1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.portlet; |
18 |
|
|
19 |
|
import java.io.IOException; |
20 |
|
import java.security.AccessControlContext; |
21 |
|
import java.security.AccessController; |
22 |
|
|
23 |
|
import javax.portlet.ActionRequest; |
24 |
|
import javax.portlet.ActionResponse; |
25 |
|
import javax.portlet.PortletConfig; |
26 |
|
import javax.portlet.PortletContext; |
27 |
|
import javax.portlet.PortletException; |
28 |
|
import javax.portlet.PortletPreferences; |
29 |
|
import javax.portlet.RenderRequest; |
30 |
|
import javax.portlet.RenderResponse; |
31 |
|
import javax.security.auth.Subject; |
32 |
|
|
33 |
|
import org.apache.commons.codec.binary.Base64; |
34 |
|
import org.apache.jetspeed.security.JSSubject; |
35 |
|
import org.apache.jetspeed.sso.SSOContext; |
36 |
|
import org.apache.jetspeed.sso.SSOException; |
37 |
|
import org.apache.jetspeed.sso.SSOProvider; |
38 |
|
|
39 |
|
|
40 |
|
|
41 |
|
|
42 |
|
|
43 |
|
|
44 |
|
|
45 |
0 |
public class SSOIFramePortlet extends IFrameGenericPortlet |
46 |
|
{ |
47 |
|
public static final String SSO_TYPE = "sso.type"; |
48 |
|
public static final String SSO_TYPE_URL = "url"; |
49 |
|
public static final String SSO_TYPE_URL_BASE64 = "url.base64"; |
50 |
|
public static final String SSO_TYPE_HTTP = "http"; |
51 |
|
public static final String SSO_TYPE_CERTIFICATE = "certificate"; |
52 |
|
|
53 |
|
public static final String SSO_TYPE_URL_USERNAME = "sso.url.Principal"; |
54 |
|
public static final String SSO_TYPE_URL_PASSWORD = "sso.url.Credential"; |
55 |
|
|
56 |
|
public static final String SSO_REQUEST_ATTRIBUTE_USERNAME = "sso.ra.username"; |
57 |
|
public static final String SSO_REQUEST_ATTRIBUTE_PASSWORD = "sso.ra.password"; |
58 |
|
|
59 |
|
|
60 |
|
|
61 |
|
|
62 |
|
public static final String SSO_FORM_PRINCIPAL = "ssoPrincipal"; |
63 |
|
public static final String SSO_FORM_CREDENTIAL = "ssoCredential"; |
64 |
|
|
65 |
|
private PortletContext context; |
66 |
|
private SSOProvider sso; |
67 |
|
|
68 |
|
public void init(PortletConfig config) throws PortletException |
69 |
|
{ |
70 |
0 |
super.init(config); |
71 |
0 |
context = getPortletContext(); |
72 |
0 |
sso = (SSOProvider)context.getAttribute("cps:SSO"); |
73 |
0 |
if (null == sso) |
74 |
|
{ |
75 |
0 |
throw new PortletException("Failed to find SSO Provider on portlet initialization"); |
76 |
|
} |
77 |
0 |
} |
78 |
|
|
79 |
|
public void doEdit(RenderRequest request, RenderResponse response) |
80 |
|
throws PortletException, IOException |
81 |
|
{ |
82 |
|
try |
83 |
|
{ |
84 |
0 |
Subject subject = getSubject(); |
85 |
0 |
String site = request.getPreferences().getValue("SRC", ""); |
86 |
0 |
SSOContext context = sso.getCredentials(subject, site); |
87 |
0 |
getContext(request).put(SSO_FORM_PRINCIPAL, context.getRemotePrincipalName()); |
88 |
0 |
getContext(request).put(SSO_FORM_CREDENTIAL, context.getRemoteCredential()); |
89 |
|
} |
90 |
0 |
catch (SSOException e) |
91 |
|
{ |
92 |
0 |
if (e.getMessage().equals(SSOException.NO_CREDENTIALS_FOR_SITE)) |
93 |
|
{ |
94 |
|
|
95 |
|
|
96 |
0 |
getContext(request).put(SSO_FORM_PRINCIPAL, ""); |
97 |
0 |
getContext(request).put(SSO_FORM_CREDENTIAL, ""); |
98 |
|
} |
99 |
|
else |
100 |
|
{ |
101 |
0 |
throw new PortletException(e); |
102 |
|
} |
103 |
0 |
} |
104 |
|
|
105 |
0 |
super.doEdit(request, response); |
106 |
0 |
} |
107 |
|
|
108 |
|
public void doView(RenderRequest request, RenderResponse response) |
109 |
|
throws PortletException, IOException |
110 |
|
{ |
111 |
0 |
String site = request.getPreferences().getValue("SRC", null); |
112 |
0 |
if (site == null) |
113 |
|
{ |
114 |
|
|
115 |
|
|
116 |
0 |
request.setAttribute(PARAM_VIEW_PAGE, this.getPortletConfig().getInitParameter(PARAM_EDIT_PAGE)); |
117 |
0 |
setupPreferencesEdit(request, response); |
118 |
0 |
super.doView(request, response); |
119 |
0 |
return; |
120 |
|
} |
121 |
|
|
122 |
|
try |
123 |
|
{ |
124 |
0 |
Subject subject = getSubject(); |
125 |
0 |
SSOContext context = sso.getCredentials(subject, site); |
126 |
0 |
request.setAttribute(SSO_REQUEST_ATTRIBUTE_USERNAME, context.getRemotePrincipalName()); |
127 |
0 |
request.setAttribute(SSO_REQUEST_ATTRIBUTE_PASSWORD, context.getRemoteCredential()); |
128 |
|
} |
129 |
0 |
catch (SSOException e) |
130 |
|
{ |
131 |
0 |
if (e.getMessage().equals(SSOException.NO_CREDENTIALS_FOR_SITE)) |
132 |
|
{ |
133 |
|
|
134 |
|
|
135 |
0 |
request.setAttribute(PARAM_VIEW_PAGE, this.getPortletConfig().getInitParameter(PARAM_EDIT_PAGE)); |
136 |
0 |
setupPreferencesEdit(request, response); |
137 |
|
} |
138 |
|
else |
139 |
|
{ |
140 |
0 |
throw new PortletException(e); |
141 |
|
} |
142 |
0 |
} |
143 |
|
|
144 |
0 |
super.doView(request, response); |
145 |
0 |
} |
146 |
|
|
147 |
|
public void processAction(ActionRequest request, ActionResponse actionResponse) |
148 |
|
throws PortletException, IOException |
149 |
|
{ |
150 |
|
|
151 |
0 |
super.processAction(request, actionResponse); |
152 |
|
|
153 |
|
|
154 |
|
|
155 |
0 |
String ssoPrincipal = request.getParameter(SSO_FORM_PRINCIPAL); |
156 |
0 |
String ssoCredential = request.getParameter(SSO_FORM_CREDENTIAL); |
157 |
|
|
158 |
|
|
159 |
|
|
160 |
|
|
161 |
|
|
162 |
|
|
163 |
|
|
164 |
0 |
String site = request.getPreferences().getValue("SRC", ""); |
165 |
|
try |
166 |
|
{ |
167 |
0 |
Subject subject = getSubject(); |
168 |
0 |
if (sso.hasSSOCredentials(subject, site)) |
169 |
|
{ |
170 |
0 |
SSOContext context = sso.getCredentials(subject, site); |
171 |
0 |
if (!context.getRemotePrincipalName().equals(ssoPrincipal)) |
172 |
|
{ |
173 |
0 |
sso.removeCredentialsForSite(subject, site); |
174 |
0 |
sso.addCredentialsForSite(subject, ssoPrincipal, site, ssoCredential); |
175 |
|
} |
176 |
|
else |
177 |
|
{ |
178 |
0 |
sso.updateCredentialsForSite(subject, ssoPrincipal, site, ssoCredential); |
179 |
|
} |
180 |
0 |
} |
181 |
|
else |
182 |
|
{ |
183 |
0 |
sso.addCredentialsForSite(subject, ssoPrincipal, site, ssoCredential); |
184 |
|
} |
185 |
|
} |
186 |
0 |
catch (SSOException e) |
187 |
|
{ |
188 |
0 |
throw new PortletException(e); |
189 |
0 |
} |
190 |
|
|
191 |
0 |
} |
192 |
|
|
193 |
|
public String getURLSource(RenderRequest request, RenderResponse response, PortletPreferences prefs) |
194 |
|
{ |
195 |
0 |
String baseSource = super.getURLSource(request, response, prefs); |
196 |
0 |
String type = prefs.getValue(SSO_TYPE, SSO_TYPE_URL); |
197 |
0 |
if (type.equals(SSO_TYPE_URL) || type.equals(SSO_TYPE_URL_BASE64)) |
198 |
|
{ |
199 |
0 |
String userNameParam = prefs.getValue(SSO_TYPE_URL_USERNAME, "user"); |
200 |
0 |
String passwordParam = prefs.getValue(SSO_TYPE_URL_PASSWORD, "password"); |
201 |
0 |
StringBuffer source = new StringBuffer(baseSource); |
202 |
0 |
if (baseSource.indexOf("?") == -1) |
203 |
|
{ |
204 |
0 |
source.append("?"); |
205 |
|
} |
206 |
|
else |
207 |
|
{ |
208 |
0 |
source.append("&"); |
209 |
|
} |
210 |
0 |
source.append(userNameParam); |
211 |
0 |
source.append("="); |
212 |
|
|
213 |
0 |
String userName = (String)request.getAttribute(SSO_REQUEST_ATTRIBUTE_USERNAME); |
214 |
0 |
if (userName == null) userName = ""; |
215 |
0 |
String password = (String)request.getAttribute(SSO_REQUEST_ATTRIBUTE_PASSWORD); |
216 |
0 |
if (password == null) password = ""; |
217 |
|
|
218 |
0 |
if (type.equals(SSO_TYPE_URL_BASE64)) |
219 |
|
{ |
220 |
0 |
Base64 encoder = new Base64() ; |
221 |
0 |
userName = new String(encoder.encode(userName.getBytes())); |
222 |
0 |
password = new String(encoder.encode(password.getBytes())); |
223 |
|
} |
224 |
|
|
225 |
0 |
source.append(userName); |
226 |
0 |
source.append("&"); |
227 |
0 |
source.append(passwordParam); |
228 |
0 |
source.append("="); |
229 |
0 |
source.append(password); |
230 |
|
|
231 |
0 |
return response.encodeURL(source.toString()); |
232 |
|
} |
233 |
|
else |
234 |
|
{ |
235 |
0 |
return baseSource; |
236 |
|
} |
237 |
|
} |
238 |
|
|
239 |
|
private Subject getSubject() |
240 |
|
{ |
241 |
0 |
AccessControlContext context = AccessController.getContext(); |
242 |
0 |
return JSSubject.getSubject(context); |
243 |
|
} |
244 |
|
|
245 |
|
} |