IDEMPIERE-5346 : Adding SSO support (#2018)

- peer review
This commit is contained in:
hengsin 2023-09-21 16:48:30 +08:00 committed by GitHub
parent 680f9f3757
commit 6840b8aeb6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 17 additions and 12 deletions

View File

@ -27,7 +27,7 @@ public interface ISSOPrincipalService
{
public static final String SSO_PRINCIPAL_SESSION_TOKEN = "sso.principal.token";
public static final String SSO_ZOOM_PARAM = "sso.zoom.param";
public static final String SSO_QUERY_STRING = "sso.query.string";
public static final String SSO_ADMIN_LOGIN = "sso.admin.login";
/**

View File

@ -1362,10 +1362,10 @@ public class Login
ISSOPrincipalService ssoPrincipal = SSOUtils.getSSOPrincipalService();
where.append(" AND EXISTS (SELECT * FROM AD_User u ")
.append(" INNER JOIN AD_Client c ON (u.AD_Client_ID = c.AD_Client_ID) ")
.append(" WHERE COALESCE(u.AuthenticationType, c.AuthenticationType) IN ");
.append(" WHERE (COALESCE(u.AuthenticationType, c.AuthenticationType) IN ");
//If Enable_SSO=N then don't allow SSO only users.
where.append((isSSOEnable && ssoPrincipal != null && isSSOLogin) ? " ('SSO', 'AAS') " : " ('APO', 'AAS') ");
where.append(" OR COALESCE(u.AuthenticationType, c.AuthenticationType) IS NULL AND u.AD_User_ID = AD_User.AD_User_ID) ");
where.append(" OR COALESCE(u.AuthenticationType, c.AuthenticationType) IS NULL) AND u.AD_User_ID = AD_User.AD_User_ID) ");
String whereRoleType = MRole.getWhereRoleType(roleTypes, "r");
where.append(" AND")

View File

@ -85,7 +85,8 @@ public class BridgeFilter extends BridgeServlet implements Filter {
// Use authentication code to get token
String currentUri = req.getRequestURL().toString();
m_SSOPrincipal.getAuthenticationToken(req, resp, SSOUtils.SSO_MODE_OSGI);
resp.sendRedirect(currentUri);
if (!resp.isCommitted())
resp.sendRedirect(currentUri);
} else if (!m_SSOPrincipal.isAuthenticated(req, resp)) {
// Redirect to SSO sing in page for authentication
m_SSOPrincipal.redirectForAuthentication(req, resp, SSOUtils.SSO_MODE_OSGI);

View File

@ -110,7 +110,8 @@ public class AdempiereMonitorFilter implements Filter
// Use authentication code get get token
String currentUri = req.getRequestURL().toString();
m_SSOPrincipal.getAuthenticationToken(req, resp, SSOUtils.SSO_MODE_MONITOR);
resp.sendRedirect(currentUri);
if (!resp.isCommitted())
resp.sendRedirect(currentUri);
} else if (!m_SSOPrincipal.isAuthenticated(req, resp)) {
// Redirect to SSO sing in page for authentication
m_SSOPrincipal.redirectForAuthentication(req, resp, SSOUtils.SSO_MODE_MONITOR);

View File

@ -102,16 +102,19 @@ public class SSOWebUIFilter implements Filter
String currentUri = httpRequest.getRequestURL().toString();
m_SSOPrincipal.getAuthenticationToken(httpRequest, httpResponse, SSOUtils.SSO_MODE_WEBUI);
// Redirect to default request URL after authentication and handle zoom.
Object zoomPara = httpRequest.getSession().getAttribute(ISSOPrincipalService.SSO_ZOOM_PARAM);
if (zoomPara != null && !Util.isEmpty((String) zoomPara))
currentUri += "?" + (String) zoomPara;
httpResponse.sendRedirect(currentUri);
httpRequest.getSession().removeAttribute(ISSOPrincipalService.SSO_ZOOM_PARAM);
if (!httpResponse.isCommitted())
{
// Redirect to default request URL after authentication and handle query string.
Object queryString = httpRequest.getSession().getAttribute(ISSOPrincipalService.SSO_QUERY_STRING);
if (queryString != null && queryString instanceof String && !Util.isEmpty((String) queryString))
currentUri += "?" + (String) queryString;
httpRequest.getSession().removeAttribute(ISSOPrincipalService.SSO_QUERY_STRING);
httpResponse.sendRedirect(currentUri);
}
}
else if (!m_SSOPrincipal.isAuthenticated(httpRequest, httpResponse))
{
httpRequest.getSession().setAttribute(ISSOPrincipalService.SSO_ZOOM_PARAM, httpRequest.getQueryString());
httpRequest.getSession().setAttribute(ISSOPrincipalService.SSO_QUERY_STRING, httpRequest.getQueryString());
// Redirect to SSO sing in page for authentication
m_SSOPrincipal.redirectForAuthentication(httpRequest, httpResponse, SSOUtils.SSO_MODE_WEBUI);
return;