001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.sso;
016    
017    import com.liferay.portal.kernel.security.sso.SSO;
018    import com.liferay.portal.kernel.util.PropsKeys;
019    import com.liferay.portal.util.PortalUtil;
020    import com.liferay.portal.util.PrefsPropsUtil;
021    import com.liferay.portal.util.PropsValues;
022    import com.liferay.registry.Registry;
023    import com.liferay.registry.RegistryUtil;
024    import com.liferay.registry.ServiceReference;
025    import com.liferay.registry.ServiceTracker;
026    import com.liferay.registry.ServiceTrackerCustomizer;
027    
028    import java.util.Collections;
029    import java.util.Map;
030    import java.util.Set;
031    import java.util.concurrent.ConcurrentSkipListMap;
032    
033    import javax.servlet.http.HttpServletRequest;
034    
035    /**
036     * @author Raymond Aug??
037     */
038    public class SSOUtil {
039    
040            public static String getSessionExpirationRedirectURL(
041                    long companyId, String sessionExpirationRedirectURL) {
042    
043                    if (_instance._ssoMap.isEmpty()) {
044                            return sessionExpirationRedirectURL;
045                    }
046    
047                    return _instance._getSessionExpirationRedirectUrl(companyId);
048            }
049    
050            public static String getSignInURL(long companyId, String signInURL) {
051                    if (_instance._ssoMap.isEmpty()) {
052                            return null;
053                    }
054    
055                    return _instance._getSignInUrl(companyId, signInURL);
056            }
057    
058            public static boolean isAccessAllowed(
059                    HttpServletRequest request, Set<String> hostsAllowed) {
060    
061                    if (hostsAllowed.isEmpty()) {
062                            return true;
063                    }
064    
065                    String remoteAddr = request.getRemoteAddr();
066    
067                    if (hostsAllowed.contains(remoteAddr)) {
068                            return true;
069                    }
070    
071                    String computerAddress = PortalUtil.getComputerAddress();
072    
073                    if (computerAddress.equals(remoteAddr) &&
074                            hostsAllowed.contains(_SERVER_IP)) {
075    
076                            return true;
077                    }
078    
079                    return false;
080            }
081    
082            public static boolean isLoginRedirectRequired(long companyId) {
083                    if (PrefsPropsUtil.getBoolean(
084                                    companyId, PropsKeys.LOGIN_DIALOG_DISABLED,
085                                    PropsValues.LOGIN_DIALOG_DISABLED)) {
086    
087                            return true;
088                    }
089    
090                    if (_instance._ssoMap.isEmpty()) {
091                            return false;
092                    }
093    
094                    return _instance._isLoginRedirectRequired(companyId);
095            }
096    
097            public static boolean isRedirectRequired(long companyId) {
098                    if (_instance._ssoMap.isEmpty()) {
099                            return false;
100                    }
101    
102                    return _instance._isRedirectRequired(companyId);
103            }
104    
105            public static boolean isSessionRedirectOnExpire(long companyId) {
106                    boolean sessionRedirectOnExpire =
107                            PropsValues.SESSION_TIMEOUT_REDIRECT_ON_EXPIRE;
108    
109                    if (_instance._ssoMap.isEmpty()) {
110                            return sessionRedirectOnExpire;
111                    }
112    
113                    if (PrefsPropsUtil.getBoolean(
114                                    companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
115                                    PropsValues.OPEN_SSO_AUTH_ENABLED) &&
116                            PropsValues.OPEN_SSO_LOGOUT_ON_SESSION_EXPIRATION) {
117    
118                            return true;
119                    }
120    
121                    return _instance._isSessionRedirectOnExpire(companyId);
122            }
123    
124            private SSOUtil() {
125                    Registry registry = RegistryUtil.getRegistry();
126    
127                    _serviceTracker = registry.trackServices(
128                            SSO.class, new SSOServiceTrackerCustomizer());
129    
130                    _serviceTracker.open();
131            }
132    
133            private String _getSessionExpirationRedirectUrl(long companyId) {
134                    for (SSO sso : _ssoMap.values()) {
135                            String sessionExpirationRedirectUrl =
136                                    sso.getSessionExpirationRedirectUrl(companyId);
137    
138                            if (sessionExpirationRedirectUrl != null) {
139                                    return sessionExpirationRedirectUrl;
140                            }
141                    }
142    
143                    return null;
144            }
145    
146            private String _getSignInUrl(long companyId, String defaultSignInURL) {
147                    for (SSO sso : _ssoMap.values()) {
148                            String signInURL = sso.getSignInURL(companyId, defaultSignInURL);
149    
150                            if (signInURL != null) {
151                                    return signInURL;
152                            }
153                    }
154    
155                    return null;
156            }
157    
158            private boolean _isLoginRedirectRequired(long companyId) {
159                    for (SSO sso : _ssoMap.values()) {
160                            if (sso.isLoginRedirectRequired(companyId)) {
161                                    return true;
162                            }
163                    }
164    
165                    return false;
166            }
167    
168            private boolean _isRedirectRequired(long companyId) {
169                    for (SSO sso : _ssoMap.values()) {
170                            if (sso.isRedirectRequired(companyId)) {
171                                    return true;
172                            }
173                    }
174    
175                    return false;
176            }
177    
178            private boolean _isSessionRedirectOnExpire(long companyId) {
179                    for (SSO sso : _ssoMap.values()) {
180                            if (sso.isSessionRedirectOnExpire(companyId)) {
181                                    return true;
182                            }
183                    }
184    
185                    return false;
186            }
187    
188            private static final String _SERVER_IP = "SERVER_IP";
189    
190            private static final SSOUtil _instance = new SSOUtil();
191    
192            private final ServiceTracker<SSO, SSO> _serviceTracker;
193            private final Map<ServiceReference<SSO>, SSO> _ssoMap =
194                    new ConcurrentSkipListMap<>(Collections.reverseOrder());
195    
196            private class SSOServiceTrackerCustomizer
197                    implements ServiceTrackerCustomizer<SSO, SSO> {
198    
199                    @Override
200                    public SSO addingService(ServiceReference<SSO> serviceReference) {
201                            Registry registry = RegistryUtil.getRegistry();
202    
203                            SSO sso = registry.getService(serviceReference);
204    
205                            _ssoMap.put(serviceReference, sso);
206    
207                            return sso;
208                    }
209    
210                    @Override
211                    public void modifiedService(
212                            ServiceReference<SSO> serviceReference, SSO sso) {
213                    }
214    
215                    @Override
216                    public void removedService(
217                            ServiceReference<SSO> serviceReference, SSO sso) {
218    
219                            Registry registry = RegistryUtil.getRegistry();
220    
221                            registry.ungetService(serviceReference);
222    
223                            _ssoMap.remove(serviceReference);
224                    }
225    
226            }
227    
228    }