001
014
015 package com.liferay.portal.security.sso;
016
017 import com.liferay.portal.kernel.security.sso.SSO;
018 import com.liferay.portal.kernel.util.PropsKeys;
019 import com.liferay.portal.util.PortalUtil;
020 import com.liferay.portal.util.PrefsPropsUtil;
021 import com.liferay.portal.util.PropsValues;
022 import com.liferay.registry.Registry;
023 import com.liferay.registry.RegistryUtil;
024 import com.liferay.registry.ServiceReference;
025 import com.liferay.registry.ServiceTracker;
026 import com.liferay.registry.ServiceTrackerCustomizer;
027
028 import java.util.Collections;
029 import java.util.Map;
030 import java.util.Set;
031 import java.util.concurrent.ConcurrentSkipListMap;
032
033 import javax.servlet.http.HttpServletRequest;
034
035
038 public class SSOUtil {
039
040 public static String getSessionExpirationRedirectURL(
041 long companyId, String sessionExpirationRedirectURL) {
042
043 if (_instance._ssoMap.isEmpty()) {
044 return sessionExpirationRedirectURL;
045 }
046
047 return _instance._getSessionExpirationRedirectUrl(companyId);
048 }
049
050 public static String getSignInURL(long companyId, String signInURL) {
051 if (_instance._ssoMap.isEmpty()) {
052 return null;
053 }
054
055 return _instance._getSignInUrl(companyId, signInURL);
056 }
057
058 public static boolean isAccessAllowed(
059 HttpServletRequest request, Set<String> hostsAllowed) {
060
061 if (hostsAllowed.isEmpty()) {
062 return true;
063 }
064
065 String remoteAddr = request.getRemoteAddr();
066
067 if (hostsAllowed.contains(remoteAddr)) {
068 return true;
069 }
070
071 String computerAddress = PortalUtil.getComputerAddress();
072
073 if (computerAddress.equals(remoteAddr) &&
074 hostsAllowed.contains(_SERVER_IP)) {
075
076 return true;
077 }
078
079 return false;
080 }
081
082 public static boolean isLoginRedirectRequired(long companyId) {
083 if (PrefsPropsUtil.getBoolean(
084 companyId, PropsKeys.LOGIN_DIALOG_DISABLED,
085 PropsValues.LOGIN_DIALOG_DISABLED)) {
086
087 return true;
088 }
089
090 if (_instance._ssoMap.isEmpty()) {
091 return false;
092 }
093
094 return _instance._isLoginRedirectRequired(companyId);
095 }
096
097 public static boolean isRedirectRequired(long companyId) {
098 if (_instance._ssoMap.isEmpty()) {
099 return false;
100 }
101
102 return _instance._isRedirectRequired(companyId);
103 }
104
105 public static boolean isSessionRedirectOnExpire(long companyId) {
106 boolean sessionRedirectOnExpire =
107 PropsValues.SESSION_TIMEOUT_REDIRECT_ON_EXPIRE;
108
109 if (_instance._ssoMap.isEmpty()) {
110 return sessionRedirectOnExpire;
111 }
112
113 if (PrefsPropsUtil.getBoolean(
114 companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
115 PropsValues.OPEN_SSO_AUTH_ENABLED) &&
116 PropsValues.OPEN_SSO_LOGOUT_ON_SESSION_EXPIRATION) {
117
118 return true;
119 }
120
121 return _instance._isSessionRedirectOnExpire(companyId);
122 }
123
124 private SSOUtil() {
125 Registry registry = RegistryUtil.getRegistry();
126
127 _serviceTracker = registry.trackServices(
128 SSO.class, new SSOServiceTrackerCustomizer());
129
130 _serviceTracker.open();
131 }
132
133 private String _getSessionExpirationRedirectUrl(long companyId) {
134 for (SSO sso : _ssoMap.values()) {
135 String sessionExpirationRedirectUrl =
136 sso.getSessionExpirationRedirectUrl(companyId);
137
138 if (sessionExpirationRedirectUrl != null) {
139 return sessionExpirationRedirectUrl;
140 }
141 }
142
143 return null;
144 }
145
146 private String _getSignInUrl(long companyId, String defaultSignInURL) {
147 for (SSO sso : _ssoMap.values()) {
148 String signInURL = sso.getSignInURL(companyId, defaultSignInURL);
149
150 if (signInURL != null) {
151 return signInURL;
152 }
153 }
154
155 return null;
156 }
157
158 private boolean _isLoginRedirectRequired(long companyId) {
159 for (SSO sso : _ssoMap.values()) {
160 if (sso.isLoginRedirectRequired(companyId)) {
161 return true;
162 }
163 }
164
165 return false;
166 }
167
168 private boolean _isRedirectRequired(long companyId) {
169 for (SSO sso : _ssoMap.values()) {
170 if (sso.isRedirectRequired(companyId)) {
171 return true;
172 }
173 }
174
175 return false;
176 }
177
178 private boolean _isSessionRedirectOnExpire(long companyId) {
179 for (SSO sso : _ssoMap.values()) {
180 if (sso.isSessionRedirectOnExpire(companyId)) {
181 return true;
182 }
183 }
184
185 return false;
186 }
187
188 private static final String _SERVER_IP = "SERVER_IP";
189
190 private static final SSOUtil _instance = new SSOUtil();
191
192 private final ServiceTracker<SSO, SSO> _serviceTracker;
193 private final Map<ServiceReference<SSO>, SSO> _ssoMap =
194 new ConcurrentSkipListMap<>(Collections.reverseOrder());
195
196 private class SSOServiceTrackerCustomizer
197 implements ServiceTrackerCustomizer<SSO, SSO> {
198
199 @Override
200 public SSO addingService(ServiceReference<SSO> serviceReference) {
201 Registry registry = RegistryUtil.getRegistry();
202
203 SSO sso = registry.getService(serviceReference);
204
205 _ssoMap.put(serviceReference, sso);
206
207 return sso;
208 }
209
210 @Override
211 public void modifiedService(
212 ServiceReference<SSO> serviceReference, SSO sso) {
213 }
214
215 @Override
216 public void removedService(
217 ServiceReference<SSO> serviceReference, SSO sso) {
218
219 Registry registry = RegistryUtil.getRegistry();
220
221 registry.ungetService(serviceReference);
222
223 _ssoMap.remove(serviceReference);
224 }
225
226 }
227
228 }