midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-5346 : Adding SSO support (#2018) 

- peer review
This commit is contained in:
hengsin 2023-09-21 16:48:30 +08:00 committed by GitHub
parent 680f9f3757
commit 6840b8aeb6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
org.adempiere.base/src/org/adempiere/base/sso/ISSOPrincipalService.java
View File

@ -27,7 +27,7 @@ public interface ISSOPrincipalService
{ {
public static final String SSO_PRINCIPAL_SESSION_TOKEN = "sso.principal.token"; public static final String SSO_PRINCIPAL_SESSION_TOKEN = "sso.principal.token";
public static final String SSO_ZOOM_PARAM = "sso.zoom.param"; public static final String SSO_QUERY_STRING = "sso.query.string";
public static final String SSO_ADMIN_LOGIN = "sso.admin.login"; public static final String SSO_ADMIN_LOGIN = "sso.admin.login";
/** /**

4
org.adempiere.base/src/org/compiere/util/Login.java
View File

@ -1362,10 +1362,10 @@ public class Login
ISSOPrincipalService ssoPrincipal = SSOUtils.getSSOPrincipalService(); ISSOPrincipalService ssoPrincipal = SSOUtils.getSSOPrincipalService();
where.append(" AND EXISTS (SELECT * FROM AD_User u ") where.append(" AND EXISTS (SELECT * FROM AD_User u ")
.append(" INNER JOIN AD_Client c ON (u.AD_Client_ID = c.AD_Client_ID) ") .append(" INNER JOIN AD_Client c ON (u.AD_Client_ID = c.AD_Client_ID) ")
.append(" WHERE COALESCE(u.AuthenticationType, c.AuthenticationType) IN "); .append(" WHERE (COALESCE(u.AuthenticationType, c.AuthenticationType) IN ");
//If Enable_SSO=N then don't allow SSO only users. //If Enable_SSO=N then don't allow SSO only users.
where.append((isSSOEnable && ssoPrincipal != null && isSSOLogin) ? " ('SSO', 'AAS') " : " ('APO', 'AAS') "); where.append((isSSOEnable && ssoPrincipal != null && isSSOLogin) ? " ('SSO', 'AAS') " : " ('APO', 'AAS') ");
where.append(" OR COALESCE(u.AuthenticationType, c.AuthenticationType) IS NULL AND u.AD_User_ID = AD_User.AD_User_ID) "); where.append(" OR COALESCE(u.AuthenticationType, c.AuthenticationType) IS NULL) AND u.AD_User_ID = AD_User.AD_User_ID) ");
String whereRoleType = MRole.getWhereRoleType(roleTypes, "r"); String whereRoleType = MRole.getWhereRoleType(roleTypes, "r");
where.append(" AND") where.append(" AND")

1
org.adempiere.eclipse.equinox.http.servlet/src/org/adempiere/eclipse/equinox/http/servlet/BridgeFilter.java
View File

@ -85,6 +85,7 @@ public class BridgeFilter extends BridgeServlet implements Filter {
// Use authentication code to get token // Use authentication code to get token
String currentUri = req.getRequestURL().toString(); String currentUri = req.getRequestURL().toString();
m_SSOPrincipal.getAuthenticationToken(req, resp, SSOUtils.SSO_MODE_OSGI); m_SSOPrincipal.getAuthenticationToken(req, resp, SSOUtils.SSO_MODE_OSGI);
if (!resp.isCommitted())
resp.sendRedirect(currentUri); resp.sendRedirect(currentUri);
} else if (!m_SSOPrincipal.isAuthenticated(req, resp)) { } else if (!m_SSOPrincipal.isAuthenticated(req, resp)) {
// Redirect to SSO sing in page for authentication // Redirect to SSO sing in page for authentication

1
org.adempiere.server/src/main/servlet/org/compiere/web/AdempiereMonitorFilter.java
View File

@ -110,6 +110,7 @@ public class AdempiereMonitorFilter implements Filter
// Use authentication code get get token // Use authentication code get get token
String currentUri = req.getRequestURL().toString(); String currentUri = req.getRequestURL().toString();
m_SSOPrincipal.getAuthenticationToken(req, resp, SSOUtils.SSO_MODE_MONITOR); m_SSOPrincipal.getAuthenticationToken(req, resp, SSOUtils.SSO_MODE_MONITOR);
if (!resp.isCommitted())
resp.sendRedirect(currentUri); resp.sendRedirect(currentUri);
} else if (!m_SSOPrincipal.isAuthenticated(req, resp)) { } else if (!m_SSOPrincipal.isAuthenticated(req, resp)) {
// Redirect to SSO sing in page for authentication // Redirect to SSO sing in page for authentication

15
org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/sso/filter/SSOWebUIFilter.java
View File

@ -102,16 +102,19 @@ public class SSOWebUIFilter implements Filter
String currentUri = httpRequest.getRequestURL().toString(); String currentUri = httpRequest.getRequestURL().toString();
m_SSOPrincipal.getAuthenticationToken(httpRequest, httpResponse, SSOUtils.SSO_MODE_WEBUI); m_SSOPrincipal.getAuthenticationToken(httpRequest, httpResponse, SSOUtils.SSO_MODE_WEBUI);
// Redirect to default request URL after authentication and handle zoom. if (!httpResponse.isCommitted())
Object zoomPara = httpRequest.getSession().getAttribute(ISSOPrincipalService.SSO_ZOOM_PARAM); {
if (zoomPara != null && !Util.isEmpty((String) zoomPara)) // Redirect to default request URL after authentication and handle query string.
currentUri += "?" + (String) zoomPara; Object queryString = httpRequest.getSession().getAttribute(ISSOPrincipalService.SSO_QUERY_STRING);
if (queryString != null && queryString instanceof String && !Util.isEmpty((String) queryString))
currentUri += "?" + (String) queryString;
httpRequest.getSession().removeAttribute(ISSOPrincipalService.SSO_QUERY_STRING);
httpResponse.sendRedirect(currentUri); httpResponse.sendRedirect(currentUri);
httpRequest.getSession().removeAttribute(ISSOPrincipalService.SSO_ZOOM_PARAM); }
} }
else if (!m_SSOPrincipal.isAuthenticated(httpRequest, httpResponse)) else if (!m_SSOPrincipal.isAuthenticated(httpRequest, httpResponse))
{ {
httpRequest.getSession().setAttribute(ISSOPrincipalService.SSO_ZOOM_PARAM, httpRequest.getQueryString()); httpRequest.getSession().setAttribute(ISSOPrincipalService.SSO_QUERY_STRING, httpRequest.getQueryString());
// Redirect to SSO sing in page for authentication // Redirect to SSO sing in page for authentication
m_SSOPrincipal.redirectForAuthentication(httpRequest, httpResponse, SSOUtils.SSO_MODE_WEBUI); m_SSOPrincipal.redirectForAuthentication(httpRequest, httpResponse, SSOUtils.SSO_MODE_WEBUI);
return; return;