001: /*
002: * JOSSO: Java Open Single Sign-On
003: *
004: * Copyright 2004-2008, Atricore, Inc.
005: *
006: * This is free software; you can redistribute it and/or modify it
007: * under the terms of the GNU Lesser General Public License as
008: * published by the Free Software Foundation; either version 2.1 of
009: * the License, or (at your option) any later version.
010: *
011: * This software is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this software; if not, write to the Free
018: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
019: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
020: */
021: package org.josso.gateway.signon;
022:
023: import org.apache.commons.logging.Log;
024: import org.apache.commons.logging.LogFactory;
025: import org.apache.struts.action.Action;
026: import org.josso.Lookup;
027: import org.josso.auth.Credential;
028: import org.josso.auth.exceptions.SSOAuthenticationException;
029: import org.josso.auth.scheme.X509CertificateCredential;
030: import org.josso.gateway.*;
031: import org.josso.gateway.session.SSOSession;
032: import org.josso.gateway.session.exceptions.NoSuchSessionException;
033: import org.josso.util.SSOGatewayFactory;
034:
035: import javax.servlet.http.Cookie;
036: import javax.servlet.http.HttpServletRequest;
037:
038: /**
039: * This is the base action for all signon actions.
040: *
041: * @author <a href="mailto:sgonzalez@josso.org">Sebastian Gonzalez Oyuela</a>
042: * @version $Id: SignonBaseAction.java 508 2008-02-18 13:32:29Z sgonzalez $
043: */
044: public abstract class SignonBaseAction extends Action implements
045: Constants {
046:
047: private static final Log logger = LogFactory
048: .getLog(SignonBaseAction.class);
049:
050: // private static final Log logger = LogFactory.getLog(SignonBaseAction.class);
051:
052: /**
053: * Gets current sso gateway.
054: */
055: protected SSOGateway getSSOGateway() {
056:
057: SSOGateway g = (SSOGateway) getServlet().getServletContext()
058: .getAttribute(KEY_JOSSO_GATEWAY);
059:
060: if (g == null) {
061: g = SSOGatewayFactory.getInstance().getNewSSOGateway();
062: getServlet().getServletContext().setAttribute(
063: KEY_JOSSO_GATEWAY, g);
064: }
065: return g;
066: }
067:
068: /**
069: * Gets the received SSO Command. If command is empty (""), returns null.
070: */
071: protected String getSSOCmd(HttpServletRequest request) {
072: String cmd = request.getParameter(PARAM_JOSSO_CMD);
073: if ("".equals(cmd))
074: cmd = null;
075: return cmd;
076: }
077:
078: protected SSOContext getNewSSOContext(HttpServletRequest request)
079: throws SSOException, SSOAuthenticationException {
080:
081: // SSO Session
082: String sessionId = getJossoSessionId(request);
083: SSOSession s = null;
084:
085: if (sessionId != null && !"".equals(sessionId)) {
086: try {
087: s = getSSOGateway().findSession(sessionId);
088: } catch (NoSuchSessionException e) {
089: if (logger.isDebugEnabled())
090: logger.debug("NoSuchSessionException : "
091: + sessionId);
092: }
093: }
094:
095: // TODO : Detect Authentication scheme when user is already logged.
096: String scheme = null;
097: Credential[] c = getCredentials(request);
098: if (c.length > 0) {
099: scheme = "basic-authentication";
100: if (c[0] instanceof X509CertificateCredential) // TODO: hmm..ugly! this should be submitted by the LoginSelector
101: scheme = "strong-authentication";
102: }
103:
104: SSOContextImpl ctx = new SSOContextImpl();
105: ctx.setCurrentSession(s);
106: ctx.setUserLocation(request.getRemoteHost());
107: ctx.setScheme(scheme);
108:
109: return ctx;
110: }
111:
112: /**
113: * Gets the josso session id value from the propper Cookie.
114: * @param request
115: * @return null, if JOSSO_SINGLE_SIGN_ON_COOKIE is not found in reqeust.
116: */
117: protected String getJossoSessionId(HttpServletRequest request) {
118: Cookie c = getJossoCookie(request);
119: if (c != null)
120: return c.getValue();
121:
122: return null;
123: }
124:
125: protected Cookie getJossoCookie(HttpServletRequest request) {
126: Cookie[] cookies = request.getCookies();
127: if (cookies == null)
128: return null;
129:
130: for (int i = 0; i < cookies.length; i++) {
131: Cookie cookie = cookies[i];
132: if (cookie.getName().equals(
133: Constants.JOSSO_SINGLE_SIGN_ON_COOKIE)) {
134: return cookie;
135: }
136: }
137: return null;
138:
139: }
140:
141: protected Cookie newJossoCookie(String path, String value)
142: throws Exception {
143: SSOWebConfiguration cfg = Lookup.getInstance()
144: .lookupSSOWebConfiguration();
145:
146: Cookie ssoCookie = new Cookie(JOSSO_SINGLE_SIGN_ON_COOKIE,
147: value);
148: ssoCookie.setMaxAge(-1);
149:
150: if (cfg.isSessionTokenSecure()) {
151: ssoCookie.setSecure(true);
152: }
153:
154: ssoCookie.setPath(path);
155:
156: return ssoCookie;
157:
158: // if (cfg.getSessionTokenScope() != null) {
159: // ssoCookie.setDomain(cfg.getSessionTokenScope());
160: // }
161:
162: }
163:
164: /**
165: * Subclasses should provide propper credentials based on specific authentication schemes.
166: */
167: protected Credential[] getCredentials(HttpServletRequest request)
168: throws SSOAuthenticationException {
169: return new Credential[0];
170: }
171: }
|