View Javadoc

1   /**
2    * This file Copyright (c) 2003-2011 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.cms.security.auth.callback;
35  
36  import info.magnolia.context.MgnlContext;
37  
38  import java.io.IOException;
39  import java.net.URLEncoder;
40  import java.text.MessageFormat;
41  import java.util.Set;
42  
43  import javax.servlet.http.HttpServletRequest;
44  import javax.servlet.http.HttpServletResponse;
45  
46  import org.apache.commons.lang.StringUtils;
47  
48  /**
49   * An HttpClientCallback implementation which redirects to a configured path or URL.
50   * This can be useful, for instance, in SSO contexts where the login screen is handled by
51   * a different application, or if one wants to simply hide the login form from a public instance
52   * using a fronting server configuration.
53   *
54   * @author gjoseph
55   * @version $Revision: $ ($Author: $)
56   */
57  public class RedirectClientCallback extends AbstractHttpClientCallback {
58      private final static org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(RedirectClientCallback.class);
59  
60      private String location = "/.magnolia";
61  
62      @Override
63      public void handle(HttpServletRequest request, HttpServletResponse response) {
64          String target;
65          if (location.startsWith("/")) {
66              target = request.getContextPath() + location;
67          } else {
68              target = location;
69          }
70          if (request.getRequestURI().equals(target)) {
71              log.debug("Unauthorized, can't redirect further, we're already at {}", target);
72              return;
73          }
74          log.debug("Unauthorized, will redirect to {}", target);
75  
76          try {
77              // formats the target location with the request url, to allow passing it has a parameter, for instance.
78              String url = request.getRequestURL().toString();
79              if (MgnlContext.getParameters() != null && !MgnlContext.getParameters().isEmpty()) {
80                  Set<String> keys = MgnlContext.getParameters().keySet();
81                  String parameterString = "";
82                  String[] values;
83                  for (String key : keys) {
84                      // we don't want to pass along the mgnlLogut parameter on a
85                      // login action
86                      if (!key.equals("mgnlLogout")) {
87                          values = MgnlContext.getParameterValues(key);
88                          for (int i = 0; i < values.length; i++) {
89                              parameterString += key + "=" + values[i] + "&";
90                          }
91                      }
92                  }
93                  if (StringUtils.isNotBlank(parameterString)) {
94                      // cut off trailing "&"
95                      url += "?" + StringUtils.substringBeforeLast(parameterString, "&");
96                      target  += "?" + StringUtils.substringBeforeLast(parameterString, "&");
97                  }
98              }
99              final String encodedUrl = URLEncoder.encode(url, "UTF-8");
100             
101 
102 
103             final String formattedTarget = MessageFormat.format(target, encodedUrl);
104             response.sendRedirect(formattedTarget);
105         } catch (IOException e) {
106             throw new RuntimeException("Can't redirect to " + target + " : " + e.getMessage(), e);
107         }
108     }
109 
110     // ------- configuration methods
111 
112     /**
113      * The location field as sent to the browser. If the value starts with a /, it is preceded
114      * by the context path of the current request. The default value is "/.magnolia".
115      * If you need to the current request location in an external login form, you can use the {0} tag:
116      * a value of "http://sso.mycompany.com/login/?backto={0}" will pass the current request url as the "backto"
117      * parameter to the location url.
118      */
119     public void setLocation(String location) {
120         this.location = location;
121     }
122 
123     protected String getLocation() {
124         return location;
125     }
126 }