001/* 002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 */ 019 020package org.nuxeo.ecm.platform.shibboleth.service; 021 022import static org.apache.commons.lang.StringUtils.isNotEmpty; 023 024import java.io.UnsupportedEncodingException; 025import java.util.HashMap; 026import java.util.Map; 027 028import javax.servlet.http.HttpServletRequest; 029 030import org.nuxeo.common.utils.URIUtils; 031import org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants; 032import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper; 033import org.nuxeo.runtime.model.ComponentInstance; 034import org.nuxeo.runtime.model.DefaultComponent; 035 036public class ShibbolethAuthenticationServiceImpl extends DefaultComponent implements ShibbolethAuthenticationService { 037 038 public static final String CONFIG_EP = "config"; 039 040 protected ShibbolethAuthenticationConfig config; 041 042 @Override 043 public void registerContribution(Object contribution, String extensionPoint, ComponentInstance contributor) { 044 if (CONFIG_EP.equals(extensionPoint)) { 045 config = (ShibbolethAuthenticationConfig) contribution; 046 } 047 } 048 049 public ShibbolethAuthenticationConfig getConfig() { 050 return config; 051 } 052 053 @Override 054 public String getLoginURL(String redirectURL) { 055 if (config == null || config.getLoginURL() == null) { 056 return null; 057 } 058 059 Map<String, String> urlParameters = new HashMap<String, String>(1); 060 urlParameters.put(config.getLoginRedirectURLParameter(), redirectURL); 061 return URIUtils.addParametersToURIQuery(config.getLoginURL(), urlParameters); 062 } 063 064 @Override 065 public String getLogoutURL(String redirectURL) { 066 if (config == null || config.getLogoutURL() == null) { 067 return null; 068 } 069 070 Map<String, String> urlParameters = new HashMap<String, String>(1); 071 urlParameters.put(config.getLogoutRedirectURLParameter(), redirectURL); 072 return URIUtils.addParametersToURIQuery(config.getLogoutURL(), urlParameters); 073 } 074 075 protected static String getRedirectUrl(HttpServletRequest request) { 076 String redirectURL = VirtualHostHelper.getBaseURL(request); 077 if (request.getAttribute(NXAuthConstants.REQUESTED_URL) != null) { 078 redirectURL += request.getAttribute(NXAuthConstants.REQUESTED_URL); 079 } else if (request.getParameter(NXAuthConstants.REQUESTED_URL) != null) { 080 redirectURL += request.getParameter(NXAuthConstants.REQUESTED_URL); 081 } else { 082 redirectURL = request.getRequestURL().toString(); 083 String queryString = request.getQueryString(); 084 if (queryString != null) { 085 redirectURL += '?' + queryString; 086 } 087 } 088 return redirectURL; 089 } 090 091 @Override 092 public String getLoginURL(HttpServletRequest request) { 093 return getLoginURL(getRedirectUrl(request)); 094 } 095 096 @Override 097 public String getLogoutURL(HttpServletRequest request) { 098 return getLogoutURL(getRedirectUrl(request)); 099 } 100 101 @Override 102 public String getUserID(HttpServletRequest httpRequest) { 103 String idpUrl = httpRequest.getHeader(config.getIdpHeader()); 104 String uidHeader = config.getUidHeaders().get(idpUrl); 105 if (uidHeader == null || readHeader(httpRequest, uidHeader) == null 106 || readHeader(httpRequest, uidHeader).isEmpty()) { 107 uidHeader = config.getDefaultUidHeader(); 108 } 109 return readHeader(httpRequest, uidHeader); 110 } 111 112 @Override 113 public Map<String, Object> getUserMetadata(String userIdField, HttpServletRequest httpRequest) { 114 Map<String, Object> fieldMap = new HashMap<String, Object>(config.fieldMapping.size()); 115 for (String key : config.getFieldMapping().keySet()) { 116 fieldMap.put(config.getFieldMapping().get(key), readHeader(httpRequest, key)); 117 } 118 // Force userIdField to shibb userId value in case of the IdP do 119 // not use the same mapping as the default's one. 120 fieldMap.put(userIdField, getUserID(httpRequest)); 121 return fieldMap; 122 } 123 124 protected String readHeader(HttpServletRequest request, String key) { 125 String value = request.getHeader(key); 126 if (isNotEmpty(value) && isNotEmpty(config.getHeaderEncoding())) { 127 try { 128 value = new String(value.getBytes("ISO-8859-1"), config.getHeaderEncoding()); 129 } catch (UnsupportedEncodingException ignored) { 130 // Nothing 131 } 132 } 133 return value; 134 } 135}