Source code

001/*
002 * (C) Copyright 2010 Nuxeo SAS (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Nuxeo - initial API and implementation
016 */
017
018package org.nuxeo.ecm.platform.ui.web.auth.cas2;
019
020import java.io.IOException;
021import java.security.Principal;
022
023import javax.faces.context.FacesContext;
024import javax.servlet.ServletException;
025import javax.servlet.http.Cookie;
026import javax.servlet.http.HttpServletRequest;
027import javax.servlet.http.HttpServletResponse;
028
029import org.nuxeo.ecm.core.api.NuxeoException;
030import org.nuxeo.ecm.core.api.NuxeoPrincipal;
031import org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants;
032import org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService;
033import org.nuxeo.ecm.platform.ui.web.rest.api.URLPolicyService;
034import org.nuxeo.ecm.platform.url.api.DocumentView;
035import org.nuxeo.ecm.platform.web.common.exceptionhandling.DefaultNuxeoExceptionHandler;
036import org.nuxeo.ecm.platform.web.common.exceptionhandling.ExceptionHelper;
037import org.nuxeo.runtime.api.Framework;
038
039import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.SSO_INITIAL_URL_REQUEST_KEY;
040
041public class SecurityExceptionHandler extends DefaultNuxeoExceptionHandler {
042
043    public static final String CAS_REDIRECTION_URL = "/cas2.jsp";
044
045    public static final String COOKIE_NAME_LOGOUT_URL = "cookie.name.logout.url";
046
047    Cas2Authenticator cas2Authenticator;
048
049    public SecurityExceptionHandler() {
050    }
051
052    @Override
053    public void handleException(HttpServletRequest request, HttpServletResponse response, Throwable t)
054            throws IOException, ServletException {
055
056        if (response.containsHeader("Cache-Control")) {
057            response.setHeader("Cache-Control", "no-cache");
058        }
059
060        Throwable unwrappedException = unwrapException(t);
061
062        if (!ExceptionHelper.isSecurityError(unwrappedException)
063                && !response.containsHeader(SSO_INITIAL_URL_REQUEST_KEY)) {
064            super.handleException(request, response, t);
065            return;
066        }
067
068        Principal principal = request.getUserPrincipal();
069        NuxeoPrincipal nuxeoPrincipal = null;
070        if (principal instanceof NuxeoPrincipal) {
071            nuxeoPrincipal = (NuxeoPrincipal) principal;
072            // redirect to login than to requested page
073            if (nuxeoPrincipal.isAnonymous()) {
074                response.resetBuffer();
075
076                String urlToReach = getURLToReach(request);
077                Cookie cookieUrlToReach = new Cookie(NXAuthConstants.SSO_INITIAL_URL_REQUEST_KEY, urlToReach);
078                cookieUrlToReach.setPath("/");
079                cookieUrlToReach.setMaxAge(60);
080                response.addCookie(cookieUrlToReach);
081
082                if (!response.isCommitted()) {
083                    request.getRequestDispatcher(CAS_REDIRECTION_URL).forward(request, response);
084                }
085                FacesContext.getCurrentInstance().responseComplete();
086                return;
087            }
088        }
089        // go back to default handler
090        super.handleException(request, response, t);
091    }
092
093    protected Cas2Authenticator getCasAuthenticator() {
094        if (cas2Authenticator != null) {
095            return cas2Authenticator;
096        }
097
098        PluggableAuthenticationService service = (PluggableAuthenticationService) Framework.getRuntime().getComponent(
099                PluggableAuthenticationService.NAME);
100        if (service == null) {
101            throw new NuxeoException("Can't initialize Nuxeo Pluggable Authentication Service");
102        }
103
104        cas2Authenticator = (Cas2Authenticator) service.getPlugin("CAS2_AUTH");
105
106        if (cas2Authenticator == null) {
107            throw new NuxeoException("Can't get CAS authenticator");
108        }
109        return cas2Authenticator;
110    }
111
112    protected String getURLToReach(HttpServletRequest request) {
113        DocumentView docView = (DocumentView) request.getAttribute(URLPolicyService.DOCUMENT_VIEW_REQUEST_KEY);
114
115        if (docView != null) {
116            String urlToReach = getURLPolicyService().getUrlFromDocumentView(docView, "");
117
118            if (urlToReach != null) {
119                return urlToReach;
120            }
121        }
122        return request.getRequestURL().toString() + "?" + request.getQueryString();
123    }
124
125    protected URLPolicyService getURLPolicyService() {
126        return Framework.getService(URLPolicyService.class);
127    }
128
129}