/*
* JOSSO: Java Open Single Sign-On
*
* Copyright 2004-2009, Atricore, Inc.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*
*/
package org.josso.gateway.signon;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.josso.gateway.SSOContext;
import org.josso.gateway.SSOException;
import org.josso.gateway.SSOWebConfiguration;
import org.josso.auth.exceptions.SSOAuthenticationException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.Cookie;
/**
* This action redirects to the proper action based on the authentication scheme configurated.
*
* @author <a href="mailto:sgonzalez@josso.org">Sebastian Gonzalez Oyuela</a>
* @version $Id: LoginSelectorAction.java 543 2008-03-18 21:34:58Z sgonzalez $
*/
public class LoginSelectorAction extends SignonBaseAction {
private static final Log logger = LogFactory.getLog(LoginSelectorAction.class);
public ActionForward execute(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response) {
if (logger.isDebugEnabled())
logger.debug("JOSSO Command : [cmd="+getSSOCmd(request)+"]");
try {
prepareContext(request);
} catch (SSOException e) {
logger.error(e.getMessage(), e);
} catch (SSOAuthenticationException e) {
logger.error(e.getMessage(), e);
}
SSOWebConfiguration cfg = SSOContext.getCurrent().getSecurityDomain().getSSOWebConfiguration();
// Strong Authentication
if (cfg.isStrongAuthenticationEnabled()) {
boolean clientAuth =
(request.getAttribute("javax.servlet.request.X509Certificate") != null);
if (clientAuth) {
ActionForward af = mapping.findForward("strong-authentication");
String path = af.getPath();
String host = request.getHeader("Host");
String strongAuthLoginUrl = "https://" + host + request.getContextPath() + path + "?josso_cmd=login" +
(request.getQueryString() != null ?
"&" + request.getQueryString() : ""
);
try {
logger.debug("Triggering 'strong-authentication'. Redirecting to: " + strongAuthLoginUrl);
response.sendRedirect(strongAuthLoginUrl);
return null;
} catch (Exception e) {
logger.debug(e.getMessage(), e);
}
}
} else {
if (logger.isDebugEnabled())
logger.debug("Strong authentication is NOT enabled for SSO Context: " + SSOContext.getCurrent().getSecurityDomain().getName());
}
// RememberMe Authentication
if (cfg.isRememberMeEnabled()) {
String remembermeCookieName = JOSSO_REMEMBERME_TOKEN + "_" + SSOContext.getCurrent().getSecurityDomain().getName();
if (logger.isDebugEnabled())
logger.debug("Looking for cookie: " + JOSSO_REMEMBERME_TOKEN + "_" + SSOContext.getCurrent().getSecurityDomain().getName());
Cookie remembermeCookie = getCookie(request, remembermeCookieName);
if (remembermeCookie != null && !remembermeCookie.getValue().equals("-")) {
if (logger.isDebugEnabled())
logger.debug("RemembermeCookie found!");
String cmd = getSSOCmd(request);
if ((cmd == null) || (cmd != null && !cmd.equals("login_optional"))) {
logger.debug("Triggering 'rememberme-authentication'");
return mapping.findForward("rememberme-authentication");
} else {
logger.debug("Not triggering remember me authentication since login is optional");
}
}
if (logger.isDebugEnabled())
logger.debug("RemembermeCookie NOT found!");
} else {
if (logger.isDebugEnabled())
logger.debug("RememberMe is NOT enabled for SSO Context: " + SSOContext.getCurrent().getSecurityDomain().getName());
}
// NTLM Authentication
if (cfg.isNtlmAuthenticationEnabled()) {
// Only trigger NTLM if no errors are in request.
boolean ntlmAuth = request.getAttribute("ntlm_error") == null;
ntlmAuth = ntlmAuth && (request.getHeader("Authorization") != null && request.getHeader("Authorization").startsWith( "NTLM" ));
ntlmAuth = ntlmAuth || (request.getSession().getAttribute( "ntlmHttpPa" ) != null);
if (ntlmAuth) {
try {
logger.debug("Triggering 'ntlm-authentication'");
return mapping.findForward("ntlm-authentication");
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
}
} else {
if (logger.isDebugEnabled())
logger.debug("NTLM authentication is NOT enabled for SSO Context: " + SSOContext.getCurrent().getSecurityDomain().getName());
}
// Basic Authentication
if (cfg.isBasicAuthenticationEnabled()) {
logger.debug("Triggering 'basic-authentication'");
return mapping.findForward("basic-authentication");
}
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setHeader("Expires", "0");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return null;
}
}