IDEMPIERE-5346 : Adding SSO support (#2018)

- peer review
2023-09-21 16:48:30 +08:00 · 2023-09-21 16:48:30 +08:00 · 6840b8aeb6
parent 680f9f3757
commit 6840b8aeb6
5 changed files with 17 additions and 12 deletions
--- a/org.adempiere.base/src/org/adempiere/base/sso/ISSOPrincipalService.java
+++ b/org.adempiere.base/src/org/adempiere/base/sso/ISSOPrincipalService.java
@ -27,7 +27,7 @@ public interface ISSOPrincipalService
 {
 	public static final String	SSO_PRINCIPAL_SESSION_TOKEN	= "sso.principal.token";
-	public static final String	SSO_ZOOM_PARAM				= "sso.zoom.param";
+	public static final String	SSO_QUERY_STRING				= "sso.query.string";
 	public static final String	SSO_ADMIN_LOGIN				= "sso.admin.login";
 	/**
--- a/org.adempiere.base/src/org/compiere/util/Login.java
+++ b/org.adempiere.base/src/org/compiere/util/Login.java
@ -1362,10 +1362,10 @@ public class Login
 		ISSOPrincipalService ssoPrincipal = SSOUtils.getSSOPrincipalService();
 		where.append("	AND EXISTS (SELECT * FROM AD_User u ")
 						.append("	INNER JOIN	AD_Client c ON (u.AD_Client_ID = c.AD_Client_ID)	")
-						.append("	WHERE	COALESCE(u.AuthenticationType, c.AuthenticationType) IN ");
+						.append("	WHERE (COALESCE(u.AuthenticationType, c.AuthenticationType) IN ");
 		//If Enable_SSO=N then don't allow SSO only users. 
 		where.append((isSSOEnable && ssoPrincipal != null && isSSOLogin) ? " ('SSO', 'AAS') " : " ('APO', 'AAS') ");
-		where.append("	OR COALESCE(u.AuthenticationType, c.AuthenticationType) IS NULL AND u.AD_User_ID = AD_User.AD_User_ID) ");
+		where.append("	OR COALESCE(u.AuthenticationType, c.AuthenticationType) IS NULL) AND u.AD_User_ID = AD_User.AD_User_ID) ");
 		String whereRoleType = MRole.getWhereRoleType(roleTypes, "r");
 		where.append(" AND")
--- a/org.adempiere.eclipse.equinox.http.servlet/src/org/adempiere/eclipse/equinox/http/servlet/BridgeFilter.java
+++ b/org.adempiere.eclipse.equinox.http.servlet/src/org/adempiere/eclipse/equinox/http/servlet/BridgeFilter.java
@ -85,7 +85,8 @@ public class BridgeFilter extends BridgeServlet implements Filter {
 						// Use authentication code to get token
 						String currentUri = req.getRequestURL().toString();
 						m_SSOPrincipal.getAuthenticationToken(req, resp, SSOUtils.SSO_MODE_OSGI);
-						resp.sendRedirect(currentUri);
+						if (!resp.isCommitted())
 							resp.sendRedirect(currentUri);
 					} else if (!m_SSOPrincipal.isAuthenticated(req, resp)) {
 						// Redirect to SSO sing in page for authentication
 						m_SSOPrincipal.redirectForAuthentication(req, resp, SSOUtils.SSO_MODE_OSGI);
--- a/org.adempiere.server/src/main/servlet/org/compiere/web/AdempiereMonitorFilter.java
+++ b/org.adempiere.server/src/main/servlet/org/compiere/web/AdempiereMonitorFilter.java
@ -110,7 +110,8 @@ public class AdempiereMonitorFilter implements Filter
 							// Use authentication code get get token
 							String currentUri = req.getRequestURL().toString();
 							m_SSOPrincipal.getAuthenticationToken(req, resp, SSOUtils.SSO_MODE_MONITOR);
-							resp.sendRedirect(currentUri);
+							if (!resp.isCommitted())
 								resp.sendRedirect(currentUri);
 						} else if (!m_SSOPrincipal.isAuthenticated(req, resp)) {
 							// Redirect to SSO sing in page for authentication
 							m_SSOPrincipal.redirectForAuthentication(req, resp, SSOUtils.SSO_MODE_MONITOR);
--- a/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/sso/filter/SSOWebUIFilter.java
+++ b/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/sso/filter/SSOWebUIFilter.java
@ -102,16 +102,19 @@ public class SSOWebUIFilter implements Filter
 						String currentUri = httpRequest.getRequestURL().toString();
 						m_SSOPrincipal.getAuthenticationToken(httpRequest, httpResponse, SSOUtils.SSO_MODE_WEBUI);
-						// Redirect to default request URL after authentication and handle zoom. 
+						if (!httpResponse.isCommitted())
-						Object zoomPara = httpRequest.getSession().getAttribute(ISSOPrincipalService.SSO_ZOOM_PARAM);
+						{
-						if (zoomPara != null && !Util.isEmpty((String) zoomPara))
+							// Redirect to default request URL after authentication and handle query string. 
-							currentUri += "?" + (String) zoomPara;
+							Object queryString = httpRequest.getSession().getAttribute(ISSOPrincipalService.SSO_QUERY_STRING);
-						httpResponse.sendRedirect(currentUri);
+							if (queryString != null && queryString instanceof String && !Util.isEmpty((String) queryString))
-						httpRequest.getSession().removeAttribute(ISSOPrincipalService.SSO_ZOOM_PARAM);
+								currentUri += "?" + (String) queryString;
 							httpRequest.getSession().removeAttribute(ISSOPrincipalService.SSO_QUERY_STRING);						
 							httpResponse.sendRedirect(currentUri);
 						}
 					}
 					else if (!m_SSOPrincipal.isAuthenticated(httpRequest, httpResponse))
 					{
-						httpRequest.getSession().setAttribute(ISSOPrincipalService.SSO_ZOOM_PARAM, httpRequest.getQueryString());
+						httpRequest.getSession().setAttribute(ISSOPrincipalService.SSO_QUERY_STRING, httpRequest.getQueryString());
 						// Redirect to SSO sing in page for authentication
 						m_SSOPrincipal.redirectForAuthentication(httpRequest, httpResponse, SSOUtils.SSO_MODE_WEBUI);
 						return;