
if (cookieName.equals(cookie.getName())) {
cookieValue = cookie.getValue();
}
}
return cookieValue;
}
private void expireCookie(String cookieName, HttpServletRequest request, HttpServletResponse response) {
log.debug("expiring cookie [" + cookieName + "] ...");
Cookie cookie = new Cookie(cookieName, "");
// A zero value causes the cookie to be deleted
cookie.setMaxAge(0);
cookie.setPath("/");
response.addCookie(cookie);
}
protected void displayCookieInformation(Cookie[] cookies) {
log.debug(">>>>>>>>>>>>> Here are the cookies: ");
for (Cookie cookie : cookies) {
log.debug("displayCookieInformation cookie name: [" + cookie.getName() + "] path: [" + cookie.getPath()
+ "] domain: " + cookie.getDomain() + " max age: " + cookie.getMaxAge() + " value: ["
+ cookie.getValue() + "]");
}
}
protected void displayRequestInformation(HttpServletRequest request) {
log.debug(">>>>>>>>>>>>> Here is the request: ");
for (Enumeration headerNames = request.getHeaderNames(); headerNames.hasMoreElements();) {
String headerName = (String) headerNames.nextElement();
log.debug("header " + headerName + " : [" + request.getHeader(headerName) + "]");
}
for (Enumeration attributeNames = request.getAttributeNames(); attributeNames.hasMoreElements();) {
String attributeName = (String) attributeNames.nextElement();
log.debug("attribute " + attributeName + " : [" + request.getAttribute(attributeName) + "]");
}
for (Enumeration parameterNames = request.getParameterNames(); parameterNames.hasMoreElements();) {
String parameterName = (String) parameterNames.nextElement();
log.debug("parameter " + parameterName + " : [" + request.getParameter(parameterName) + "]");
}
}
@Override
public void initPlugin(Map<String, String> parameters) {
log.debug("initPlugin v 1.1");
if (parameters.containsKey(ClearTrustParameters.COOKIE_DOMAIN)) {
cookieDomain = parameters.get(ClearTrustParameters.COOKIE_DOMAIN);
log.debug("initPlugin cookieDomain = [" + cookieDomain + "]");
}
if (parameters.containsKey(ClearTrustParameters.CLEARTRUST_LOGIN_URL)) {
cleartrustLoginUrl = parameters.get(ClearTrustParameters.CLEARTRUST_LOGIN_URL);
log.debug("initPlugin cleartrustLoginUrl = [" + cleartrustLoginUrl + "]");
}
if (parameters.containsKey(ClearTrustParameters.CLEARTRUST_LOGOUT_URL)) {
cleartrustLogoutUrl = parameters.get(ClearTrustParameters.CLEARTRUST_LOGOUT_URL);
log.debug("initPlugin cleartrustLogoutUrl = [" + cleartrustLogoutUrl + "]");
}
log.debug("initPlugin DONE");
}
}