001/* 002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * Contributors: 016 * Nuxeo - initial API and implementation 017 */ 018 019package org.nuxeo.ecm.platform.shibboleth.auth.exceptionhandling; 020 021import java.io.IOException; 022 023import javax.faces.context.FacesContext; 024import javax.servlet.ServletException; 025import javax.servlet.http.HttpServletRequest; 026import javax.servlet.http.HttpServletResponse; 027 028import org.apache.commons.logging.Log; 029import org.apache.commons.logging.LogFactory; 030import org.jboss.seam.web.Session; 031import org.nuxeo.ecm.platform.shibboleth.service.ShibbolethAuthenticationService; 032import org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants; 033import org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoSecurityExceptionHandler; 034import org.nuxeo.runtime.api.Framework; 035 036/** 037 * @author <a href="mailto:troger@nuxeo.com">Thomas Roger</a> 038 */ 039public class ShibbolethSecurityExceptionHandler extends NuxeoSecurityExceptionHandler { 040 041 private static final Log log = LogFactory.getLog(ShibbolethSecurityExceptionHandler.class); 042 043 @Override 044 protected boolean handleAnonymousException(HttpServletRequest request, HttpServletResponse response) 045 throws IOException, ServletException { 046 if (getService() == null) { 047 return false; 048 } 049 String loginURL = getService().getLoginURL(request); 050 if (loginURL == null) { 051 log.error("Unable to handle Shibboleth login, no loginURL registered"); 052 return false; 053 } 054 try { 055 if (!response.isCommitted()) { 056 request.setAttribute(NXAuthConstants.DISABLE_REDIRECT_REQUEST_KEY, true); 057 Session.instance().invalidate(); 058 response.sendRedirect(loginURL); 059 FacesContext fContext = FacesContext.getCurrentInstance(); 060 if (fContext != null) { 061 fContext.responseComplete(); 062 } else { 063 log.error("Cannot set response complete: faces context is null"); 064 } 065 } else { 066 log.error("Cannot redirect to login page: response is already commited"); 067 } 068 } catch (IOException e) { 069 String errorMessage = String.format("Unable to handle Shibboleth login on %s", loginURL); 070 log.error(errorMessage, e); 071 } 072 return true; 073 } 074 075 protected ShibbolethAuthenticationService getService() { 076 return Framework.getService(ShibbolethAuthenticationService.class); 077 } 078 079}