Source code

001/*
002 * (C) Copyright 2010-2016 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 */
019package org.nuxeo.ecm.platform.ui.web.auth.cas2;
020
021import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGINCONTEXT_KEY;
022import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.SSO_INITIAL_URL_REQUEST_KEY;
023
024import java.io.IOException;
025import java.security.Principal;
026import java.util.Set;
027
028import javax.security.auth.Subject;
029import javax.security.auth.login.LoginContext;
030import javax.servlet.ServletException;
031import javax.servlet.http.Cookie;
032import javax.servlet.http.HttpServletRequest;
033import javax.servlet.http.HttpServletResponse;
034
035import org.nuxeo.ecm.core.api.NuxeoException;
036import org.nuxeo.ecm.core.api.NuxeoPrincipal;
037import org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants;
038import org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService;
039import org.nuxeo.ecm.platform.ui.web.rest.api.URLPolicyService;
040import org.nuxeo.ecm.platform.url.api.DocumentView;
041import org.nuxeo.ecm.platform.web.common.exceptionhandling.DefaultNuxeoExceptionHandler;
042import org.nuxeo.ecm.platform.web.common.exceptionhandling.ExceptionHelper;
043import org.nuxeo.runtime.api.Framework;
044
045public class SecurityExceptionHandler extends DefaultNuxeoExceptionHandler {
046
047    public static final String CAS_REDIRECTION_URL = "/cas2.jsp";
048
049    public static final String COOKIE_NAME_LOGOUT_URL = "cookie.name.logout.url";
050
051    Cas2Authenticator cas2Authenticator;
052
053    public SecurityExceptionHandler() {
054    }
055
056    @Override
057    public void handleException(HttpServletRequest request, HttpServletResponse response, Throwable t)
058            throws IOException, ServletException {
059
060        if (response.containsHeader("Cache-Control")) {
061            response.setHeader("Cache-Control", "no-cache");
062        }
063
064        Throwable unwrappedException = ExceptionHelper.unwrapException(t);
065
066        if (!ExceptionHelper.isSecurityError(unwrappedException)
067                && !response.containsHeader(SSO_INITIAL_URL_REQUEST_KEY)) {
068            super.handleException(request, response, t);
069            return;
070        }
071
072        Principal principal = request.getUserPrincipal();
073        if (principal == null) {
074            LoginContext loginContext = (LoginContext) request.getAttribute(LOGINCONTEXT_KEY);
075            Subject subject = loginContext.getSubject();
076            if (subject != null) {
077                Set<Principal> principals = subject.getPrincipals();
078                if (principals != null && !principals.isEmpty()) {
079                    principal = (Principal) principals.toArray()[0];
080                }
081            }
082        }
083        if (principal instanceof NuxeoPrincipal) {
084            NuxeoPrincipal nuxeoPrincipal = (NuxeoPrincipal) principal;
085            // redirect to login than to requested page
086            if (nuxeoPrincipal.isAnonymous()) {
087                response.resetBuffer();
088
089                String urlToReach = getURLToReach(request);
090                Cookie cookieUrlToReach = new Cookie(NXAuthConstants.SSO_INITIAL_URL_REQUEST_KEY, urlToReach);
091                cookieUrlToReach.setPath("/");
092                cookieUrlToReach.setMaxAge(60);
093                response.addCookie(cookieUrlToReach);
094
095                if (!response.isCommitted()) {
096                    request.getRequestDispatcher(CAS_REDIRECTION_URL).forward(request, response);
097                }
098                parameters.getListener().responseComplete();
099                return;
100            }
101        }
102        // go back to default handler
103        super.handleException(request, response, t);
104    }
105
106    protected Cas2Authenticator getCasAuthenticator() {
107        if (cas2Authenticator != null) {
108            return cas2Authenticator;
109        }
110
111        PluggableAuthenticationService service = (PluggableAuthenticationService) Framework.getRuntime().getComponent(
112                PluggableAuthenticationService.NAME);
113        if (service == null) {
114            throw new NuxeoException("Can't initialize Nuxeo Pluggable Authentication Service");
115        }
116
117        cas2Authenticator = (Cas2Authenticator) service.getPlugin("CAS2_AUTH");
118
119        if (cas2Authenticator == null) {
120            throw new NuxeoException("Can't get CAS authenticator");
121        }
122        return cas2Authenticator;
123    }
124
125    protected String getURLToReach(HttpServletRequest request) {
126        DocumentView docView = (DocumentView) request.getAttribute(URLPolicyService.DOCUMENT_VIEW_REQUEST_KEY);
127
128        if (docView != null) {
129            String urlToReach = getURLPolicyService().getUrlFromDocumentView(docView, "");
130
131            if (urlToReach != null) {
132                return urlToReach;
133            }
134        }
135        return request.getRequestURL().toString() + "?" + request.getQueryString();
136    }
137
138    protected URLPolicyService getURLPolicyService() {
139        return Framework.getService(URLPolicyService.class);
140    }
141
142}