001: /*
002: * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
003: *
004: * Redistribution and use in source and binary forms, with or without
005: * modification, are permitted provided that the following conditions
006: * are met:
007: *
008: * - Redistributions of source code must retain the above copyright
009: * notice, this list of conditions and the following disclaimer.
010: *
011: * - Redistribution in binary form must reproduce the above copyright
012: * notice, this list of conditions and the following disclaimer in
013: * the documentation and/or other materials provided with the
014: * distribution.
015: *
016: * Neither the name of Sun Microsystems, Inc. or the names of
017: * contributors may be used to endorse or promote products derived
018: * from this software without specific prior written permission.
019: *
020: * This software is provided "AS IS," without a warranty of any
021: * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
022: * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
023: * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
024: * EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES
025: * SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR
026: * DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN
027: * OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR
028: * FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
029: * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
030: * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE,
031: * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
032: *
033: * You acknowledge that Software is not designed, licensed or intended
034: * for use in the design, construction, operation or maintenance of
035: * any nuclear facility.
036: */
037: package com.sun.portal.sapportlet.util.ssoa;
038:
039: import java.util.Vector;
040: import java.util.Properties;
041: import java.util.ResourceBundle;
042: import javax.portlet.*;
043: import java.util.logging.*;
044: import java.rmi.RemoteException;
045: import javax.servlet.http.HttpServletRequest;
046: import com.sun.portal.sapportlet.config.*;
047: import com.sun.portal.sapportlet.employee.Employee;
048: import com.sun.portal.sapportlet.employee.EmployeeManager;
049: import com.sun.portal.sapportlet.util.SAPLogger;
050: import com.sun.portal.sapportlet.SAPPortletConstants;
051:
052: public class SAPAuthUtils implements SAPPortletConstants {
053:
054: static Logger logger = SAPLogger.getLogger();
055:
056: // This method is called in doView of portlets.
057: public static synchronized SAPUserConfig checkForUserAuthentication(
058: RenderRequest request) {
059:
060: PortletSession session = request.getPortletSession();
061: SAPUserConfig userConfig = (SAPUserConfig) session
062: .getAttribute(SESSION_USERCONFIG,
063: PortletSession.APPLICATION_SCOPE);
064: if (userConfig == null) {
065: ResourceBundle sapConfig = ResourceBundle
066: .getBundle(SAP_CONFIG_FILE_NAME);
067: String configName = sapConfig
068: .getString(SAP_SSOA_CONFIG_NAME);
069: String channelName = sapConfig
070: .getString(SAP_SSOA_CHANNEL_NAME);
071: userConfig = checkForValidSSOAConfig(request, configName,
072: channelName);
073: }
074: return userConfig;
075: }
076:
077: // This method is called in processAction of the UserConfig portlet.
078: public static SAPUserConfig checkForUserAuthentication(
079: ActionRequest request) {
080: SAPUserConfig userConfig = null;
081: PortletSession session = request.getPortletSession();
082: String userName = request.getParameter(HTML_FIELD_USER_NAME);
083: String userPass = request.getParameter(HTML_FIELD_USER_PASS);
084: String endPointHost = SAPAuthUtils.getSAPEndpointHost(request);
085: String endPoint = SAPAuthUtils.getSAPEndPoint(request);
086: try {
087: userConfig = checkForValidCredentials(userName, userPass,
088: endPoint, endPointHost, session);
089: } catch (Exception Ex) {
090: logger.severe("Invalid credentials provided");
091: SAPAuthUtils.removeSSOAdapterConfigData(request);
092: }
093: return userConfig;
094: }
095:
096: // This method returns the SAP End point for the given portlet request.
097: public static String getSAPEndPoint(PortletRequest request) {
098: SAPSSOAdapterUtils ssoAdapter = SAPAuthUtils
099: .getSSOAdapterUtils(request);
100: String endPoint = "";
101: if (ssoAdapter != null) {
102: endPoint = ssoAdapter.getSAPEndPoint();
103: }
104: return endPoint;
105: }
106:
107: // This method returns the SAP End point host for the given portlet request.
108: public static String getSAPEndpointHost(PortletRequest request) {
109: SAPSSOAdapterUtils ssoAdapter = SAPAuthUtils
110: .getSSOAdapterUtils(request);
111: String endPointHost = "";
112: if (ssoAdapter != null) {
113: endPointHost = ssoAdapter.getSAPEndpointHost();
114: }
115: return endPointHost;
116: }
117:
118: // This method is used to set an user Configuration from processAction
119: // of the UserConfig Portlet.
120: public static void setUserConfig(ActionRequest request) {
121: String userName = request.getParameter(HTML_FIELD_USER_NAME);
122: String userPass = request.getParameter(HTML_FIELD_USER_PASS);
123: try {
124: addUserConfig(request, userName, userPass);
125: } catch (Exception Ex) {
126: logger.severe("unable to set user config");
127: }
128: }
129:
130: // This method is used to set the user Configuration from the
131: // doView of the portlets.
132: public static void setUserConfig(RenderRequest request) {
133:
134: PortletSession session = request.getPortletSession();
135: SAPUserConfig userConfig = (SAPUserConfig) session
136: .getAttribute(SESSION_USERCONFIG,
137: PortletSession.APPLICATION_SCOPE);
138: try {
139: addUserConfig(request, userConfig.getUserName(), userConfig
140: .getUserPassword());
141: } catch (Exception Ex) {
142: logger.severe("unable to set user config");
143: }
144: }
145:
146: // This method is used to add the user Configuration to the SSO Adapter.
147: private static void addUserConfig(PortletRequest request,
148: String userName, String userPass)
149: throws UnConfiguredException {
150: ResourceBundle sapConfig = ResourceBundle
151: .getBundle(SAP_CONFIG_FILE_NAME);
152: String configName = sapConfig.getString(SAP_SSOA_CONFIG_NAME);
153: String channelName = sapConfig.getString(SAP_SSOA_CHANNEL_NAME);
154: HttpServletRequest httpReq = (HttpServletRequest) request
155: .getAttribute(HTTPREQ_ATTR_NAME);
156: addSSOAdapterConfigData(userName, userPass, httpReq,
157: configName, channelName);
158: }
159:
160: // This method is used to get the SSOAdapterUtils for the given portlet request.
161: private static SAPSSOAdapterUtils getSSOAdapterUtils(
162: PortletRequest request) {
163: SAPSSOAdapterUtils ssoUtils = null;
164: ResourceBundle sapConfig = ResourceBundle
165: .getBundle(SAP_CONFIG_FILE_NAME);
166: String configName = sapConfig.getString(SAP_SSOA_CONFIG_NAME);
167: String channelName = sapConfig.getString(SAP_SSOA_CHANNEL_NAME);
168: ssoUtils = getUserInfo(request, configName, channelName);
169: return ssoUtils;
170: }
171:
172: // Checks if a SSOAdapter config is valid
173: // It gets the userName,pass from SSO adapter and
174: // validates the credentials
175: private static SAPUserConfig checkForValidSSOAConfig(
176: RenderRequest request, String configName, String channelName) {
177: SAPUserConfig userConfig = null;
178: try {
179: SAPSSOAdapterUtils ssoUtils = getUserInfo(request,
180: configName, channelName);
181: String userName = ssoUtils.getSAPUserName();
182: String userPass = ssoUtils.getSAPPassword();
183: String endPointHost = ssoUtils.getSAPEndpointHost();
184: String endPoint = ssoUtils.getSAPEndPoint();
185: if (userName != null && userPass != null) {
186: userConfig = new SAPUserConfig(userName, userPass);
187: }
188: } catch (Exception Ex) {
189: logger.severe("user not configured");
190: }
191: return userConfig;
192: }
193:
194: // Invoke webservice to check if the username/password is valid.
195: // If valid, returns the corresponding SAPUserConfig object
196: // If invalid, throws InvalidCredentialsException
197:
198: private static SAPUserConfig checkForValidCredentials(
199: String userName, String userPass, String endPoint,
200: String endPointHost, PortletSession session)
201: throws InvalidCredentialsException {
202:
203: boolean valid = false;
204:
205: // Invoke webservice to check if the username/password is valid.
206: // If an exception is thrown, the credentials are assumed to be invalid.
207:
208: SAPUserConfig config = new SAPUserConfig(userName, userPass);
209: EmployeeManager manager = new EmployeeManager();
210: try {
211: manager.init(config, endPoint);
212: Employee employee = manager.getEmployee(userName,
213: endPointHost);
214: valid = true;
215: } catch (RemoteException rExcp) {
216: // This means some error has occured in manager.getEmployee
217: // A misconfig perhaps
218: //redirect to error page
219: logger.warning("Failed to get employee");
220: logger.warning(rExcp.getMessage());
221: }
222: // Finish webservice invoke
223: if (valid) {
224: //session.setAttribute(SESSION_EMPMANAGER, manager);
225: return config;
226:
227: } else {
228: //session.setAttribute(PARAM_AUTH, PARAM_AUTH_FAILED, PortletSession.APPLICATION_SCOPE);
229: throw new InvalidCredentialsException(
230: "Invalid Credentials provided");
231: }
232: }
233:
234: // This internal method will return an SAPSSOAdapterUtils object given a
235: // PortletRequest for a particular channel/config.
236: private static SAPSSOAdapterUtils getUserInfo(
237: PortletRequest request, String configName,
238: String channelName) {
239:
240: HttpServletRequest httpReq = (HttpServletRequest) request
241: .getAttribute(HTTPREQ_ATTR_NAME);
242: SAPSSOAdapterUtils ssoUtils = null;
243: try {
244: ssoUtils = new SAPSSOAdapterUtils(httpReq, configName,
245: channelName);
246: } catch (Exception Ex) {
247: logger.severe("user not configured");
248: ssoUtils = null;
249: }
250: return ssoUtils;
251: }
252:
253: // This method changes the username and password in the SSO Adapter config
254:
255: private static void addSSOAdapterConfigData(String userName,
256: String userPass, HttpServletRequest httpReq,
257: String configName, String channelName)
258: throws UnConfiguredException {
259: // Create an instance of SAPSSOAdapterUtils
260: SAPSSOAdapterUtils ssoUtils = new SAPSSOAdapterUtils(httpReq,
261: configName, channelName);
262: // Get all properties of the SSOAdapter
263: Properties props = ssoUtils.getSAPProperties();
264: // Change username,password for this user.
265: // The SSOAdapter API identifies the user depending on
266: // the HttpServletRequest object
267: props.put(CONFIG_USERNAME, userName);
268: props.put(CONFIG_PASSWORD, userPass);
269: ssoUtils.removeSSOAdapterAttributes(httpReq);
270: ssoUtils.setSSOAdapterAttributes(props, httpReq);
271: }
272:
273: // This method is used to remove the SSO Adapter configuration
274: private static void removeSSOAdapterConfigData(
275: PortletRequest request) {
276: // getting the SSO Adapter configuration channel information.
277: ResourceBundle sapConfig = ResourceBundle
278: .getBundle(SAP_CONFIG_FILE_NAME);
279: String configName = sapConfig.getString(SAP_SSOA_CONFIG_NAME);
280: String channelName = sapConfig.getString(SAP_SSOA_CHANNEL_NAME);
281: HttpServletRequest httpReq = (HttpServletRequest) request
282: .getAttribute(HTTPREQ_ATTR_NAME);
283:
284: try {
285: // Create an instance of SAPSSOAdapterUtils
286: SAPSSOAdapterUtils ssoUtils = new SAPSSOAdapterUtils(
287: httpReq, configName, channelName);
288: ssoUtils.removeSSOAdapterAttributes(httpReq);
289: } catch (UnConfiguredException UCEx) {
290: logger.severe("user not configured");
291: }
292: }
293:
294: private static void debug(String methodName, String msg) {
295: logger.log(Level.INFO,
296: "com.sun.portal.sapportlet.util.ssoa.SAPAuthUtils :"
297: + methodName + ":" + msg);
298: }
299: }
|