001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.portlet;
018:
019: import java.io.IOException;
020: import java.security.AccessControlContext;
021: import java.security.AccessController;
022:
023: import javax.portlet.ActionRequest;
024: import javax.portlet.ActionResponse;
025: import javax.portlet.PortletConfig;
026: import javax.portlet.PortletContext;
027: import javax.portlet.PortletException;
028: import javax.portlet.PortletPreferences;
029: import javax.portlet.RenderRequest;
030: import javax.portlet.RenderResponse;
031: import javax.security.auth.Subject;
032:
033: import org.apache.commons.codec.binary.Base64;
034: import org.apache.jetspeed.security.JSSubject;
035: import org.apache.jetspeed.sso.SSOContext;
036: import org.apache.jetspeed.sso.SSOException;
037: import org.apache.jetspeed.sso.SSOProvider;
038:
039: /**
040: * SSOIFramePortlet
041: *
042: * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
043: * @version $Id: SSOIFramePortlet.java 598994 2007-11-28 13:31:43Z ate $
044: */
045: public class SSOIFramePortlet extends IFrameGenericPortlet {
046: public static final String SSO_TYPE = "sso.type";
047: public static final String SSO_TYPE_URL = "url";
048: public static final String SSO_TYPE_URL_BASE64 = "url.base64";
049: public static final String SSO_TYPE_HTTP = "http";
050: public static final String SSO_TYPE_CERTIFICATE = "certificate";
051:
052: public static final String SSO_TYPE_URL_USERNAME = "sso.url.Principal";
053: public static final String SSO_TYPE_URL_PASSWORD = "sso.url.Credential";
054:
055: public static final String SSO_REQUEST_ATTRIBUTE_USERNAME = "sso.ra.username";
056: public static final String SSO_REQUEST_ATTRIBUTE_PASSWORD = "sso.ra.password";
057:
058: /*
059: * The constants must be used in your HTML form for the SSO principal and credential
060: */
061: public static final String SSO_FORM_PRINCIPAL = "ssoPrincipal";
062: public static final String SSO_FORM_CREDENTIAL = "ssoCredential";
063:
064: private PortletContext context;
065: private SSOProvider sso;
066:
067: public void init(PortletConfig config) throws PortletException {
068: super .init(config);
069: context = getPortletContext();
070: sso = (SSOProvider) context.getAttribute("cps:SSO");
071: if (null == sso) {
072: throw new PortletException(
073: "Failed to find SSO Provider on portlet initialization");
074: }
075: }
076:
077: public void doEdit(RenderRequest request, RenderResponse response)
078: throws PortletException, IOException {
079: try {
080: Subject subject = getSubject();
081: String site = request.getPreferences().getValue("SRC", "");
082: SSOContext context = sso.getCredentials(subject, site);
083: getContext(request).put(SSO_FORM_PRINCIPAL,
084: context.getRemotePrincipalName());
085: getContext(request).put(SSO_FORM_CREDENTIAL,
086: context.getRemoteCredential());
087: } catch (SSOException e) {
088: if (e.getMessage().equals(
089: SSOException.NO_CREDENTIALS_FOR_SITE)) {
090: // no credentials configured in SSO store
091: // switch to SSO Configure View
092: getContext(request).put(SSO_FORM_PRINCIPAL, "");
093: getContext(request).put(SSO_FORM_CREDENTIAL, "");
094: } else {
095: throw new PortletException(e);
096: }
097: }
098:
099: super .doEdit(request, response);
100: }
101:
102: public void doView(RenderRequest request, RenderResponse response)
103: throws PortletException, IOException {
104: String site = request.getPreferences().getValue("SRC", null);
105: if (site == null) {
106: // no credentials configured in SSO store
107: // switch to SSO Configure View
108: request.setAttribute(PARAM_VIEW_PAGE, this
109: .getPortletConfig().getInitParameter(
110: PARAM_EDIT_PAGE));
111: setupPreferencesEdit(request, response);
112: super .doView(request, response);
113: return;
114: }
115:
116: try {
117: Subject subject = getSubject();
118: SSOContext context = sso.getCredentials(subject, site);
119: request.setAttribute(SSO_REQUEST_ATTRIBUTE_USERNAME,
120: context.getRemotePrincipalName());
121: request.setAttribute(SSO_REQUEST_ATTRIBUTE_PASSWORD,
122: context.getRemoteCredential());
123: } catch (SSOException e) {
124: if (e.getMessage().equals(
125: SSOException.NO_CREDENTIALS_FOR_SITE)) {
126: // no credentials configured in SSO store
127: // switch to SSO Configure View
128: request.setAttribute(PARAM_VIEW_PAGE, this
129: .getPortletConfig().getInitParameter(
130: PARAM_EDIT_PAGE));
131: setupPreferencesEdit(request, response);
132: } else {
133: throw new PortletException(e);
134: }
135: }
136:
137: super .doView(request, response);
138: }
139:
140: public void processAction(ActionRequest request,
141: ActionResponse actionResponse) throws PortletException,
142: IOException {
143: // save the prefs
144: super .processAction(request, actionResponse);
145:
146: // get the POST params -- requires HTML post params named
147: // ssoUserName
148: String ssoPrincipal = request.getParameter(SSO_FORM_PRINCIPAL);
149: String ssoCredential = request
150: .getParameter(SSO_FORM_CREDENTIAL);
151: /*
152: if (ssoPrincipal == null || ssoCredential == null)
153: {
154:
155: actionResponse.setPortletMode(PortletMode.EDIT); // stay on edit
156: }
157: */
158: String site = request.getPreferences().getValue("SRC", "");
159: try {
160: Subject subject = getSubject();
161: if (sso.hasSSOCredentials(subject, site)) {
162: SSOContext context = sso.getCredentials(subject, site);
163: if (!context.getRemotePrincipalName().equals(
164: ssoPrincipal)) {
165: sso.removeCredentialsForSite(subject, site);
166: sso.addCredentialsForSite(subject, ssoPrincipal,
167: site, ssoCredential);
168: } else {
169: sso.updateCredentialsForSite(subject, ssoPrincipal,
170: site, ssoCredential);
171: }
172: } else {
173: sso.addCredentialsForSite(subject, ssoPrincipal, site,
174: ssoCredential);
175: }
176: } catch (SSOException e) {
177: throw new PortletException(e);
178: }
179:
180: }
181:
182: public String getURLSource(RenderRequest request,
183: RenderResponse response, PortletPreferences prefs) {
184: String baseSource = super
185: .getURLSource(request, response, prefs);
186: String type = prefs.getValue(SSO_TYPE, SSO_TYPE_URL);
187: if (type.equals(SSO_TYPE_URL)
188: || type.equals(SSO_TYPE_URL_BASE64)) {
189: String userNameParam = prefs.getValue(
190: SSO_TYPE_URL_USERNAME, "user");
191: String passwordParam = prefs.getValue(
192: SSO_TYPE_URL_PASSWORD, "password");
193: StringBuffer source = new StringBuffer(baseSource);
194: if (baseSource.indexOf("?") == -1) {
195: source.append("?");
196: } else {
197: source.append("&");
198: }
199: source.append(userNameParam);
200: source.append("=");
201:
202: String userName = (String) request
203: .getAttribute(SSO_REQUEST_ATTRIBUTE_USERNAME);
204: if (userName == null)
205: userName = "";
206: String password = (String) request
207: .getAttribute(SSO_REQUEST_ATTRIBUTE_PASSWORD);
208: if (password == null)
209: password = "";
210:
211: if (type.equals(SSO_TYPE_URL_BASE64)) {
212: Base64 encoder = new Base64();
213: userName = new String(encoder.encode(userName
214: .getBytes()));
215: password = new String(encoder.encode(password
216: .getBytes()));
217: }
218:
219: source.append(userName);
220: source.append("&");
221: source.append(passwordParam);
222: source.append("=");
223: source.append(password);
224:
225: return response.encodeURL(source.toString());
226: } else {
227: return baseSource;
228: }
229: }
230:
231: private Subject getSubject() {
232: AccessControlContext context = AccessController.getContext();
233: return JSSubject.getSubject(context);
234: }
235:
236: }
|