001
014
015 package com.liferay.portal.servlet.filters.autologin;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
020 import com.liferay.portal.kernel.util.GetterUtil;
021 import com.liferay.portal.kernel.util.InstancePool;
022 import com.liferay.portal.kernel.util.StringBundler;
023 import com.liferay.portal.kernel.util.StringPool;
024 import com.liferay.portal.kernel.util.StringUtil;
025 import com.liferay.portal.kernel.util.Validator;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.auth.AutoLogin;
028 import com.liferay.portal.security.pwd.PasswordEncryptorUtil;
029 import com.liferay.portal.service.UserLocalServiceUtil;
030 import com.liferay.portal.servlet.filters.BasePortalFilter;
031 import com.liferay.portal.util.Portal;
032 import com.liferay.portal.util.PortalInstances;
033 import com.liferay.portal.util.PortalUtil;
034 import com.liferay.portal.util.PropsValues;
035 import com.liferay.portal.util.WebKeys;
036 import com.liferay.portlet.login.util.LoginUtil;
037
038 import java.util.List;
039 import java.util.concurrent.CopyOnWriteArrayList;
040
041 import javax.servlet.FilterChain;
042 import javax.servlet.http.HttpServletRequest;
043 import javax.servlet.http.HttpServletResponse;
044 import javax.servlet.http.HttpSession;
045
046
050 public class AutoLoginFilter extends BasePortalFilter {
051
052 public static void registerAutoLogin(AutoLogin autoLogin) {
053 _autoLogins.add(autoLogin);
054 }
055
056 public static void unregisterAutoLogin(AutoLogin autoLogin) {
057 _autoLogins.remove(autoLogin);
058 }
059
060 public AutoLoginFilter() {
061 for (String autoLoginClassName : PropsValues.AUTO_LOGIN_HOOKS) {
062 AutoLogin autoLogin = (AutoLogin)InstancePool.get(
063 autoLoginClassName);
064
065 _autoLogins.add(autoLogin);
066 }
067 }
068
069 protected String getLoginRemoteUser(
070 HttpServletRequest request, HttpServletResponse response,
071 HttpSession session, String[] credentials)
072 throws Exception {
073
074 if ((credentials == null) || (credentials.length != 3)) {
075 return null;
076 }
077
078 String jUsername = credentials[0];
079 String jPassword = credentials[1];
080 boolean encPassword = GetterUtil.getBoolean(credentials[2]);
081
082 if (Validator.isNull(jUsername) || Validator.isNull(jPassword)) {
083 return null;
084 }
085
086 long userId = GetterUtil.getLong(jUsername);
087
088 if (userId <= 0) {
089 return null;
090 }
091
092 User user = UserLocalServiceUtil.fetchUserById(userId);
093
094 if ((user == null) || user.isLockout()) {
095 return null;
096 }
097
098 if (!PropsValues.AUTH_SIMULTANEOUS_LOGINS) {
099 LoginUtil.signOutSimultaneousLogins(userId);
100 }
101
102 if (PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) {
103 session = LoginUtil.renewSession(request, session);
104 }
105
106 session.setAttribute("j_username", jUsername);
107
108
109
110
111 if (encPassword) {
112 session.setAttribute("j_password", jPassword);
113 }
114 else {
115 session.setAttribute(
116 "j_password",
117 PasswordEncryptorUtil.encrypt(jPassword, user.getPassword()));
118
119 if (PropsValues.SESSION_STORE_PASSWORD) {
120 session.setAttribute(WebKeys.USER_PASSWORD, jPassword);
121 }
122 }
123
124 session.setAttribute("j_remoteuser", jUsername);
125
126 if (PropsValues.PORTAL_JAAS_ENABLE) {
127 String redirect = PortalUtil.getPathMain().concat(
128 "/portal/protected");
129
130 if (PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
131 String autoLoginRedirect = (String)request.getAttribute(
132 AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE);
133
134 redirect = redirect.concat("?redirect=");
135
136 if (Validator.isNotNull(autoLoginRedirect)) {
137 redirect = redirect.concat(autoLoginRedirect);
138 }
139 else {
140 redirect = redirect.concat(
141 PortalUtil.getCurrentCompleteURL(request));
142 }
143 }
144
145 response.sendRedirect(redirect);
146 }
147
148 return jUsername;
149 }
150
151 @Override
152 protected void processFilter(
153 HttpServletRequest request, HttpServletResponse response,
154 FilterChain filterChain)
155 throws Exception {
156
157 HttpSession session = request.getSession();
158
159 String host = PortalUtil.getHost(request);
160
161 if (PortalInstances.isAutoLoginIgnoreHost(host)) {
162 if (_log.isDebugEnabled()) {
163 _log.debug("Ignore host " + host);
164 }
165
166 processFilter(
167 AutoLoginFilter.class, request, response, filterChain);
168
169 return;
170 }
171
172 String contextPath = PortalUtil.getPathContext();
173
174 String path = StringUtil.toLowerCase(request.getRequestURI());
175
176 if (!contextPath.equals(StringPool.SLASH) &&
177 path.contains(contextPath)) {
178
179 path = path.substring(contextPath.length());
180 }
181
182 if (PortalInstances.isAutoLoginIgnorePath(path)) {
183 if (_log.isDebugEnabled()) {
184 _log.debug("Ignore path " + path);
185 }
186
187 processFilter(
188 AutoLoginFilter.class, request, response, filterChain);
189
190 return;
191 }
192
193 String remoteUser = request.getRemoteUser();
194 String jUserName = (String)session.getAttribute("j_username");
195
196
197
198
199
200
201
202 if (!PropsValues.AUTH_LOGIN_DISABLED &&
203 (remoteUser == null) && (jUserName == null)) {
204
205 for (AutoLogin autoLogin : _autoLogins) {
206 try {
207 String[] credentials = autoLogin.login(request, response);
208
209 String redirect = (String)request.getAttribute(
210 AutoLogin.AUTO_LOGIN_REDIRECT);
211
212 if (Validator.isNotNull(redirect)) {
213 response.sendRedirect(redirect);
214
215 return;
216 }
217
218 String loginRemoteUser = getLoginRemoteUser(
219 request, response, session, credentials);
220
221 if (loginRemoteUser != null) {
222 request = new ProtectedServletRequest(
223 request, loginRemoteUser);
224
225 if (PropsValues.PORTAL_JAAS_ENABLE) {
226 return;
227 }
228
229 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
230 redirect = Portal.PATH_MAIN;
231 }
232 else {
233 redirect = (String)request.getAttribute(
234 AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE);
235 }
236
237 if (Validator.isNotNull(redirect)) {
238 response.sendRedirect(redirect);
239
240 return;
241 }
242 }
243 }
244 catch (Exception e) {
245 StringBundler sb = new StringBundler(4);
246
247 sb.append("Current URL ");
248
249 String currentURL = PortalUtil.getCurrentURL(request);
250
251 sb.append(currentURL);
252
253 sb.append(" generates exception: ");
254 sb.append(e.getMessage());
255
256 if (currentURL.endsWith(_PATH_CHAT_LATEST)) {
257 if (_log.isWarnEnabled()) {
258 _log.warn(sb.toString());
259 }
260 }
261 else {
262 _log.error(sb.toString());
263 }
264 }
265 }
266 }
267
268 processFilter(AutoLoginFilter.class, request, response, filterChain);
269 }
270
271 private static final String _PATH_CHAT_LATEST = "/-/chat/latest";
272
273 private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
274
275 private static List<AutoLogin> _autoLogins =
276 new CopyOnWriteArrayList<AutoLogin>();
277
278 }