001: /**
002: * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
003: *
004: * Permission is hereby granted, free of charge, to any person obtaining a copy
005: * of this software and associated documentation files (the "Software"), to deal
006: * in the Software without restriction, including without limitation the rights
007: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
008: * copies of the Software, and to permit persons to whom the Software is
009: * furnished to do so, subject to the following conditions:
010: *
011: * The above copyright notice and this permission notice shall be included in
012: * all copies or substantial portions of the Software.
013: *
014: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
015: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
016: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
017: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
018: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
019: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
020: * SOFTWARE.
021: */package com.liferay.portal.security.auth;
022:
023: import com.liferay.portal.NoSuchUserException;
024: import com.liferay.portal.kernel.util.StringPool;
025: import com.liferay.portal.model.User;
026: import com.liferay.portal.service.UserLocalServiceUtil;
027: import com.liferay.portal.theme.ThemeDisplay;
028: import com.liferay.portal.util.PortalUtil;
029: import com.liferay.portal.util.PrefsPropsUtil;
030: import com.liferay.portal.util.PropsUtil;
031: import com.liferay.portal.util.PropsValues;
032: import com.liferay.portal.util.WebKeys;
033: import com.liferay.util.HttpUtil;
034: import com.liferay.util.PwdGenerator;
035:
036: import java.io.BufferedReader;
037: import java.io.InputStream;
038: import java.io.InputStreamReader;
039:
040: import java.net.URL;
041: import java.net.URLConnection;
042:
043: import java.util.Calendar;
044: import java.util.HashMap;
045: import java.util.Locale;
046: import java.util.Map;
047:
048: import javax.servlet.http.HttpServletRequest;
049: import javax.servlet.http.HttpServletResponse;
050: import javax.servlet.http.HttpSession;
051:
052: import org.apache.commons.logging.Log;
053: import org.apache.commons.logging.LogFactory;
054:
055: /**
056: * <a href="OpenSSOAutoLogin.java.html"><b><i>View Source</i></b></a>
057: *
058: * @author Brian Wing Shun Chan
059: *
060: */
061: public class OpenSSOAutoLogin implements AutoLogin {
062:
063: public String[] login(HttpServletRequest req,
064: HttpServletResponse res) throws AutoLoginException {
065:
066: String[] credentials = null;
067:
068: try {
069: long companyId = PortalUtil.getCompanyId(req);
070:
071: if (!PrefsPropsUtil.getBoolean(companyId,
072: PropsUtil.OPEN_SSO_AUTH_ENABLED,
073: PropsValues.OPEN_SSO_AUTH_ENABLED)) {
074:
075: return credentials;
076: }
077:
078: HttpSession ses = req.getSession();
079:
080: String subjectId = (String) ses
081: .getAttribute(WebKeys.OPEN_SSO_LOGIN);
082:
083: if (subjectId == null) {
084: return credentials;
085: }
086:
087: Map nameValues = new HashMap();
088:
089: String serviceUrl = PrefsPropsUtil.getString(companyId,
090: PropsUtil.OPEN_SSO_SERVICE_URL);
091:
092: String url = serviceUrl + "/attributes?subjectid="
093: + HttpUtil.encodeURL(subjectId);
094:
095: URL urlObj = new URL(url);
096:
097: URLConnection con = urlObj.openConnection();
098:
099: BufferedReader reader = new BufferedReader(
100: new InputStreamReader((InputStream) con
101: .getContent()));
102:
103: String line = null;
104:
105: while ((line = reader.readLine()) != null) {
106: String[] parts = line.split("=");
107:
108: if ((parts == null) || (parts.length != 2)) {
109: continue;
110: }
111:
112: String attrName = null;
113: String attrValue = null;
114:
115: if (parts[0].endsWith("name")) {
116: attrName = parts[1];
117:
118: line = reader.readLine();
119:
120: if (line == null) {
121:
122: // Name must be followed by value
123:
124: throw new AutoLoginException(
125: "Error reading user attributes");
126: }
127:
128: parts = line.split("=");
129:
130: if ((parts == null) || (parts.length != 2)
131: || (!parts[0].endsWith("value"))) {
132:
133: attrValue = null;
134: } else {
135: attrValue = parts[1];
136: }
137:
138: nameValues.put(attrName, attrValue);
139: }
140: }
141:
142: String firstName = (String) nameValues.get("cn");
143: String lastName = (String) nameValues.get("sn");
144: String screenName = (String) nameValues.get("givenname");
145: String emailAddress = (String) nameValues.get("mail");
146:
147: User user = null;
148:
149: try {
150: user = UserLocalServiceUtil.getUserByEmailAddress(
151: companyId, emailAddress);
152: } catch (NoSuchUserException nsue) {
153: ThemeDisplay themeDisplay = (ThemeDisplay) req
154: .getAttribute(WebKeys.THEME_DISPLAY);
155:
156: user = addUser(companyId, firstName, lastName,
157: emailAddress, screenName, themeDisplay
158: .getLocale());
159: }
160:
161: credentials = new String[3];
162:
163: credentials[0] = String.valueOf(user.getUserId());
164: credentials[1] = user.getPassword();
165: credentials[2] = Boolean.TRUE.toString();
166: } catch (Exception e) {
167: _log.error(e.getMessage());
168: }
169:
170: return credentials;
171: }
172:
173: protected User addUser(long companyId, String firstName,
174: String lastName, String emailAddress, String screenName,
175: Locale locale) throws Exception {
176:
177: long creatorUserId = 0;
178: boolean autoPassword = false;
179: String password1 = PwdGenerator.getPassword();
180: String password2 = password1;
181: boolean autoScreenName = false;
182: String middleName = StringPool.BLANK;
183: int prefixId = 0;
184: int suffixId = 0;
185: boolean male = true;
186: int birthdayMonth = Calendar.JANUARY;
187: int birthdayDay = 1;
188: int birthdayYear = 1970;
189: String jobTitle = StringPool.BLANK;
190: long[] organizationIds = new long[0];
191: boolean sendEmail = false;
192:
193: return UserLocalServiceUtil.addUser(creatorUserId, companyId,
194: autoPassword, password1, password2, autoScreenName,
195: screenName, emailAddress, locale, firstName,
196: middleName, lastName, prefixId, suffixId, male,
197: birthdayMonth, birthdayDay, birthdayYear, jobTitle,
198: organizationIds, sendEmail);
199: }
200:
201: private static Log _log = LogFactory.getLog(OpenSSOAutoLogin.class);
202:
203: }
|