diff --git a/dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java b/dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java index 2ff0e457a8..81562410fa 100644 --- a/dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java +++ b/dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java @@ -33,6 +33,7 @@ import org.dspace.content.NonUniqueMetadataException; import org.dspace.content.factory.ContentServiceFactory; import org.dspace.content.service.MetadataFieldService; import org.dspace.content.service.MetadataSchemaService; +import org.dspace.core.ConfigurationManager; import org.dspace.core.Context; import org.dspace.eperson.EPerson; import org.dspace.eperson.Group; @@ -509,18 +510,8 @@ public class ShibAuthentication implements AuthenticationMethod { int port = request.getServerPort(); String contextPath = request.getContextPath(); - String returnURL = request.getHeader("Referer"); - if (returnURL == null) { - if (request.isSecure() || forceHTTPS) { - returnURL = "https://"; - } else { - returnURL = "http://"; - } - returnURL += host; - if (!(port == 443 || port == 80)) { - returnURL += ":" + port; - } - } + String returnURL = ConfigurationManager.getProperty("dspace.baseUrl") + "/api/authn/shibboleth?redirectUrl=" + + request.getHeader("Referer"); try { shibURL += "?target=" + URLEncoder.encode(returnURL, "UTF-8"); diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/ShibbolethRestController.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/ShibbolethRestController.java new file mode 100644 index 0000000000..dcbd4fba3b --- /dev/null +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/ShibbolethRestController.java @@ -0,0 +1,61 @@ +/** + * The contents of this file are subject to the license and copyright + * detailed in the LICENSE and NOTICE files at the root of the source + * tree and available online at + * + * http://www.dspace.org/license/ + */ +package org.dspace.app.rest; + +import java.io.IOException; +import java.util.Arrays; + +import javax.servlet.http.HttpServletResponse; + + +import org.dspace.app.rest.model.AuthnRest; +import org.dspace.core.ConfigurationManager; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.InitializingBean; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.hateoas.Link; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.RestController; + +/** + * Rest controller that handles redirect after shibboleth authentication succeded + * + * @author Andrea Bollini (andrea dot bollini at 4science dot it) + * @author Giuseppe Digilio (giuseppe dot digilio at 4science dot it) + */ +@RequestMapping(value = "/api/" + AuthnRest.CATEGORY + "/shibboleth") +@RestController +public class ShibbolethRestController implements InitializingBean { + + private static final Logger log = LoggerFactory.getLogger(ShibbolethRestController.class); + + @Autowired + DiscoverableEndpointsService discoverableEndpointsService; + + @Override + public void afterPropertiesSet() { + discoverableEndpointsService + .register(this, Arrays.asList(new Link("/api/" + AuthnRest.CATEGORY, "shibboleth"))); + } + + @RequestMapping(method = RequestMethod.GET) + @PreAuthorize("hasAuthority('AUTHENTICATED')") + public void shibboleth(HttpServletResponse response, + @RequestParam(name = "redirectUrl", required = false) String redirectUrl) throws IOException { + if (redirectUrl == null) { + redirectUrl = ConfigurationManager.getProperty("dspace.url"); + } + log.info("Redirecting to " + redirectUrl); + response.sendRedirect(redirectUrl); + } + +}