Source code

001/*
002 * (C) Copyright 2010 Nuxeo SAS (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 * Contributors:
014 *     Nuxeo - initial API and implementation
015 */
016
017package org.nuxeo.ecm.platform.shibboleth.auth.exceptionhandling;
018
019import java.io.IOException;
020
021import javax.faces.context.FacesContext;
022import javax.servlet.ServletException;
023import javax.servlet.http.HttpServletRequest;
024import javax.servlet.http.HttpServletResponse;
025
026import org.apache.commons.logging.Log;
027import org.apache.commons.logging.LogFactory;
028import org.jboss.seam.web.Session;
029import org.nuxeo.ecm.platform.shibboleth.service.ShibbolethAuthenticationService;
030import org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants;
031import org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoSecurityExceptionHandler;
032import org.nuxeo.runtime.api.Framework;
033
034/**
035 * @author <a href="mailto:troger@nuxeo.com">Thomas Roger</a>
036 */
037public class ShibbolethSecurityExceptionHandler extends NuxeoSecurityExceptionHandler {
038
039    private static final Log log = LogFactory.getLog(ShibbolethSecurityExceptionHandler.class);
040
041    @Override
042    protected boolean handleAnonymousException(HttpServletRequest request, HttpServletResponse response)
043            throws IOException, ServletException {
044        if (getService() == null) {
045            return false;
046        }
047        String loginURL = getService().getLoginURL(request);
048        if (loginURL == null) {
049            log.error("Unable to handle Shibboleth login, no loginURL registered");
050            return false;
051        }
052        try {
053            if (!response.isCommitted()) {
054                request.setAttribute(NXAuthConstants.DISABLE_REDIRECT_REQUEST_KEY, true);
055                Session.instance().invalidate();
056                response.sendRedirect(loginURL);
057                FacesContext fContext = FacesContext.getCurrentInstance();
058                if (fContext != null) {
059                    fContext.responseComplete();
060                } else {
061                    log.error("Cannot set response complete: faces context is null");
062                }
063            } else {
064                log.error("Cannot redirect to login page: response is already commited");
065            }
066        } catch (IOException e) {
067            String errorMessage = String.format("Unable to handle Shibboleth login on %s", loginURL);
068            log.error(errorMessage, e);
069        }
070        return true;
071    }
072
073    protected ShibbolethAuthenticationService getService() {
074        return Framework.getService(ShibbolethAuthenticationService.class);
075    }
076
077}