From 38b36f7ef90d1ed16e035463dea6e55478e67b5e Mon Sep 17 00:00:00 2001 From: Krzysztof Golebiowski Date: Fri, 10 Jan 2025 13:00:53 +0100 Subject: [PATCH] Fixed problem with retrieving the configuration: Instance first and then System if it doesn't exist --- .../cas/configuration/CASConfiguration.java | 101 +++--- .../security/sso/cas/internal/SSOImpl.java | 106 +++--- .../cas/internal/auto/login/CASAutoLogin.java | 197 +++++------ .../internal/servlet/filter/CASFilter.java | 325 +++++++++--------- 4 files changed, 350 insertions(+), 379 deletions(-) diff --git a/modules/portal-security-sso-cas-api/src/main/java/com/liferay/portal/security/sso/cas/configuration/CASConfiguration.java b/modules/portal-security-sso-cas-api/src/main/java/com/liferay/portal/security/sso/cas/configuration/CASConfiguration.java index c419271..c290632 100644 --- a/modules/portal-security-sso-cas-api/src/main/java/com/liferay/portal/security/sso/cas/configuration/CASConfiguration.java +++ b/modules/portal-security-sso-cas-api/src/main/java/com/liferay/portal/security/sso/cas/configuration/CASConfiguration.java @@ -1,11 +1,11 @@ /** * Copyright (c) 2000-present Liferay, Inc. All rights reserved. - * + *

* This library is free software; you can redistribute it and/or modify it under * the terms of the GNU Lesser General Public License as published by the Free * Software Foundation; either version 2.1 of the License, or (at your option) * any later version. - * + *

* This library is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more @@ -29,63 +29,66 @@ * * @author Michael C. Han */ -@ExtendedObjectClassDefinition(category = "sso") +@ExtendedObjectClassDefinition( + scope = ExtendedObjectClassDefinition.Scope.COMPANY, + category = "sso" +) @Meta.OCD( - id = "com.liferay.portal.security.sso.cas.configuration.CASConfiguration", - localization = "content/Language", name = "cas-configuration-name" + id = "com.liferay.portal.security.sso.cas.configuration.CASConfiguration", + localization = "content/Language", name = "cas-configuration-name" ) public interface CASConfiguration { - @Meta.AD( - deflt = "false", description = "enabled-help[cas]", name = "enabled", - required = false - ) - public boolean enabled(); + @Meta.AD( + deflt = "false", description = "enabled-help[cas]", name = "enabled", + required = false + ) + public boolean enabled(); - @Meta.AD( - deflt = "false", - description = "a-user-may-be-authenticated-by-cas-and-not-yet-exist-in-the-portal", - name = "import-from-ldap", required = false - ) - public boolean importFromLDAP(); + @Meta.AD( + deflt = "false", + description = "a-user-may-be-authenticated-by-cas-and-not-yet-exist-in-the-portal", + name = "import-from-ldap", required = false + ) + public boolean importFromLDAP(); - @Meta.AD( - deflt = "https://localhost:8443/cas-web/login", name = "login-url", - required = false - ) - public String loginURL(); + @Meta.AD( + deflt = "https://localhost:8443/cas-web/login", name = "login-url", + required = false + ) + public String loginURL(); - @Meta.AD( - deflt = "false", description = "logout-on-session-expiration-help", - name = "logout-on-session-expiration", required = false - ) - public boolean logoutOnSessionExpiration(); + @Meta.AD( + deflt = "false", description = "logout-on-session-expiration-help", + name = "logout-on-session-expiration", required = false + ) + public boolean logoutOnSessionExpiration(); - @Meta.AD( - deflt = "https://localhost:8443/cas-web/logout", name = "logout-url", - required = false - ) - public String logoutURL(); + @Meta.AD( + deflt = "https://localhost:8443/cas-web/logout", name = "logout-url", + required = false + ) + public String logoutURL(); - @Meta.AD( - deflt = "http://localhost:8080", description = "server-name-help", - name = "server-name", required = false - ) - public String serverName(); + @Meta.AD( + deflt = "http://localhost:8080", description = "server-name-help", + name = "server-name", required = false + ) + public String serverName(); - @Meta.AD( - deflt = "https://localhost:8443/cas-web", name = "server-url", - required = false - ) - public String serverURL(); + @Meta.AD( + deflt = "https://localhost:8443/cas-web", name = "server-url", + required = false + ) + public String serverURL(); - @Meta.AD(name = "service-url", required = false) - public String serviceURL(); + @Meta.AD(name = "service-url", required = false) + public String serviceURL(); - @Meta.AD( - deflt = "http://localhost:8080", name = "no-such-user-redirect-url", - required = false - ) - public String noSuchUserRedirectURL(); + @Meta.AD( + deflt = "http://localhost:8080", name = "no-such-user-redirect-url", + required = false + ) + public String noSuchUserRedirectURL(); -} \ No newline at end of file +} diff --git a/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/SSOImpl.java b/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/SSOImpl.java index 0a6af7d..b941414 100644 --- a/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/SSOImpl.java +++ b/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/SSOImpl.java @@ -1,11 +1,11 @@ /** * Copyright (c) 2000-present Liferay, Inc. All rights reserved. - * + *

* This library is free software; you can redistribute it and/or modify it under * the terms of the GNU Lesser General Public License as published by the Free * Software Foundation; either version 2.1 of the License, or (at your option) * any later version. - * + *

* This library is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more @@ -19,10 +19,7 @@ import com.liferay.portal.kernel.log.LogFactoryUtil; import com.liferay.portal.kernel.module.configuration.ConfigurationException; import com.liferay.portal.kernel.security.sso.SSO; -import com.liferay.portal.kernel.settings.CompanyServiceSettingsLocator; import com.liferay.portal.security.sso.cas.configuration.CASConfiguration; -import com.liferay.portal.security.sso.cas.constants.CASConstants; - import org.osgi.service.component.annotations.Component; import org.osgi.service.component.annotations.Reference; @@ -33,74 +30,71 @@ * @author Michael C. Han */ @Component( - configurationPid = "com.liferay.portal.security.sso.cas.configuration.CASConfiguration", - immediate = true, service = SSO.class + configurationPid = "com.liferay.portal.security.sso.cas.configuration.CASConfiguration", + immediate = true, service = SSO.class ) public class SSOImpl implements SSO { - @Override - public String getSessionExpirationRedirectUrl(long companyId) { - CASConfiguration casConfiguration = _getCASConfiguration(companyId); + @Override + public String getSessionExpirationRedirectUrl(long companyId) { + CASConfiguration casConfiguration = _getCASConfiguration(companyId); - if (casConfiguration.logoutOnSessionExpiration()) { - return casConfiguration.logoutURL(); - } + if (casConfiguration.logoutOnSessionExpiration()) { + return casConfiguration.logoutURL(); + } - return null; - } + return null; + } - @Override - public String getSignInURL(long companyId, String defaultSigninURL) { - return defaultSigninURL; - } + @Override + public String getSignInURL(long companyId, String defaultSigninURL) { + return defaultSigninURL; + } - @Override - public boolean isLoginRedirectRequired(long companyId) { - return _isCASAuthEnabled(companyId); - } + @Override + public boolean isLoginRedirectRequired(long companyId) { + return _isCASAuthEnabled(companyId); + } - @Override - public boolean isRedirectRequired(long companyId) { - return _isCASAuthEnabled(companyId); - } + @Override + public boolean isRedirectRequired(long companyId) { + return _isCASAuthEnabled(companyId); + } - @Override - public boolean isSessionRedirectOnExpire(long companyId) { - CASConfiguration casConfiguration = _getCASConfiguration(companyId); + @Override + public boolean isSessionRedirectOnExpire(long companyId) { + CASConfiguration casConfiguration = _getCASConfiguration(companyId); - return casConfiguration.logoutOnSessionExpiration(); - } + return casConfiguration.logoutOnSessionExpiration(); + } - @Reference(unbind = "-") - protected void setConfigurationProvider( - ConfigurationProvider configurationProvider) { + @Reference(unbind = "-") + protected void setConfigurationProvider( + ConfigurationProvider configurationProvider) { - _configurationProvider = configurationProvider; - } + _configurationProvider = configurationProvider; + } - private CASConfiguration _getCASConfiguration(long companyId) { - try { - return _configurationProvider.getConfiguration( - CASConfiguration.class, - new CompanyServiceSettingsLocator( - companyId, CASConstants.SERVICE_NAME)); - } - catch (ConfigurationException configurationException) { - _log.error( - "Unable to get CAS configuration", configurationException); - } + private CASConfiguration _getCASConfiguration(long companyId) { + try { + return _configurationProvider.getCompanyConfiguration( + CASConfiguration.class, companyId); + } catch (ConfigurationException configurationException) { + _log.error( + "Unable to get CAS configuration", configurationException); + } - return null; - } + return null; + } - private boolean _isCASAuthEnabled(long companyId) { - CASConfiguration casConfiguration = _getCASConfiguration(companyId); + private boolean _isCASAuthEnabled(long companyId) { + CASConfiguration casConfiguration = _getCASConfiguration(companyId); - return casConfiguration.enabled(); - } + return casConfiguration.enabled(); + } - private static final Log _log = LogFactoryUtil.getLog(SSOImpl.class); + private static final Log _log = LogFactoryUtil.getLog(SSOImpl.class); - private ConfigurationProvider _configurationProvider; + private ConfigurationProvider _configurationProvider; } diff --git a/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/auto/login/CASAutoLogin.java b/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/auto/login/CASAutoLogin.java index 5e7a398..67845dd 100644 --- a/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/auto/login/CASAutoLogin.java +++ b/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/auto/login/CASAutoLogin.java @@ -1,11 +1,11 @@ /** * Copyright (c) 2000-present Liferay, Inc. All rights reserved. - * + *

* This library is free software; you can redistribute it and/or modify it under * the terms of the GNU Lesser General Public License as published by the Free * Software Foundation; either version 2.1 of the License, or (at your option) * any later version. - * + *

* This library is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more @@ -25,14 +25,12 @@ import com.liferay.portal.kernel.security.auto.login.AutoLogin; import com.liferay.portal.kernel.security.auto.login.BaseAutoLogin; import com.liferay.portal.kernel.service.UserLocalService; -import com.liferay.portal.kernel.settings.CompanyServiceSettingsLocator; import com.liferay.portal.kernel.util.Portal; import com.liferay.portal.kernel.util.PrefsPropsUtil; import com.liferay.portal.kernel.util.PropsKeys; import com.liferay.portal.kernel.util.Validator; import com.liferay.portal.security.ldap.exportimport.LDAPUserImporter; import com.liferay.portal.security.sso.cas.configuration.CASConfiguration; -import com.liferay.portal.security.sso.cas.constants.CASConstants; import com.liferay.portal.security.sso.cas.internal.constants.CASWebKeys; import com.liferay.portal.util.PropsValues; import org.osgi.service.component.annotations.Component; @@ -64,142 +62,137 @@ * @author Daeyoung Song */ @Component( - configurationPid = "com.liferay.portal.security.sso.cas.configuration.CASConfiguration", - immediate = true, service = AutoLogin.class + configurationPid = "com.liferay.portal.security.sso.cas.configuration.CASConfiguration", + immediate = true, service = AutoLogin.class ) public class CASAutoLogin extends BaseAutoLogin { - @Override - protected String[] doHandleException( - HttpServletRequest httpServletRequest, - HttpServletResponse httpServletResponse, Exception exception) { + @Override + protected String[] doHandleException( + HttpServletRequest httpServletRequest, + HttpServletResponse httpServletResponse, Exception exception) { - if (exception instanceof NoSuchUserException) { - HttpSession httpSession = httpServletRequest.getSession(); + if (exception instanceof NoSuchUserException) { + HttpSession httpSession = httpServletRequest.getSession(); - httpSession.removeAttribute(CASWebKeys.CAS_LOGIN); + httpSession.removeAttribute(CASWebKeys.CAS_LOGIN); - httpSession.setAttribute( - CASWebKeys.CAS_NO_SUCH_USER_EXCEPTION, Boolean.TRUE); - } + httpSession.setAttribute( + CASWebKeys.CAS_NO_SUCH_USER_EXCEPTION, Boolean.TRUE); + } - _log.error(exception); + _log.error(exception); - return null; - } + return null; + } - @Override - protected String[] doLogin( - HttpServletRequest httpServletRequest, - HttpServletResponse httpServletResponse) - throws Exception { + @Override + protected String[] doLogin( + HttpServletRequest httpServletRequest, + HttpServletResponse httpServletResponse) + throws Exception { - long companyId = _portal.getCompanyId(httpServletRequest); + long companyId = _portal.getCompanyId(httpServletRequest); - CASConfiguration casConfiguration = - _configurationProvider.getConfiguration( - CASConfiguration.class, - new CompanyServiceSettingsLocator( - companyId, CASConstants.SERVICE_NAME)); + CASConfiguration casConfiguration = + _configurationProvider.getCompanyConfiguration( + CASConfiguration.class, companyId); - if (!casConfiguration.enabled()) { - return null; - } + if (!casConfiguration.enabled()) { + return null; + } - HttpSession httpSession = httpServletRequest.getSession(); + HttpSession httpSession = httpServletRequest.getSession(); - String login = (String)httpSession.getAttribute(CASWebKeys.CAS_LOGIN); + String login = (String) httpSession.getAttribute(CASWebKeys.CAS_LOGIN); - if (Validator.isNull(login)) { - Object noSuchUserException = httpSession.getAttribute( - CASWebKeys.CAS_NO_SUCH_USER_EXCEPTION); + if (Validator.isNull(login)) { + Object noSuchUserException = httpSession.getAttribute( + CASWebKeys.CAS_NO_SUCH_USER_EXCEPTION); - if (noSuchUserException == null) { - return null; - } + if (noSuchUserException == null) { + return null; + } - httpSession.removeAttribute(CASWebKeys.CAS_NO_SUCH_USER_EXCEPTION); + httpSession.removeAttribute(CASWebKeys.CAS_NO_SUCH_USER_EXCEPTION); - httpSession.setAttribute(CASWebKeys.CAS_FORCE_LOGOUT, Boolean.TRUE); + httpSession.setAttribute(CASWebKeys.CAS_FORCE_LOGOUT, Boolean.TRUE); - String redirect = casConfiguration.noSuchUserRedirectURL(); + String redirect = casConfiguration.noSuchUserRedirectURL(); - httpServletRequest.setAttribute( - AutoLogin.AUTO_LOGIN_REDIRECT, redirect); + httpServletRequest.setAttribute( + AutoLogin.AUTO_LOGIN_REDIRECT, redirect); - return null; - } + return null; + } - User user = null; + User user = null; - String authType = PrefsPropsUtil.getString( - companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE, - PropsValues.COMPANY_SECURITY_AUTH_TYPE); + String authType = PrefsPropsUtil.getString( + companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE, + PropsValues.COMPANY_SECURITY_AUTH_TYPE); - if (casConfiguration.importFromLDAP()) { - try { - if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) { - user = _userImporter.importUser( - companyId, StringPool.BLANK, login); - } - else { - user = _userImporter.importUser( - companyId, login, StringPool.BLANK); - } - } - catch (SystemException systemException) { + if (casConfiguration.importFromLDAP()) { + try { + if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) { + user = _userImporter.importUser( + companyId, StringPool.BLANK, login); + } else { + user = _userImporter.importUser( + companyId, login, StringPool.BLANK); + } + } catch (SystemException systemException) { - // LPS-52675 + // LPS-52675 - if (_log.isDebugEnabled()) { - _log.debug(systemException); - } - } - } + if (_log.isDebugEnabled()) { + _log.debug(systemException); + } + } + } - if (user == null) { - if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) { - user = _userLocalService.getUserByScreenName(companyId, login); - } - else { - user = _userLocalService.getUserByEmailAddress( - companyId, login); - } - } + if (user == null) { + if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) { + user = _userLocalService.getUserByScreenName(companyId, login); + } else { + user = _userLocalService.getUserByEmailAddress( + companyId, login); + } + } - addRedirect(httpServletRequest); + addRedirect(httpServletRequest); - String[] credentials = new String[3]; + String[] credentials = new String[3]; - credentials[0] = String.valueOf(user.getUserId()); - credentials[1] = user.getPassword(); - credentials[2] = Boolean.TRUE.toString(); + credentials[0] = String.valueOf(user.getUserId()); + credentials[1] = user.getPassword(); + credentials[2] = Boolean.TRUE.toString(); - return credentials; - } + return credentials; + } - @Reference(unbind = "-") - protected void setConfigurationProvider( - ConfigurationProvider configurationProvider) { + @Reference(unbind = "-") + protected void setConfigurationProvider( + ConfigurationProvider configurationProvider) { - _configurationProvider = configurationProvider; - } + _configurationProvider = configurationProvider; + } - @Reference(unbind = "-") - protected void setUserLocalService(UserLocalService userLocalService) { - _userLocalService = userLocalService; - } + @Reference(unbind = "-") + protected void setUserLocalService(UserLocalService userLocalService) { + _userLocalService = userLocalService; + } - private static final Log _log = LogFactoryUtil.getLog(CASAutoLogin.class); + private static final Log _log = LogFactoryUtil.getLog(CASAutoLogin.class); - private ConfigurationProvider _configurationProvider; + private ConfigurationProvider _configurationProvider; - @Reference - private Portal _portal; + @Reference + private Portal _portal; - @Reference - private LDAPUserImporter _userImporter; + @Reference + private LDAPUserImporter _userImporter; - private UserLocalService _userLocalService; + private UserLocalService _userLocalService; } diff --git a/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/servlet/filter/CASFilter.java b/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/servlet/filter/CASFilter.java index 6320bda..f2990b2 100644 --- a/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/servlet/filter/CASFilter.java +++ b/modules/portal-security-sso-cas-impl/src/main/java/com/liferay/portal/security/sso/cas/internal/servlet/filter/CASFilter.java @@ -1,11 +1,11 @@ /** * Copyright (c) 2000-present Liferay, Inc. All rights reserved. - * + *

* This library is free software; you can redistribute it and/or modify it under * the terms of the GNU Lesser General Public License as published by the Free * Software Foundation; either version 2.1 of the License, or (at your option) * any later version. - * + *

* This library is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more @@ -19,35 +19,26 @@ import com.liferay.portal.kernel.log.Log; import com.liferay.portal.kernel.log.LogFactoryUtil; import com.liferay.portal.kernel.servlet.BaseFilter; -import com.liferay.portal.kernel.settings.CompanyServiceSettingsLocator; -import com.liferay.portal.kernel.util.HashMapBuilder; -import com.liferay.portal.kernel.util.HttpComponentsUtil; -import com.liferay.portal.kernel.util.ParamUtil; -import com.liferay.portal.kernel.util.Portal; -import com.liferay.portal.kernel.util.Validator; +import com.liferay.portal.kernel.util.*; import com.liferay.portal.security.sso.cas.configuration.CASConfiguration; -import com.liferay.portal.security.sso.cas.constants.CASConstants; import com.liferay.portal.security.sso.cas.internal.constants.CASWebKeys; - -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - import org.jasig.cas.client.authentication.AttributePrincipal; import org.jasig.cas.client.util.CommonUtils; import org.jasig.cas.client.validation.Assertion; import org.jasig.cas.client.validation.Cas20ProxyTicketValidator; import org.jasig.cas.client.validation.TicketValidationException; import org.jasig.cas.client.validation.TicketValidator; - import org.osgi.service.component.annotations.Component; import org.osgi.service.component.annotations.Reference; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + /** * Participates in every login and logout that triggers an HTTP request to * Liferay Portal. @@ -82,215 +73,205 @@ * @author Zsolt Balogh */ @Component( - configurationPid = "com.liferay.portal.security.sso.cas.configuration.CASConfiguration", - immediate = true, - property = { - "before-filter=Auto Login Filter", "dispatcher=FORWARD", - "dispatcher=REQUEST", "servlet-context-name=", - "servlet-filter-name=SSO CAS Filter", "url-pattern=/c/portal/login", - "url-pattern=/c/portal/logout" - }, - service = Filter.class + configurationPid = "com.liferay.portal.security.sso.cas.configuration.CASConfiguration", + immediate = true, + property = { + "before-filter=Auto Login Filter", "dispatcher=FORWARD", + "dispatcher=REQUEST", "servlet-context-name=", + "servlet-filter-name=SSO CAS Filter", "url-pattern=/c/portal/login", + "url-pattern=/c/portal/logout" + }, + service = Filter.class ) public class CASFilter extends BaseFilter { - public static void reload(long companyId) { - _ticketValidators.remove(companyId); - } + public static void reload(long companyId) { + _ticketValidators.remove(companyId); + } - @Override - public boolean isFilterEnabled( - HttpServletRequest httpServletRequest, - HttpServletResponse httpServletResponse) { + @Override + public boolean isFilterEnabled( + HttpServletRequest httpServletRequest, + HttpServletResponse httpServletResponse) { - try { - CASConfiguration casConfiguration = - _configurationProvider.getConfiguration( - CASConfiguration.class, - new CompanyServiceSettingsLocator( - _portal.getCompanyId(httpServletRequest), - CASConstants.SERVICE_NAME)); + try { + CASConfiguration casConfiguration = + _configurationProvider.getCompanyConfiguration( + CASConfiguration.class, _portal.getCompanyId(httpServletRequest)); - if (casConfiguration.enabled()) { - return true; - } - } - catch (Exception exception) { - _log.error(exception); - } + if (casConfiguration.enabled()) { + return true; + } + } catch (Exception exception) { + _log.error(exception); + } - return false; - } + return false; + } - @Override - protected Log getLog() { - return _log; - } + @Override + protected Log getLog() { + return _log; + } - @Override - protected void processFilter( - HttpServletRequest httpServletRequest, - HttpServletResponse httpServletResponse, FilterChain filterChain) - throws Exception { + @Override + protected void processFilter( + HttpServletRequest httpServletRequest, + HttpServletResponse httpServletResponse, FilterChain filterChain) + throws Exception { - HttpSession httpSession = httpServletRequest.getSession(); + HttpSession httpSession = httpServletRequest.getSession(); - long companyId = _portal.getCompanyId(httpServletRequest); + long companyId = _portal.getCompanyId(httpServletRequest); - CASConfiguration casConfiguration = - _configurationProvider.getConfiguration( - CASConfiguration.class, - new CompanyServiceSettingsLocator( - companyId, CASConstants.SERVICE_NAME)); + CASConfiguration casConfiguration = + _configurationProvider.getCompanyConfiguration( + CASConfiguration.class, companyId); - Object forceLogout = httpSession.getAttribute( - CASWebKeys.CAS_FORCE_LOGOUT); + Object forceLogout = httpSession.getAttribute( + CASWebKeys.CAS_FORCE_LOGOUT); - if (forceLogout != null) { - httpSession.removeAttribute(CASWebKeys.CAS_FORCE_LOGOUT); + if (forceLogout != null) { + httpSession.removeAttribute(CASWebKeys.CAS_FORCE_LOGOUT); - String logoutUrl = casConfiguration.logoutURL(); + String logoutUrl = casConfiguration.logoutURL(); - httpServletResponse.sendRedirect(logoutUrl); + httpServletResponse.sendRedirect(logoutUrl); - return; - } + return; + } - String pathInfo = httpServletRequest.getPathInfo(); + String pathInfo = httpServletRequest.getPathInfo(); - if (Validator.isNotNull(pathInfo) && - pathInfo.contains("/portal/logout")) { + if (Validator.isNotNull(pathInfo) && + pathInfo.contains("/portal/logout")) { - httpSession.invalidate(); + httpSession.invalidate(); - String logoutUrl = casConfiguration.logoutURL(); + String logoutUrl = casConfiguration.logoutURL(); - httpServletResponse.sendRedirect(logoutUrl); + httpServletResponse.sendRedirect(logoutUrl); - return; - } + return; + } - String login = (String)httpSession.getAttribute(CASWebKeys.CAS_LOGIN); + String login = (String) httpSession.getAttribute(CASWebKeys.CAS_LOGIN); - if (Validator.isNotNull(login)) { - processFilter( - CASFilter.class.getName(), httpServletRequest, - httpServletResponse, filterChain); + if (Validator.isNotNull(login)) { + processFilter( + CASFilter.class.getName(), httpServletRequest, + httpServletResponse, filterChain); - return; - } + return; + } - String serverName = casConfiguration.serverName(); + String serverName = casConfiguration.serverName(); - String serviceURL = casConfiguration.serviceURL(); + String serviceURL = casConfiguration.serviceURL(); - if (Validator.isNull(serviceURL)) { - serviceURL = CommonUtils.constructServiceUrl( - httpServletRequest, httpServletResponse, serviceURL, serverName, - "service", "ticket", true); - } + if (Validator.isNull(serviceURL)) { + serviceURL = CommonUtils.constructServiceUrl( + httpServletRequest, httpServletResponse, serviceURL, serverName, + "service", "ticket", true); + } - String ticket = ParamUtil.getString(httpServletRequest, "ticket"); + String ticket = ParamUtil.getString(httpServletRequest, "ticket"); - if (Validator.isNull(ticket)) { - String loginUrl = casConfiguration.loginURL(); + if (Validator.isNull(ticket)) { + String loginUrl = casConfiguration.loginURL(); - loginUrl = HttpComponentsUtil.addParameter( - loginUrl, "service", serviceURL); + loginUrl = HttpComponentsUtil.addParameter( + loginUrl, "service", serviceURL); - httpServletResponse.sendRedirect(loginUrl); + httpServletResponse.sendRedirect(loginUrl); - return; - } + return; + } - TicketValidator ticketValidator = _getTicketValidator(companyId); + TicketValidator ticketValidator = _getTicketValidator(companyId); - Assertion assertion = null; + Assertion assertion = null; - try { - assertion = ticketValidator.validate(ticket, serviceURL); - } - catch (TicketValidationException ticketValidationException) { - if (_log.isDebugEnabled()) { - _log.debug(ticketValidationException); - } - else if (_log.isInfoEnabled()) { - _log.info(ticketValidationException); - } + try { + assertion = ticketValidator.validate(ticket, serviceURL); + } catch (TicketValidationException ticketValidationException) { + if (_log.isDebugEnabled()) { + _log.debug(ticketValidationException); + } else if (_log.isInfoEnabled()) { + _log.info(ticketValidationException); + } - _portal.sendError( - new PortalException( - "Unable to validate CAS ticket: " + ticket, - ticketValidationException), - httpServletRequest, httpServletResponse); + _portal.sendError( + new PortalException( + "Unable to validate CAS ticket: " + ticket, + ticketValidationException), + httpServletRequest, httpServletResponse); - return; - } + return; + } - if (assertion != null) { - AttributePrincipal attributePrincipal = assertion.getPrincipal(); + if (assertion != null) { + AttributePrincipal attributePrincipal = assertion.getPrincipal(); - login = attributePrincipal.getName(); + login = attributePrincipal.getName(); - httpSession.setAttribute(CASWebKeys.CAS_LOGIN, login); - } + httpSession.setAttribute(CASWebKeys.CAS_LOGIN, login); + } - processFilter( - CASFilter.class.getName(), httpServletRequest, httpServletResponse, - filterChain); - } + processFilter( + CASFilter.class.getName(), httpServletRequest, httpServletResponse, + filterChain); + } - @Reference(unbind = "-") - protected void setConfigurationProvider( - ConfigurationProvider configurationProvider) { + @Reference(unbind = "-") + protected void setConfigurationProvider( + ConfigurationProvider configurationProvider) { - _configurationProvider = configurationProvider; - } + _configurationProvider = configurationProvider; + } - private TicketValidator _getTicketValidator(long companyId) - throws Exception { + private TicketValidator _getTicketValidator(long companyId) + throws Exception { - TicketValidator ticketValidator = _ticketValidators.get(companyId); + TicketValidator ticketValidator = _ticketValidators.get(companyId); - if (ticketValidator != null) { - return ticketValidator; - } + if (ticketValidator != null) { + return ticketValidator; + } - CASConfiguration casConfiguration = - _configurationProvider.getConfiguration( - CASConfiguration.class, - new CompanyServiceSettingsLocator( - companyId, CASConstants.SERVICE_NAME)); + CASConfiguration casConfiguration = + _configurationProvider.getCompanyConfiguration( + CASConfiguration.class, companyId); - String serverUrl = casConfiguration.serverURL(); + String serverUrl = casConfiguration.serverURL(); - Cas20ProxyTicketValidator cas20ProxyTicketValidator = - new Cas20ProxyTicketValidator(serverUrl); + Cas20ProxyTicketValidator cas20ProxyTicketValidator = + new Cas20ProxyTicketValidator(serverUrl); - cas20ProxyTicketValidator.setCustomParameters( - HashMapBuilder.put( - "casServerLoginUrl", casConfiguration.loginURL() - ).put( - "casServerUrlPrefix", serverUrl - ).put( - "redirectAfterValidation", "false" - ).put( - "serverName", casConfiguration.serverName() - ).build()); + cas20ProxyTicketValidator.setCustomParameters( + HashMapBuilder.put( + "casServerLoginUrl", casConfiguration.loginURL() + ).put( + "casServerUrlPrefix", serverUrl + ).put( + "redirectAfterValidation", "false" + ).put( + "serverName", casConfiguration.serverName() + ).build()); - _ticketValidators.put(companyId, cas20ProxyTicketValidator); + _ticketValidators.put(companyId, cas20ProxyTicketValidator); - return cas20ProxyTicketValidator; - } + return cas20ProxyTicketValidator; + } - private static final Log _log = LogFactoryUtil.getLog(CASFilter.class); + private static final Log _log = LogFactoryUtil.getLog(CASFilter.class); - private static final Map _ticketValidators = - new ConcurrentHashMap<>(); + private static final Map _ticketValidators = + new ConcurrentHashMap<>(); - private ConfigurationProvider _configurationProvider; + private ConfigurationProvider _configurationProvider; - @Reference - private Portal _portal; + @Reference + private Portal _portal; }