plugins/ldap/src/main/java/org/apache/ofbiz/ldap/cas/OFBizCasAuthenticationHandler.java - ofbiz - Git at Google

 /*******************************************************************************
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  *******************************************************************************/

 package org.apache.ofbiz.ldap.cas;

 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.io.UnsupportedEncodingException;
 import java.net.URL;
 import java.net.URLConnection;
 import java.net.URLEncoder;
 import java.security.SecureRandom;

 import javax.naming.NamingException;
 import javax.naming.directory.SearchResult;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.apache.ofbiz.base.util.UtilXml;
 import org.apache.ofbiz.ldap.commons.AbstractOFBizAuthenticationHandler;
 import org.apache.ofbiz.ldap.commons.InterfaceOFBizAuthenticationHandler;
 import org.w3c.dom.Element;

 /**
  * The OFBiz CAS-LDAP Authentication Handler.<p>
  *
  * The ACL of a user is still controlled by OFBiz.
  *
  */
 public final class OFBizCasAuthenticationHandler extends AbstractOFBizAuthenticationHandler {

     public static final String PARAM_TICKET = "ticket";

     public static final String PARAM_SERVICE = "service";

     public static final String PARAM_RENEW = "renew";

     /**
      * Public constructor, initializes some required member variables.<p>
      */
     public OFBizCasAuthenticationHandler() {

     }


     @Override
     public String login(HttpServletRequest request, HttpServletResponse response, Element rootElement) throws Exception {

         String ticket = request.getParameter(PARAM_TICKET);
         String username = request.getParameter("USERNAME");
         String password = request.getParameter("PASSWORD");

         String casUrl = UtilXml.childElementValue(rootElement, "CasUrl", "https://localhost:8443/cas");
         String loginUri = UtilXml.childElementValue(rootElement, "CasLoginUri", "/login");
         String validateUri = UtilXml.childElementValue(rootElement, "CasValidateUri", "/validate");
         String serviceUrl = request.getRequestURL().toString();
         String url = URLEncoder.encode(serviceUrl, "UTF-8");
         boolean casLoggedIn = false;
         if (ticket == null) {
             // forward the login page to CAS login page
             response.sendRedirect(casUrl + loginUri + "?" + PARAM_SERVICE + "=" + url);
         } else {
             // there's a ticket, we should validate the ticket
             URL validateURL = new URL(casUrl + validateUri + "?" + PARAM_TICKET + "=" + ticket + "&" + PARAM_SERVICE + "=" + url);
             URLConnection conn = validateURL.openConnection();
             InputStreamReader result = null;
             BufferedReader reader = null;
             try {
                 result = new InputStreamReader(conn.getInputStream(), "UTF-8");
                 reader = new BufferedReader(result);
                 String oneline = reader.readLine();
                 if (oneline != null && oneline.equals("yes")) {
                     // the ticket is true
                     username = reader.readLine().trim();
                     casLoggedIn = true;
                 } else {
                     // the ticket is false, forward the request to cas login page
                     response.sendRedirect(casUrl + loginUri + "?service=" + url);
                 }
             } catch (Exception e) {
                 if (reader != null) {
                     try {
                         reader.close();
                     } catch (Exception e1) {
                     }
                 }
                 if (result != null) {
                     try {
                         result.close();
                     } catch (Exception e1) {
                     }
                 }
             }
         }

         if (casLoggedIn && username != null) {
             // as we cannot get the password user input in CAS login page, we use a random one
             password = randomString();
             SearchResult result = getLdapSearchResult(username, password, rootElement, false);
             if (result != null) {
                 return login(request, response, username, password, rootElement, result);
             }
         }
         return "error";
     }

     public static String randomString(int lo, int hi) {
         int n = rand(lo, hi);
         byte b[] = new byte[n];
         for (int i = 0; i < n; i++) {
             b[i] = (byte)rand('a', 'z');
         }
         return new String(b);
     }

     private static int rand(int lo, int hi) {
         java.util.Random rn = new SecureRandom();
         int n = hi - lo + 1;
         int i = rn.nextInt() % n;
         if (i < 0)
                 i = -i;
         return lo + i;
     }

     public static String randomString() {
         return randomString(5, 15);
     }

     @Override
     public String logout(HttpServletRequest request, HttpServletResponse response, Element rootElement) {
         String casUrl = UtilXml.childElementValue(rootElement, "CasUrl", "https://localhost:8443/cas");
         String logoutUri = UtilXml.childElementValue(rootElement, "CasLogoutUri", "/logout");
         try {
             response.sendRedirect(casUrl + logoutUri);
         } catch (UnsupportedEncodingException e) {
         } catch (IOException e) {
         }
         return "success";
     }


     @Override
     public SearchResult getLdapSearchResult(String username, String password,
             Element rootElement, boolean bindRequired) throws NamingException {
         String className = UtilXml.childElementValue(rootElement, "CasLdapHandler", "org.apache.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler");
         try {
             Class<?> handlerClass = Class.forName(className);
             InterfaceOFBizAuthenticationHandler casLdapHandler = (InterfaceOFBizAuthenticationHandler) handlerClass.newInstance();
             return casLdapHandler.getLdapSearchResult(username, password, rootElement, bindRequired);
         } catch (ClassNotFoundException e) {
             throw new NamingException(e.getLocalizedMessage());
         } catch (InstantiationException e) {
             throw new NamingException(e.getLocalizedMessage());
         } catch (IllegalAccessException e) {
             throw new NamingException(e.getLocalizedMessage());
         }
     }

     /**
      * An HTTP WebEvent handler that checks to see is a userLogin is logged out.
      * If yes, the user is forwarded to the login page.
      *
      * @param request The HTTP request object for the current JSP or Servlet request.
      * @param response The HTTP response object for the current JSP or Servlet request.
      * @param rootElement Element root element of ldap config file
      * @return true if the user has logged out from ldap; otherwise, false.
      */
     @Override
     public boolean hasLdapLoggedOut(HttpServletRequest request, HttpServletResponse response, Element rootElement) {
         String casTGC = UtilXml.childElementValue(rootElement, "CasTGTCookieName", "CASTGC");
         String casUrl = UtilXml.childElementValue(rootElement, "CasUrl", "https://localhost:8443/cas");
         Cookie[] cookies = request.getCookies();
         if (cookies == null) return true;
         for (int i=0; i < cookies.length; i++) {
             Cookie cookie = cookies[i];
             if (cookie.getName().equals(casTGC) && casUrl.indexOf(cookie.getDomain()) > -1) {
                 return false;
             }
         }
         return true;
     }
 }
	/*******************************************************************************
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*******************************************************************************/

	package org.apache.ofbiz.ldap.cas;

	import java.io.BufferedReader;
	import java.io.IOException;
	import java.io.InputStreamReader;
	import java.io.UnsupportedEncodingException;
	import java.net.URL;
	import java.net.URLConnection;
	import java.net.URLEncoder;
	import java.security.SecureRandom;

	import javax.naming.NamingException;
	import javax.naming.directory.SearchResult;
	import javax.servlet.http.Cookie;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	import org.apache.ofbiz.base.util.UtilXml;
	import org.apache.ofbiz.ldap.commons.AbstractOFBizAuthenticationHandler;
	import org.apache.ofbiz.ldap.commons.InterfaceOFBizAuthenticationHandler;
	import org.w3c.dom.Element;

	/**
	* The OFBiz CAS-LDAP Authentication Handler.<p>
	*
	* The ACL of a user is still controlled by OFBiz.
	*
	*/
	public final class OFBizCasAuthenticationHandler extends AbstractOFBizAuthenticationHandler {

	public static final String PARAM_TICKET = "ticket";

	public static final String PARAM_SERVICE = "service";

	public static final String PARAM_RENEW = "renew";

	/**
	* Public constructor, initializes some required member variables.<p>
	*/
	public OFBizCasAuthenticationHandler() {

	}


	@Override
	public String login(HttpServletRequest request, HttpServletResponse response, Element rootElement) throws Exception {

	String ticket = request.getParameter(PARAM_TICKET);
	String username = request.getParameter("USERNAME");
	String password = request.getParameter("PASSWORD");

	String casUrl = UtilXml.childElementValue(rootElement, "CasUrl", "https://localhost:8443/cas");
	String loginUri = UtilXml.childElementValue(rootElement, "CasLoginUri", "/login");
	String validateUri = UtilXml.childElementValue(rootElement, "CasValidateUri", "/validate");
	String serviceUrl = request.getRequestURL().toString();
	String url = URLEncoder.encode(serviceUrl, "UTF-8");
	boolean casLoggedIn = false;
	if (ticket == null) {
	// forward the login page to CAS login page
	response.sendRedirect(casUrl + loginUri + "?" + PARAM_SERVICE + "=" + url);
	} else {
	// there's a ticket, we should validate the ticket
	URL validateURL = new URL(casUrl + validateUri + "?" + PARAM_TICKET + "=" + ticket + "&" + PARAM_SERVICE + "=" + url);
	URLConnection conn = validateURL.openConnection();
	InputStreamReader result = null;
	BufferedReader reader = null;
	try {
	result = new InputStreamReader(conn.getInputStream(), "UTF-8");
	reader = new BufferedReader(result);
	String oneline = reader.readLine();
	if (oneline != null && oneline.equals("yes")) {
	// the ticket is true
	username = reader.readLine().trim();
	casLoggedIn = true;
	} else {
	// the ticket is false, forward the request to cas login page
	response.sendRedirect(casUrl + loginUri + "?service=" + url);
	}
	} catch (Exception e) {
	if (reader != null) {
	try {
	reader.close();
	} catch (Exception e1) {
	}
	}
	if (result != null) {
	try {
	result.close();
	} catch (Exception e1) {
	}
	}
	}
	}

	if (casLoggedIn && username != null) {
	// as we cannot get the password user input in CAS login page, we use a random one
	password = randomString();
	SearchResult result = getLdapSearchResult(username, password, rootElement, false);
	if (result != null) {
	return login(request, response, username, password, rootElement, result);
	}
	}
	return "error";
	}

	public static String randomString(int lo, int hi) {
	int n = rand(lo, hi);
	byte b[] = new byte[n];
	for (int i = 0; i < n; i++) {
	b[i] = (byte)rand('a', 'z');
	}
	return new String(b);
	}

	private static int rand(int lo, int hi) {
	java.util.Random rn = new SecureRandom();
	int n = hi - lo + 1;
	int i = rn.nextInt() % n;
	if (i < 0)
	i = -i;
	return lo + i;
	}

	public static String randomString() {
	return randomString(5, 15);
	}

	@Override
	public String logout(HttpServletRequest request, HttpServletResponse response, Element rootElement) {
	String casUrl = UtilXml.childElementValue(rootElement, "CasUrl", "https://localhost:8443/cas");
	String logoutUri = UtilXml.childElementValue(rootElement, "CasLogoutUri", "/logout");
	try {
	response.sendRedirect(casUrl + logoutUri);
	} catch (UnsupportedEncodingException e) {
	} catch (IOException e) {
	}
	return "success";
	}


	@Override
	public SearchResult getLdapSearchResult(String username, String password,
	Element rootElement, boolean bindRequired) throws NamingException {
	String className = UtilXml.childElementValue(rootElement, "CasLdapHandler", "org.apache.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler");
	try {
	Class<?> handlerClass = Class.forName(className);
	InterfaceOFBizAuthenticationHandler casLdapHandler = (InterfaceOFBizAuthenticationHandler) handlerClass.newInstance();
	return casLdapHandler.getLdapSearchResult(username, password, rootElement, bindRequired);
	} catch (ClassNotFoundException e) {
	throw new NamingException(e.getLocalizedMessage());
	} catch (InstantiationException e) {
	throw new NamingException(e.getLocalizedMessage());
	} catch (IllegalAccessException e) {
	throw new NamingException(e.getLocalizedMessage());
	}
	}

	/**
	* An HTTP WebEvent handler that checks to see is a userLogin is logged out.
	* If yes, the user is forwarded to the login page.
	*
	* @param request The HTTP request object for the current JSP or Servlet request.
	* @param response The HTTP response object for the current JSP or Servlet request.
	* @param rootElement Element root element of ldap config file
	* @return true if the user has logged out from ldap; otherwise, false.
	*/
	@Override
	public boolean hasLdapLoggedOut(HttpServletRequest request, HttpServletResponse response, Element rootElement) {
	String casTGC = UtilXml.childElementValue(rootElement, "CasTGTCookieName", "CASTGC");
	String casUrl = UtilXml.childElementValue(rootElement, "CasUrl", "https://localhost:8443/cas");
	Cookie[] cookies = request.getCookies();
	if (cookies == null) return true;
	for (int i=0; i < cookies.length; i++) {
	Cookie cookie = cookies[i];
	if (cookie.getName().equals(casTGC) && casUrl.indexOf(cookie.getDomain()) > -1) {
	return false;
	}
	}
	return true;
	}
	}