001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.sso;
016    
017    import com.liferay.portal.kernel.util.PropsKeys;
018    import com.liferay.portal.util.PortalUtil;
019    import com.liferay.portal.util.PrefsPropsUtil;
020    import com.liferay.portal.util.PropsValues;
021    import com.liferay.registry.Registry;
022    import com.liferay.registry.RegistryUtil;
023    import com.liferay.registry.ServiceReference;
024    import com.liferay.registry.ServiceTracker;
025    import com.liferay.registry.ServiceTrackerCustomizer;
026    
027    import java.util.Collections;
028    import java.util.Map;
029    import java.util.Set;
030    import java.util.concurrent.ConcurrentSkipListMap;
031    
032    import javax.servlet.http.HttpServletRequest;
033    
034    /**
035     * @author Raymond Aug??
036     */
037    public class SSOUtil {
038    
039            public static String getSessionExpirationRedirectURL(
040                    long companyId, String sessionExpirationRedirectURL) {
041    
042                    if (PrefsPropsUtil.getBoolean(
043                                    companyId, PropsKeys.CAS_AUTH_ENABLED,
044                                    PropsValues.CAS_AUTH_ENABLED) &&
045                            PropsValues.CAS_LOGOUT_ON_SESSION_EXPIRATION) {
046    
047                            return PrefsPropsUtil.getString(
048                                    companyId, PropsKeys.CAS_LOGOUT_URL,
049                                    PropsValues.CAS_LOGOUT_URL);
050                    }
051                    else if (PrefsPropsUtil.getBoolean(
052                                            companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
053                                            PropsValues.OPEN_SSO_AUTH_ENABLED) &&
054                                     PropsValues.OPEN_SSO_LOGOUT_ON_SESSION_EXPIRATION) {
055    
056                            return PrefsPropsUtil.getString(
057                                    companyId, PropsKeys.OPEN_SSO_LOGOUT_URL,
058                                    PropsValues.OPEN_SSO_LOGOUT_URL);
059                    }
060    
061                    return sessionExpirationRedirectURL;
062            }
063    
064            public static String getSignInURL(long companyId, String signInURL) {
065                    if (PrefsPropsUtil.getBoolean(
066                                    companyId, PropsKeys.CAS_AUTH_ENABLED,
067                                    PropsValues.CAS_AUTH_ENABLED) ||
068                            PrefsPropsUtil.getBoolean(
069                                    companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
070                                    PropsValues.OPEN_SSO_AUTH_ENABLED)) {
071    
072                            return signInURL;
073                    }
074    
075                    return null;
076            }
077    
078            public static boolean isAccessAllowed(
079                    HttpServletRequest request, Set<String> hostsAllowed) {
080    
081                    if (hostsAllowed.isEmpty()) {
082                            return true;
083                    }
084    
085                    String remoteAddr = request.getRemoteAddr();
086    
087                    if (hostsAllowed.contains(remoteAddr)) {
088                            return true;
089                    }
090    
091                    String computerAddress = PortalUtil.getComputerAddress();
092    
093                    if (computerAddress.equals(remoteAddr) &&
094                            hostsAllowed.contains(_SERVER_IP)) {
095    
096                            return true;
097                    }
098    
099                    return false;
100            }
101    
102            public static boolean isLoginRedirectRequired(long companyId) {
103                    if (PrefsPropsUtil.getBoolean(
104                                    companyId, PropsKeys.CAS_AUTH_ENABLED,
105                                    PropsValues.CAS_AUTH_ENABLED) ||
106                            PrefsPropsUtil.getBoolean(
107                                    companyId, PropsKeys.LOGIN_DIALOG_DISABLED,
108                                    PropsValues.LOGIN_DIALOG_DISABLED) ||
109                            PrefsPropsUtil.getBoolean(
110                                    companyId, PropsKeys.NTLM_AUTH_ENABLED,
111                                    PropsValues.NTLM_AUTH_ENABLED) ||
112                            PrefsPropsUtil.getBoolean(
113                                    companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
114                                    PropsValues.OPEN_SSO_AUTH_ENABLED)) {
115    
116                            return true;
117                    }
118    
119                    return false;
120            }
121    
122            public static boolean isRedirectRequired(long companyId) {
123                    if (PrefsPropsUtil.getBoolean(
124                                    companyId, PropsKeys.CAS_AUTH_ENABLED,
125                                    PropsValues.CAS_AUTH_ENABLED)) {
126    
127                            return true;
128                    }
129    
130                    return false;
131            }
132    
133            public static boolean isSessionRedirectOnExpire(long companyId) {
134                    boolean sessionRedirectOnExpire =
135                            PropsValues.SESSION_TIMEOUT_REDIRECT_ON_EXPIRE;
136    
137                    if (PrefsPropsUtil.getBoolean(
138                                    companyId, PropsKeys.CAS_AUTH_ENABLED,
139                                    PropsValues.CAS_AUTH_ENABLED) &&
140                            PropsValues.CAS_LOGOUT_ON_SESSION_EXPIRATION) {
141    
142                            sessionRedirectOnExpire = true;
143                    }
144                    else if (PrefsPropsUtil.getBoolean(
145                                            companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
146                                            PropsValues.OPEN_SSO_AUTH_ENABLED) &&
147                                     PropsValues.OPEN_SSO_LOGOUT_ON_SESSION_EXPIRATION) {
148    
149                            sessionRedirectOnExpire = true;
150                    }
151    
152                    return sessionRedirectOnExpire;
153            }
154    
155            private SSOUtil() {
156                    Registry registry = RegistryUtil.getRegistry();
157    
158                    _serviceTracker = registry.trackServices(
159                            SSO.class, new SSOServiceTrackerCustomizer());
160    
161                    _serviceTracker.open();
162            }
163    
164            private String _getSessionExpirationRedirectUrl() {
165                    for (SSO sso : _ssoMap.values()) {
166                            String sessionExpirationRedirectUrl =
167                                    sso.getSessionExpirationRedirectUrl();
168    
169                            if (sessionExpirationRedirectUrl != null) {
170                                    return sessionExpirationRedirectUrl;
171                            }
172                    }
173    
174                    return null;
175            }
176    
177            private String _getSignInUrl() {
178                    for (SSO sso : _ssoMap.values()) {
179                            String signInURL = sso.getSignInURL();
180    
181                            if (signInURL != null) {
182                                    return signInURL;
183                            }
184                    }
185    
186                    return null;
187            }
188    
189            private boolean _isLoginRedirectRequired() {
190                    for (SSO sso : _ssoMap.values()) {
191                            if (sso.isLoginRedirectRequired()) {
192                                    return true;
193                            }
194                    }
195    
196                    return false;
197            }
198    
199            private boolean _isRedirectRequired() {
200                    for (SSO sso : _ssoMap.values()) {
201                            if (sso.isRedirectRequired()) {
202                                    return true;
203                            }
204                    }
205    
206                    return false;
207            }
208    
209            private boolean _isSessionRedirectOnExpire() {
210                    for (SSO sso : _ssoMap.values()) {
211                            if (sso.isSessionRedirectOnExpire()) {
212                                    return true;
213                            }
214                    }
215    
216                    return false;
217            }
218    
219            private static final String _SERVER_IP = "SERVER_IP";
220    
221            private static final SSOUtil _instance = new SSOUtil();
222    
223            private final ServiceTracker<SSO, SSO> _serviceTracker;
224            private final Map<ServiceReference<SSO>, SSO> _ssoMap =
225                    new ConcurrentSkipListMap<>(Collections.reverseOrder());
226    
227            private class SSOServiceTrackerCustomizer
228                    implements ServiceTrackerCustomizer<SSO, SSO> {
229    
230                    @Override
231                    public SSO addingService(ServiceReference<SSO> serviceReference) {
232                            Registry registry = RegistryUtil.getRegistry();
233    
234                            SSO sso = registry.getService(serviceReference);
235    
236                            _ssoMap.put(serviceReference, sso);
237    
238                            return sso;
239                    }
240    
241                    @Override
242                    public void modifiedService(
243                            ServiceReference<SSO> serviceReference, SSO sso) {
244                    }
245    
246                    @Override
247                    public void removedService(
248                            ServiceReference<SSO> serviceReference, SSO sso) {
249    
250                            Registry registry = RegistryUtil.getRegistry();
251    
252                            registry.ungetService(serviceReference);
253    
254                            _ssoMap.remove(serviceReference);
255                    }
256    
257            }
258    
259    }