Author: bdaw Date: 2007-09-18 12:53:54 -0400 (Tue, 18 Sep 2007) New Revision: 8328 Added: modules/identity/trunk/identity/src/main/org/jboss/portal/identity/helper/ modules/identity/trunk/identity/src/main/org/jboss/portal/identity/helper/IdentityTools.java Modified: modules/identity/trunk/identity/build.xml modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/cas/CASAuthenticationValve.java modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/josso/JOSSOLogoutValve.java modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/opensso/OpenSSOAuthenticationValve.java Log: remove hardcoded portal URIs from sso integration Modified: modules/identity/trunk/identity/build.xml =================================================================== --- modules/identity/trunk/identity/build.xml 2007-09-18 16:50:10 UTC (rev 8327) +++ modules/identity/trunk/identity/build.xml 2007-09-18 16:53:54 UTC (rev 8328) @@ -100,6 +100,7 @@ <path refid="hibernate.hibernate.classpath"/> <path refid="apache.log4j.classpath"/> <path refid="junit.junit.classpath"/> + <path refid="apache.tomcat.classpath"/> <pathelement location="${project.tools}/lib/ant.jar"/> <!--<path refid="sun.opends.classpath"/>--> </path> Added: modules/identity/trunk/identity/src/main/org/jboss/portal/identity/helper/IdentityTools.java =================================================================== --- modules/identity/trunk/identity/src/main/org/jboss/portal/identity/helper/IdentityTools.java (rev 0) +++ modules/identity/trunk/identity/src/main/org/jboss/portal/identity/helper/IdentityTools.java 2007-09-18 16:53:54 UTC (rev 8328) @@ -0,0 +1,76 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ + +package org.jboss.portal.identity.helper; + +import org.apache.catalina.Context; +import org.apache.catalina.deploy.SecurityConstraint; +import org.apache.catalina.deploy.SecurityCollection; + +import java.util.Set; +import java.util.HashSet; + +/** + * @author <a href="mailto:boleslaw dot dawidowicz at redhat anotherdot com">Boleslaw Dawidowicz</a> + * @version $Revision: 0.1 $ + */ +public class IdentityTools +{ + + /** + * It returns all the urls from security-constraint part of web.xml + * + * @param context + * @return + */ + public static Set findSecuredURLs(Context context) + { + Set urls = new HashSet(); + SecurityConstraint[] constraints = context.findConstraints(); + + for (int i = 0; i < constraints.length; i++) + { + SecurityConstraint constraint = constraints[i]; + + + SecurityCollection[] collections = constraint.findCollections(); + + for (int j = 0; j < collections.length; j++) + { + SecurityCollection collection = collections[j]; + + String[] patterns = collection.findPatterns(); + + for (int k = 0; k < patterns.length; k++) + { + String pattern = patterns[k]; + + // Remove wildcards + urls.add(pattern); + } + } + + } + + return urls; + } +} Modified: modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/cas/CASAuthenticationValve.java =================================================================== --- modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/cas/CASAuthenticationValve.java 2007-09-18 16:50:10 UTC (rev 8327) +++ modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/cas/CASAuthenticationValve.java 2007-09-18 16:53:54 UTC (rev 8328) @@ -24,6 +24,9 @@ import java.util.List; import java.util.ArrayList; +import java.util.Set; +import java.util.Iterator; +import java.util.HashSet; import java.io.IOException; import java.net.URLEncoder; import java.security.Principal; @@ -39,6 +42,7 @@ import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.catalina.valves.ValveBase; +import org.jboss.portal.identity.helper.IdentityTools; import edu.yale.its.tp.cas.client.*; @@ -49,6 +53,10 @@ */ public class CASAuthenticationValve extends ValveBase { + /** . */ + private static final org.jboss.logging.Logger log = org.jboss.logging.Logger.getLogger(CASAuthenticationValve.class); + + /** * The name of the filter initialization parameter the value of which should * be the https: address of the CAS Login servlet. Optional parameter, but @@ -170,6 +178,11 @@ /** * */ + private Set urlPatterns; + + /** + * + */ private String authType = null; /** @@ -272,9 +285,7 @@ HttpSession session = httpRequest.getSession(); String requestURI = request.getRequestURI(); - if ((requestURI.indexOf("/auth/") != -1 - || requestURI.indexOf("/authsec/") != -1 || requestURI - .indexOf("/sec/") != -1) + if (isSecuredURI(requestURI) && request.getParameter("ticket") == null && session.getAttribute(CAS_FILTER_USER) == null) { @@ -474,4 +485,45 @@ return serviceString; } + + private boolean isSecuredURI(String uri) + { + Set patterns = getSecuredUrlPatterns(); + + if (log.isDebugEnabled()) + { + log.debug("Checking if requested uri '" + uri + "' matches secured url patterns: " + patterns); + } + + for (Iterator iterator = patterns.iterator(); iterator.hasNext();) + { + String pattern = (String)iterator.next(); + + if (uri.indexOf(pattern) != -1) + { + return true; + } + } + return false; + } + + + public Set getSecuredUrlPatterns() + { + if (urlPatterns == null) + { + urlPatterns = IdentityTools.findSecuredURLs((Context)this.container); + + //Remove wildcards + Set urls = new HashSet(); + for (Iterator iterator = urlPatterns.iterator(); iterator.hasNext();) + { + String pattern = (String)iterator.next(); + urls.add(pattern.replaceAll("\\*","")); + } + urlPatterns = urls; + } + + return urlPatterns; + } } Modified: modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/josso/JOSSOLogoutValve.java =================================================================== --- modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/josso/JOSSOLogoutValve.java 2007-09-18 16:50:10 UTC (rev 8327) +++ modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/josso/JOSSOLogoutValve.java 2007-09-18 16:53:54 UTC (rev 8328) @@ -81,7 +81,7 @@ // continue processing the request this.getNext().invoke(request, response); - if(httpRequest.getRequestURI().endsWith("/signout")) + if(request.getAttribute("org.jboss.portal.logout") != null) { String jossoLogout = httpRequest.getContextPath() + org.josso.agent.Constants.JOSSO_LOGOUT_URI; Modified: modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/opensso/OpenSSOAuthenticationValve.java =================================================================== --- modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/opensso/OpenSSOAuthenticationValve.java 2007-09-18 16:50:10 UTC (rev 8327) +++ modules/identity/trunk/sso/src/main/org/jboss/portal/identity/sso/opensso/OpenSSOAuthenticationValve.java 2007-09-18 16:53:54 UTC (rev 8328) @@ -28,6 +28,7 @@ import org.apache.catalina.Context; import org.apache.catalina.Session; import org.apache.catalina.authenticator.Constants; +import org.jboss.portal.identity.helper.IdentityTools; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -35,6 +36,9 @@ import javax.security.jacc.PolicyContext; import java.io.IOException; import java.security.Principal; +import java.util.Set; +import java.util.Iterator; +import java.util.HashSet; import com.iplanet.sso.SSOTokenManager; import com.iplanet.sso.SSOToken; @@ -50,6 +54,8 @@ public static final String WEB_REQUEST_KEY = "javax.servlet.http.HttpServletRequest"; + private Set urlPatterns; + private String loginURL; private String logoutURL; @@ -73,11 +79,9 @@ // When token is not present and secured portal url is requested - if ((requestURI.indexOf("/auth/") != -1 - || requestURI.indexOf("/authsec/") != -1 || requestURI - .indexOf("/sec/") != -1) - && token == null) + if (isSecuredURI(requestURI) && token == null) { + // Perform OpenSSO login by going to the OpenSSO authentication server redirectToOpenSSOLogin(request, response); @@ -115,7 +119,7 @@ // Signout request - if ((token != null && (!isTokenValid(token) || request.getRequestURI().endsWith("/signout")))) + if ((token != null && (!isTokenValid(token) || request.getAttribute("org.jboss.portal.logout") != null))) { destroyToken(token); redirectToOpenSSOLogout(request,response); @@ -257,6 +261,47 @@ } } + private boolean isSecuredURI(String uri) + { + Set patterns = getSecuredUrlPatterns(); + + if (log.isDebugEnabled()) + { + log.debug("Checking if requested uri '" + uri + "' matches secured url patterns: " + patterns); + } + + for (Iterator iterator = patterns.iterator(); iterator.hasNext();) + { + String pattern = (String)iterator.next(); + + if (uri.indexOf(pattern) != -1) + { + return true; + } + } + return false; + } + + + public Set getSecuredUrlPatterns() + { + if (urlPatterns == null) + { + urlPatterns = IdentityTools.findSecuredURLs((Context)this.container); + + //Remove wildcards + Set urls = new HashSet(); + for (Iterator iterator = urlPatterns.iterator(); iterator.hasNext();) + { + String pattern = (String)iterator.next(); + urls.add(pattern.replaceAll("\\*","")); + } + urlPatterns = urls; + } + + return urlPatterns; + } + /** * Register an authenticated Principal and authentication type in our * request, in the current session (if there is one), and with our