Package it.eng.spagobi.services.cas

Source Code of it.eng.spagobi.services.cas.CasSsoService3

/**

SpagoBI - The Business Intelligence Free Platform

Copyright (C) 2005-2008 Engineering Ingegneria Informatica S.p.A.

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

**/
package it.eng.spagobi.services.cas;

import it.eng.spago.base.SourceBean;
import it.eng.spago.configuration.ConfigSingleton;
import it.eng.spagobi.commons.SingletonConfig;
import it.eng.spagobi.services.common.EnginConf;
import it.eng.spagobi.services.common.SsoServiceInterface;
import it.eng.spagobi.services.security.exceptions.SecurityException;

import java.io.IOException;

import javax.portlet.PortletSession;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;



/**
* This class contain the specific code of CAS3
* CAS Server 3.3.3
* CAS Client 3.1.6
*/
public class CasSsoService3 implements SsoServiceInterface {

    static private Logger logger = Logger.getLogger(CasSsoService3.class);
   
    /**
     * Read user id.
     *
     * @param session HttpSession
     *
     * @return String
     */
    public String readUserIdentifier(HttpServletRequest request){
    HttpSession session=request.getSession();
    Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
    String userInSession=assertion.getPrincipal().getName();
  //String user=(String)request.getRemoteUser();
  //logger.debug("CAS user in HttpServletRequest:"+user);
  logger.debug("CAS user in HttpSession:"+userInSession);
  return userInSession;
    }
   
    /**
     * Read user id.
     *
     * @param session PortletSession
     *
     * @return String
     */
    public String readUserIdentifier(PortletSession session){
    Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
    String user=assertion.getPrincipal().getName();
  logger.debug("CAS user in PortletSession:"+user);
  return user;
    }
   
    /**
     * Get a new ticket.
     *
     * @param session HttpSession
     *
     * @return String
     *
     * @throws IOException Signals that an I/O exception has occurred.
     */
    public String readTicket(HttpSession session) throws IOException{
      logger.debug("IN");
      String ticket=null;
      String spagoBiServerURL = EnginConf.getInstance().getSpagoBiServerUrl();
      logger.debug("Read spagoBiServerURL=" + spagoBiServerURL);
      SourceBean engineConfig = EnginConf.getInstance().getConfig();
      SourceBean sourceBeanConf = (SourceBean) engineConfig.getAttribute("FILTER_RECEIPT");
      String filterReceipt = (String) sourceBeanConf.getCharacters();
      logger.debug("Read filterReceipt=" + filterReceipt);
      filterReceipt = spagoBiServerURL + filterReceipt;
     
      Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
      ticket=assertion.getPrincipal().getProxyTicketFor(filterReceipt);

      logger.debug("OUT.ticket="+ticket);
      return ticket;
    }

    /**
     * This method verify the ticket.
     *
     * @param ticket String, ticket to validate
     * @param userId String, user id
     *
     * @return String
     *
     * @throws SecurityException the security exception
     */
    public void validateTicket(String ticket, String userId)throws SecurityException {
  logger.debug("IN");
  ConfigSingleton config = ConfigSingleton.getInstance();
  String validateUrl=null;
  String validateService=null;
  if (config!=null){
    // only server side...
    validateUrl = SingletonConfig.getInstance().getConfigValue("CAS_SSO.VALIDATE-USER.URL");
      logger.debug("Read validateUrl=" + validateUrl);
      validateService = SingletonConfig.getInstance().getConfigValue("CAS_SSO.VALIDATE-USER.SERVICE");
      logger.debug("Read validateService=" + validateService);
  }
  logger.debug("userId:"+userId);
  try {
    AttributePrincipal principal = null;
    Cas20ProxyTicketValidator sv = new Cas20ProxyTicketValidator(validateUrl);
    sv.setAcceptAnyProxy(true);

      Assertion a = sv.validate(ticket, validateService);
    principal = a.getPrincipal();
    logger.debug("Ticket is VALID, username=" + principal.getName());
     
  } catch (TicketValidationException e) {
    logger.error("An exception occured while validating the cas token");
    throw new SecurityException("An exception occured while validating the cas token", e);
  } catch (Throwable e) {
      logger.error("An exception occured while validating the cas token");
      throw new SecurityException("An exception occured while validating the cas token", e);
  } finally {
      logger.debug("OUT");
  }

    }

}
TOP

Related Classes of it.eng.spagobi.services.cas.CasSsoService3

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.