1 /*
2 * Copyright (c) 2002-2014, Mairie de Paris
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright notice
10 * and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright notice
13 * and the following disclaimer in the documentation and/or other materials
14 * provided with the distribution.
15 *
16 * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 *
32 * License 1.0
33 */
34 package fr.paris.lutece.plugins.mylutece.modules.wssodatabase.authentication.security;
35
36 import fr.paris.lutece.portal.service.security.LuteceUser;
37 import fr.paris.lutece.portal.service.security.SecurityService;
38 import fr.paris.lutece.portal.service.util.AppPropertiesService;
39
40 import org.apache.commons.lang.StringUtils;
41
42 import java.io.IOException;
43
44 import javax.servlet.Filter;
45 import javax.servlet.FilterChain;
46 import javax.servlet.FilterConfig;
47 import javax.servlet.ServletException;
48 import javax.servlet.ServletRequest;
49 import javax.servlet.ServletResponse;
50 import javax.servlet.http.Cookie;
51 import javax.servlet.http.HttpServletRequest;
52
53
54 /**
55 * Filter Used for checking if the user logged in
56 * SSO session corresponding to the user stored in application session
57 */
58 public class WSSOSessionTrackingFilter implements Filter
59 {
60 private static final String PROPERTY_COOKIE_WSSOGUID = "mylutece-wssodatabase.cookie.wssoguid"; // unique hexa user id
61
62 /**
63 * {@inheritDoc}
64 */
65 @Override
66 public void init( FilterConfig config ) throws ServletException
67 {
68 }
69
70 /**
71 * {@inheritDoc}
72 */
73 @Override
74 public void destroy( )
75 {
76 // Do nothing
77 }
78
79 /**
80 * {@inheritDoc}
81 */
82 @Override
83 public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )
84 throws IOException, ServletException
85 {
86 HttpServletRequest req = (HttpServletRequest) request;
87 LuteceUser user = SecurityService.getInstance( ).getRegisteredUser( req );
88
89 if ( user != null )
90 {
91 Cookie[] cookies = req.getCookies( );
92 String strUserID = null;
93
94 if ( cookies != null )
95 {
96 for ( int i = 0; i < cookies.length; i++ )
97 {
98 Cookie cookie = cookies[i];
99
100 if ( cookie.getName( ).equals( AppPropertiesService.getProperty( PROPERTY_COOKIE_WSSOGUID ) ) )
101 {
102 strUserID = cookie.getValue( );
103
104 if ( !StringUtils.isEmpty( strUserID ) && !strUserID.equals( user.getName( ) ) )
105 {
106 SecurityService.getInstance( ).unregisterUser( req );
107 }
108
109 break;
110 }
111 }
112 }
113 }
114
115 chain.doFilter( request, response );
116 }
117 }