View Javadoc
1   package fr.paris.lutece.plugins.ctv.cas.web;
2   
3   import fr.paris.lutece.plugins.mylutece.modules.cas.authentication.CASAuthentication;
4   import fr.paris.lutece.plugins.mylutece.modules.cas.web.ParameterGatewayResolver;
5   import fr.paris.lutece.portal.business.user.AdminUser;
6   import fr.paris.lutece.portal.service.admin.AccessDeniedException;
7   import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
8   import fr.paris.lutece.portal.service.message.SiteMessage;
9   import fr.paris.lutece.portal.service.message.SiteMessageException;
10  import fr.paris.lutece.portal.service.message.SiteMessageService;
11  import fr.paris.lutece.portal.service.security.LoginRedirectException;
12  import fr.paris.lutece.portal.service.security.LuteceUser;
13  import fr.paris.lutece.portal.service.security.SecurityService;
14  import fr.paris.lutece.portal.service.security.UserNotSignedException;
15  import fr.paris.lutece.portal.service.spring.SpringContextService;
16  import fr.paris.lutece.portal.service.util.AppLogService;
17  import fr.paris.lutece.portal.service.util.AppPathService;
18  import org.jasig.cas.client.authentication.DefaultGatewayResolverImpl;
19  
20  import javax.security.auth.login.LoginException;
21  import javax.servlet.*;
22  import javax.servlet.http.HttpServletRequest;
23  import javax.servlet.http.HttpServletResponse;
24  import java.io.IOException;
25  import java.util.Enumeration;
26  
27  /**
28   * CustomLuteceCASFilter
29   * Surcharge LuteceCASFilter pour gerer le user Admin et eviter une deconnexion lors d'un appel BO effectue sur une URL FO
30   */
31  public class CustomLuteceCASFilter implements Filter {
32  
33      /**
34       * Filter parameter that, if present, indicates that a message should be displayed
35       * if cookies are not supported
36       */
37      private static final String  PARAM_NOCOOKIEMESSAGEKEY  = "noCookieMessageKey";
38      /**
39       * Message key when cookies are not supported
40       */
41      private String noCookieMessageKey = null;
42      /**
43       * Filter parameter that, if present, indicates whether the user should be
44       * redirected to remove the gateway parameter from the query
45       * string.
46       */
47      private static final String  PARAM_REDIRECTAFTERGATEWWAY  = "redirectAfterGateway";
48      /**
49       * Specify whether the filter should redirect the user agent after a
50       * successful validation to remove the gateway parameter from the query
51       * string.
52       */
53      private boolean redirectAfterGateway = false;
54  
55      /**
56       *
57       * {@inheritDoc}
58       */
59      @Override
60      public void destroy(  )
61      {
62          // nothing
63      }
64  
65      /**
66       *
67       * {@inheritDoc}
68       */
69      @Override
70      public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain )
71              throws IOException, ServletException
72      {
73          HttpServletRequest request = (HttpServletRequest) servletRequest;
74          HttpServletResponse response = (HttpServletResponse) servletResponse;
75  
76          Boolean attrSupportsCookies = ( Boolean ) request.getAttribute( ParameterGatewayResolver.ATTR_SUPPORTS_COOKIES );
77          if ( attrSupportsCookies != null && !attrSupportsCookies.booleanValue() && noCookieMessageKey != null )
78          {
79              // cookies are blocked
80              try
81              {
82                  SiteMessageService.setMessage(request, noCookieMessageKey, SiteMessage.TYPE_ERROR);
83              } catch ( SiteMessageException e )
84              {
85                  request.getSession( true ).setAttribute( DefaultGatewayResolverImpl.CONST_CAS_GATEWAY, "yes" );
86                  response.sendRedirect(
87                          response.encodeRedirectURL( AppPathService.getSiteMessageUrl( request ) ) );
88                  return;
89              }
90          }
91          if ( redirectAfterGateway && request.getParameter( ParameterGatewayResolver.PARAM_GATEWAY ) != null )
92          {
93              String url = constructServiceURL(request);
94              request.getSession( true ).setAttribute( DefaultGatewayResolverImpl.CONST_CAS_GATEWAY, "yes" );
95              response.sendRedirect( response.encodeRedirectURL( url ) );
96              return;
97          }
98  
99          LuteceUser user = SecurityService.getInstance(  ).getRegisteredUser( request );
100         // surcharge : recuperation du user BO
101         AdminUser userBO = null;
102         try {
103             userBO = AdminAuthenticationService.getInstance().getRemoteUser( request );
104         } catch (UserNotSignedException | AccessDeniedException e) {
105             AppLogService.error(e);
106         }
107         // surcharge : traitement effectue uniquement si user FO et BO sont null
108         if ( user == null && userBO == null)
109         {
110             CASAuthentication casAuthentication = (CASAuthentication) SpringContextService.getBean(
111                     "mylutece-cas.authentication" );
112 
113             try
114             {
115                 user = casAuthentication.login( "", "", request );
116             }
117             catch ( LoginException e )
118             {
119                 AppLogService.error( e.getMessage(  ), e );
120             }
121             catch ( LoginRedirectException e )
122             {
123                 AppLogService.error( e.getMessage(  ), e );
124             }
125 
126             if ( AppLogService.isDebugEnabled(  ) )
127             {
128                 AppLogService.debug( "User " + user + " logged" );
129             }
130 
131             SecurityService.getInstance(  ).registerUser( request, user );
132         }
133 
134         chain.doFilter( servletRequest, response );
135     }
136 
137     /**
138      * Constructs the service URL, removing the gateway parameter
139      * @param request the request
140      * @return the service url
141      */
142     private String constructServiceURL(HttpServletRequest request) {
143         StringBuffer url = request.getRequestURL( );
144         @SuppressWarnings("unchecked")
145         Enumeration<String> paramNames = request.getParameterNames( );
146         boolean firstParamater = true;
147         while ( paramNames.hasMoreElements( ) ) {
148             String param = paramNames.nextElement( );
149             if ( !param.equals( ParameterGatewayResolver.PARAM_GATEWAY ) )
150             {
151                 if ( firstParamater )
152                 {
153                     url.append( '?' );
154                     firstParamater = false;
155                 } else {
156                     url.append('&');
157                 }
158                 url.append( param ).append( '=' ).append( request.getParameter( param ) );
159             }
160         }
161         return url.toString();
162     }
163 
164     /**
165      *
166      * {@inheritDoc}
167      */
168     @Override
169     public void init( FilterConfig config ) throws ServletException
170     {
171         noCookieMessageKey = config.getInitParameter( PARAM_NOCOOKIEMESSAGEKEY );
172         String paramRedirect = config.getInitParameter( PARAM_REDIRECTAFTERGATEWWAY );
173         redirectAfterGateway = paramRedirect != null && Boolean.parseBoolean( paramRedirect );
174     }
175 }