Source code

001/*
002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 */
019
020package org.nuxeo.ecm.platform.ui.web.auth.cas2;
021
022import java.io.IOException;
023import java.security.Principal;
024
025import javax.faces.context.FacesContext;
026import javax.servlet.ServletException;
027import javax.servlet.http.Cookie;
028import javax.servlet.http.HttpServletRequest;
029import javax.servlet.http.HttpServletResponse;
030
031import org.nuxeo.ecm.core.api.NuxeoException;
032import org.nuxeo.ecm.core.api.NuxeoPrincipal;
033import org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants;
034import org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService;
035import org.nuxeo.ecm.platform.ui.web.rest.api.URLPolicyService;
036import org.nuxeo.ecm.platform.url.api.DocumentView;
037import org.nuxeo.ecm.platform.web.common.exceptionhandling.DefaultNuxeoExceptionHandler;
038import org.nuxeo.ecm.platform.web.common.exceptionhandling.ExceptionHelper;
039import org.nuxeo.runtime.api.Framework;
040
041import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.SSO_INITIAL_URL_REQUEST_KEY;
042
043public class SecurityExceptionHandler extends DefaultNuxeoExceptionHandler {
044
045    public static final String CAS_REDIRECTION_URL = "/cas2.jsp";
046
047    public static final String COOKIE_NAME_LOGOUT_URL = "cookie.name.logout.url";
048
049    Cas2Authenticator cas2Authenticator;
050
051    public SecurityExceptionHandler() {
052    }
053
054    @Override
055    public void handleException(HttpServletRequest request, HttpServletResponse response, Throwable t)
056            throws IOException, ServletException {
057
058        if (response.containsHeader("Cache-Control")) {
059            response.setHeader("Cache-Control", "no-cache");
060        }
061
062        Throwable unwrappedException = unwrapException(t);
063
064        if (!ExceptionHelper.isSecurityError(unwrappedException)
065                && !response.containsHeader(SSO_INITIAL_URL_REQUEST_KEY)) {
066            super.handleException(request, response, t);
067            return;
068        }
069
070        Principal principal = request.getUserPrincipal();
071        NuxeoPrincipal nuxeoPrincipal = null;
072        if (principal instanceof NuxeoPrincipal) {
073            nuxeoPrincipal = (NuxeoPrincipal) principal;
074            // redirect to login than to requested page
075            if (nuxeoPrincipal.isAnonymous()) {
076                response.resetBuffer();
077
078                String urlToReach = getURLToReach(request);
079                Cookie cookieUrlToReach = new Cookie(NXAuthConstants.SSO_INITIAL_URL_REQUEST_KEY, urlToReach);
080                cookieUrlToReach.setPath("/");
081                cookieUrlToReach.setMaxAge(60);
082                response.addCookie(cookieUrlToReach);
083
084                if (!response.isCommitted()) {
085                    request.getRequestDispatcher(CAS_REDIRECTION_URL).forward(request, response);
086                }
087                FacesContext.getCurrentInstance().responseComplete();
088                return;
089            }
090        }
091        // go back to default handler
092        super.handleException(request, response, t);
093    }
094
095    protected Cas2Authenticator getCasAuthenticator() {
096        if (cas2Authenticator != null) {
097            return cas2Authenticator;
098        }
099
100        PluggableAuthenticationService service = (PluggableAuthenticationService) Framework.getRuntime().getComponent(
101                PluggableAuthenticationService.NAME);
102        if (service == null) {
103            throw new NuxeoException("Can't initialize Nuxeo Pluggable Authentication Service");
104        }
105
106        cas2Authenticator = (Cas2Authenticator) service.getPlugin("CAS2_AUTH");
107
108        if (cas2Authenticator == null) {
109            throw new NuxeoException("Can't get CAS authenticator");
110        }
111        return cas2Authenticator;
112    }
113
114    protected String getURLToReach(HttpServletRequest request) {
115        DocumentView docView = (DocumentView) request.getAttribute(URLPolicyService.DOCUMENT_VIEW_REQUEST_KEY);
116
117        if (docView != null) {
118            String urlToReach = getURLPolicyService().getUrlFromDocumentView(docView, "");
119
120            if (urlToReach != null) {
121                return urlToReach;
122            }
123        }
124        return request.getRequestURL().toString() + "?" + request.getQueryString();
125    }
126
127    protected URLPolicyService getURLPolicyService() {
128        return Framework.getService(URLPolicyService.class);
129    }
130
131}