001
014
015 package com.liferay.portal.security.sso;
016
017 import com.liferay.portal.kernel.util.PropsKeys;
018 import com.liferay.portal.util.PortalUtil;
019 import com.liferay.portal.util.PrefsPropsUtil;
020 import com.liferay.portal.util.PropsValues;
021 import com.liferay.registry.Registry;
022 import com.liferay.registry.RegistryUtil;
023 import com.liferay.registry.ServiceReference;
024 import com.liferay.registry.ServiceTracker;
025 import com.liferay.registry.ServiceTrackerCustomizer;
026
027 import java.util.Collections;
028 import java.util.Map;
029 import java.util.Set;
030 import java.util.concurrent.ConcurrentSkipListMap;
031
032 import javax.servlet.http.HttpServletRequest;
033
034
037 public class SSOUtil {
038
039 public static String getSessionExpirationRedirectURL(
040 long companyId, String sessionExpirationRedirectURL) {
041
042 if (PrefsPropsUtil.getBoolean(
043 companyId, PropsKeys.CAS_AUTH_ENABLED,
044 PropsValues.CAS_AUTH_ENABLED) &&
045 PropsValues.CAS_LOGOUT_ON_SESSION_EXPIRATION) {
046
047 return PrefsPropsUtil.getString(
048 companyId, PropsKeys.CAS_LOGOUT_URL,
049 PropsValues.CAS_LOGOUT_URL);
050 }
051 else if (PrefsPropsUtil.getBoolean(
052 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
053 PropsValues.OPEN_SSO_AUTH_ENABLED) &&
054 PropsValues.OPEN_SSO_LOGOUT_ON_SESSION_EXPIRATION) {
055
056 return PrefsPropsUtil.getString(
057 companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
058 PropsValues.OPEN_SSO_LOGOUT_URL);
059 }
060
061 return sessionExpirationRedirectURL;
062 }
063
064 public static String getSignInURL(long companyId, String signInURL) {
065 if (PrefsPropsUtil.getBoolean(
066 companyId, PropsKeys.CAS_AUTH_ENABLED,
067 PropsValues.CAS_AUTH_ENABLED) ||
068 PrefsPropsUtil.getBoolean(
069 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
070 PropsValues.OPEN_SSO_AUTH_ENABLED)) {
071
072 return signInURL;
073 }
074
075 return null;
076 }
077
078 public static boolean isAccessAllowed(
079 HttpServletRequest request, Set<String> hostsAllowed) {
080
081 if (hostsAllowed.isEmpty()) {
082 return true;
083 }
084
085 String remoteAddr = request.getRemoteAddr();
086
087 if (hostsAllowed.contains(remoteAddr)) {
088 return true;
089 }
090
091 String computerAddress = PortalUtil.getComputerAddress();
092
093 if (computerAddress.equals(remoteAddr) &&
094 hostsAllowed.contains(_SERVER_IP)) {
095
096 return true;
097 }
098
099 return false;
100 }
101
102 public static boolean isLoginRedirectRequired(long companyId) {
103 if (PrefsPropsUtil.getBoolean(
104 companyId, PropsKeys.CAS_AUTH_ENABLED,
105 PropsValues.CAS_AUTH_ENABLED) ||
106 PrefsPropsUtil.getBoolean(
107 companyId, PropsKeys.LOGIN_DIALOG_DISABLED,
108 PropsValues.LOGIN_DIALOG_DISABLED) ||
109 PrefsPropsUtil.getBoolean(
110 companyId, PropsKeys.NTLM_AUTH_ENABLED,
111 PropsValues.NTLM_AUTH_ENABLED) ||
112 PrefsPropsUtil.getBoolean(
113 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
114 PropsValues.OPEN_SSO_AUTH_ENABLED)) {
115
116 return true;
117 }
118
119 return false;
120 }
121
122 public static boolean isRedirectRequired(long companyId) {
123 if (PrefsPropsUtil.getBoolean(
124 companyId, PropsKeys.CAS_AUTH_ENABLED,
125 PropsValues.CAS_AUTH_ENABLED)) {
126
127 return true;
128 }
129
130 return false;
131 }
132
133 public static boolean isSessionRedirectOnExpire(long companyId) {
134 boolean sessionRedirectOnExpire =
135 PropsValues.SESSION_TIMEOUT_REDIRECT_ON_EXPIRE;
136
137 if (PrefsPropsUtil.getBoolean(
138 companyId, PropsKeys.CAS_AUTH_ENABLED,
139 PropsValues.CAS_AUTH_ENABLED) &&
140 PropsValues.CAS_LOGOUT_ON_SESSION_EXPIRATION) {
141
142 sessionRedirectOnExpire = true;
143 }
144 else if (PrefsPropsUtil.getBoolean(
145 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
146 PropsValues.OPEN_SSO_AUTH_ENABLED) &&
147 PropsValues.OPEN_SSO_LOGOUT_ON_SESSION_EXPIRATION) {
148
149 sessionRedirectOnExpire = true;
150 }
151
152 return sessionRedirectOnExpire;
153 }
154
155 private SSOUtil() {
156 Registry registry = RegistryUtil.getRegistry();
157
158 _serviceTracker = registry.trackServices(
159 SSO.class, new SSOServiceTrackerCustomizer());
160
161 _serviceTracker.open();
162 }
163
164 private String _getSessionExpirationRedirectUrl() {
165 for (SSO sso : _ssoMap.values()) {
166 String sessionExpirationRedirectUrl =
167 sso.getSessionExpirationRedirectUrl();
168
169 if (sessionExpirationRedirectUrl != null) {
170 return sessionExpirationRedirectUrl;
171 }
172 }
173
174 return null;
175 }
176
177 private String _getSignInUrl() {
178 for (SSO sso : _ssoMap.values()) {
179 String signInURL = sso.getSignInURL();
180
181 if (signInURL != null) {
182 return signInURL;
183 }
184 }
185
186 return null;
187 }
188
189 private boolean _isLoginRedirectRequired() {
190 for (SSO sso : _ssoMap.values()) {
191 if (sso.isLoginRedirectRequired()) {
192 return true;
193 }
194 }
195
196 return false;
197 }
198
199 private boolean _isRedirectRequired() {
200 for (SSO sso : _ssoMap.values()) {
201 if (sso.isRedirectRequired()) {
202 return true;
203 }
204 }
205
206 return false;
207 }
208
209 private boolean _isSessionRedirectOnExpire() {
210 for (SSO sso : _ssoMap.values()) {
211 if (sso.isSessionRedirectOnExpire()) {
212 return true;
213 }
214 }
215
216 return false;
217 }
218
219 private static final String _SERVER_IP = "SERVER_IP";
220
221 private static final SSOUtil _instance = new SSOUtil();
222
223 private final ServiceTracker<SSO, SSO> _serviceTracker;
224 private final Map<ServiceReference<SSO>, SSO> _ssoMap =
225 new ConcurrentSkipListMap<>(Collections.reverseOrder());
226
227 private class SSOServiceTrackerCustomizer
228 implements ServiceTrackerCustomizer<SSO, SSO> {
229
230 @Override
231 public SSO addingService(ServiceReference<SSO> serviceReference) {
232 Registry registry = RegistryUtil.getRegistry();
233
234 SSO sso = registry.getService(serviceReference);
235
236 _ssoMap.put(serviceReference, sso);
237
238 return sso;
239 }
240
241 @Override
242 public void modifiedService(
243 ServiceReference<SSO> serviceReference, SSO sso) {
244 }
245
246 @Override
247 public void removedService(
248 ServiceReference<SSO> serviceReference, SSO sso) {
249
250 Registry registry = RegistryUtil.getRegistry();
251
252 registry.ungetService(serviceReference);
253
254 _ssoMap.remove(serviceReference);
255 }
256
257 }
258
259 }