001/* 002 * (C) Copyright 2010 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * Contributors: 014 * Nuxeo - initial API and implementation 015 */ 016 017package org.nuxeo.ecm.platform.shibboleth.auth.exceptionhandling; 018 019import java.io.IOException; 020 021import javax.faces.context.FacesContext; 022import javax.servlet.ServletException; 023import javax.servlet.http.HttpServletRequest; 024import javax.servlet.http.HttpServletResponse; 025 026import org.apache.commons.logging.Log; 027import org.apache.commons.logging.LogFactory; 028import org.jboss.seam.web.Session; 029import org.nuxeo.ecm.platform.shibboleth.service.ShibbolethAuthenticationService; 030import org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants; 031import org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoSecurityExceptionHandler; 032import org.nuxeo.runtime.api.Framework; 033 034/** 035 * @author <a href="mailto:troger@nuxeo.com">Thomas Roger</a> 036 */ 037public class ShibbolethSecurityExceptionHandler extends NuxeoSecurityExceptionHandler { 038 039 private static final Log log = LogFactory.getLog(ShibbolethSecurityExceptionHandler.class); 040 041 @Override 042 protected boolean handleAnonymousException(HttpServletRequest request, HttpServletResponse response) 043 throws IOException, ServletException { 044 if (getService() == null) { 045 return false; 046 } 047 String loginURL = getService().getLoginURL(request); 048 if (loginURL == null) { 049 log.error("Unable to handle Shibboleth login, no loginURL registered"); 050 return false; 051 } 052 try { 053 if (!response.isCommitted()) { 054 request.setAttribute(NXAuthConstants.DISABLE_REDIRECT_REQUEST_KEY, true); 055 Session.instance().invalidate(); 056 response.sendRedirect(loginURL); 057 FacesContext fContext = FacesContext.getCurrentInstance(); 058 if (fContext != null) { 059 fContext.responseComplete(); 060 } else { 061 log.error("Cannot set response complete: faces context is null"); 062 } 063 } else { 064 log.error("Cannot redirect to login page: response is already commited"); 065 } 066 } catch (IOException e) { 067 String errorMessage = String.format("Unable to handle Shibboleth login on %s", loginURL); 068 log.error(errorMessage, e); 069 } 070 return true; 071 } 072 073 protected ShibbolethAuthenticationService getService() { 074 return Framework.getService(ShibbolethAuthenticationService.class); 075 } 076 077}