001/*
002 * (C) Copyright 2012 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Thierry Martins
018 */
019package org.nuxeo.ecm.platform.web.common.external;
020
021import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.REQUESTED_URL;
022
023import java.io.IOException;
024import java.io.UnsupportedEncodingException;
025import java.net.URLDecoder;
026
027import javax.servlet.Filter;
028import javax.servlet.FilterChain;
029import javax.servlet.FilterConfig;
030import javax.servlet.ServletException;
031import javax.servlet.ServletRequest;
032import javax.servlet.ServletResponse;
033import javax.servlet.http.HttpServletRequest;
034import javax.servlet.http.HttpServletResponse;
035import javax.servlet.http.HttpSession;
036
037import org.apache.commons.logging.Log;
038import org.apache.commons.logging.LogFactory;
039import org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants;
040import org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService;
041import org.nuxeo.runtime.api.Framework;
042
043/**
044 * Filter that checks if the current request was called from an external tool (MS Office for instance)
045 * <p/>
046 * Then if a session was already opened in user browser, it automatically redirects to the requested URL
047 *
048 * @author Thierry Martins
049 * @since 5.6
050 */
051public class ExternalRequestFilter implements Filter {
052
053    private static final Log log = LogFactory.getLog(ExternalRequestFilter.class);
054
055    @Override
056    public void init(FilterConfig filterConfig) throws ServletException {
057    }
058
059    @Override
060    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
061            ServletException {
062
063        HttpServletRequest httpRequest = (HttpServletRequest) request;
064
065        /*
066         * Check if login page was accessed after a redirection and if a Nuxeo session has been started
067         */
068        if (request != null && httpRequest.getParameter(NXAuthConstants.REQUESTED_URL) != null) {
069            HttpSession httpSession = httpRequest.getSession(false);
070            if (httpSession != null && httpSession.getAttribute(NXAuthConstants.USERIDENT_KEY) != null) {
071
072                log.debug("Detect redirection while an active session is running");
073
074                String requestedUrl = httpRequest.getParameter(REQUESTED_URL);
075                if (requestedUrl != null && !"".equals(requestedUrl)) {
076                    try {
077                        requestedUrl = URLDecoder.decode(requestedUrl, "UTF-8");
078                    } catch (UnsupportedEncodingException e) {
079                        log.error("Unable to get the requestedUrl parameter" + e);
080                    }
081                }
082
083                if (requestedUrl != null) {
084                    PluggableAuthenticationService service = (PluggableAuthenticationService) Framework.getRuntime().getComponent(
085                            PluggableAuthenticationService.NAME);
086                    String baseURL = service.getBaseURL(request);
087                    HttpServletResponse httpResponse = (HttpServletResponse) response;
088                    httpResponse.sendRedirect(baseURL + requestedUrl);
089                    return;
090                }
091            }
092        }
093
094        chain.doFilter(request, response);
095
096    }
097
098    @Override
099    public void destroy() {
100    }
101
102}