001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.CompanyMaxUsersException;
018    import com.liferay.portal.CookieNotSupportedException;
019    import com.liferay.portal.NoSuchUserException;
020    import com.liferay.portal.PasswordExpiredException;
021    import com.liferay.portal.UserEmailAddressException;
022    import com.liferay.portal.UserIdException;
023    import com.liferay.portal.UserLockoutException;
024    import com.liferay.portal.UserPasswordException;
025    import com.liferay.portal.UserScreenNameException;
026    import com.liferay.portal.kernel.log.Log;
027    import com.liferay.portal.kernel.log.LogFactoryUtil;
028    import com.liferay.portal.kernel.portlet.LiferayPortletRequest;
029    import com.liferay.portal.kernel.servlet.SessionErrors;
030    import com.liferay.portal.kernel.util.Http;
031    import com.liferay.portal.kernel.util.HttpUtil;
032    import com.liferay.portal.kernel.util.ParamUtil;
033    import com.liferay.portal.kernel.util.Validator;
034    import com.liferay.portal.model.Layout;
035    import com.liferay.portal.security.auth.AuthException;
036    import com.liferay.portal.struts.PortletAction;
037    import com.liferay.portal.theme.ThemeDisplay;
038    import com.liferay.portal.util.PortalUtil;
039    import com.liferay.portal.util.PortletKeys;
040    import com.liferay.portal.util.PropsValues;
041    import com.liferay.portal.util.WebKeys;
042    import com.liferay.portlet.PortletPreferencesFactoryUtil;
043    import com.liferay.portlet.PortletURLImpl;
044    import com.liferay.portlet.login.util.LoginUtil;
045    
046    import javax.portlet.ActionRequest;
047    import javax.portlet.ActionResponse;
048    import javax.portlet.PortletConfig;
049    import javax.portlet.PortletPreferences;
050    import javax.portlet.PortletRequest;
051    import javax.portlet.PortletURL;
052    import javax.portlet.RenderRequest;
053    import javax.portlet.RenderResponse;
054    import javax.portlet.WindowState;
055    
056    import javax.servlet.http.HttpServletRequest;
057    import javax.servlet.http.HttpServletResponse;
058    import javax.servlet.http.HttpSession;
059    
060    import org.apache.struts.action.ActionForm;
061    import org.apache.struts.action.ActionForward;
062    import org.apache.struts.action.ActionMapping;
063    
064    /**
065     * @author Brian Wing Shun Chan
066     */
067    public class LoginAction extends PortletAction {
068    
069            @Override
070            public void processAction(
071                            ActionMapping actionMapping, ActionForm actionForm,
072                            PortletConfig portletConfig, ActionRequest actionRequest,
073                            ActionResponse actionResponse)
074                    throws Exception {
075    
076                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
077                            WebKeys.THEME_DISPLAY);
078    
079                    if (PropsValues.AUTH_LOGIN_DISABLED) {
080                            actionResponse.sendRedirect(
081                                    themeDisplay.getPathMain() +
082                                            PropsValues.AUTH_LOGIN_DISABLED_PATH);
083    
084                            return;
085                    }
086    
087                    /*if (actionRequest.getRemoteUser() != null) {
088                            actionResponse.sendRedirect(themeDisplay.getPathMain());
089    
090                            return;
091                    }*/
092    
093                    try {
094                            login(themeDisplay, actionRequest, actionResponse);
095    
096                            boolean doActionAfterLogin = ParamUtil.getBoolean(
097                                    actionRequest, "doActionAfterLogin");
098    
099                            if (doActionAfterLogin) {
100                                    setForward(actionRequest, "portlet.login.login_redirect");
101                            }
102                    }
103                    catch (Exception e) {
104                            if (e instanceof AuthException) {
105                                    Throwable cause = e.getCause();
106    
107                                    if (cause instanceof PasswordExpiredException ||
108                                            cause instanceof UserLockoutException) {
109    
110                                            SessionErrors.add(actionRequest, cause.getClass());
111                                    }
112                                    else {
113                                            if (_log.isInfoEnabled()) {
114                                                    _log.info("Authentication failed");
115                                            }
116    
117                                            SessionErrors.add(actionRequest, e.getClass());
118                                    }
119                            }
120                            else if (e instanceof CompanyMaxUsersException ||
121                                             e instanceof CookieNotSupportedException ||
122                                             e instanceof NoSuchUserException ||
123                                             e instanceof PasswordExpiredException ||
124                                             e instanceof UserEmailAddressException ||
125                                             e instanceof UserIdException ||
126                                             e instanceof UserLockoutException ||
127                                             e instanceof UserPasswordException ||
128                                             e instanceof UserScreenNameException) {
129    
130                                    SessionErrors.add(actionRequest, e.getClass());
131                            }
132                            else {
133                                    _log.error(e, e);
134    
135                                    PortalUtil.sendError(e, actionRequest, actionResponse);
136    
137                                    return;
138                            }
139    
140                            postProcessAuthFailure(actionRequest, actionResponse);
141                    }
142            }
143    
144            @Override
145            public ActionForward render(
146                            ActionMapping actionMapping, ActionForm actionForm,
147                            PortletConfig portletConfig, RenderRequest renderRequest,
148                            RenderResponse renderResponse)
149                    throws Exception {
150    
151                    return actionMapping.findForward(
152                            getForward(renderRequest, "portlet.login.login"));
153            }
154    
155            protected String getCompleteRedirectURL(
156                    HttpServletRequest request, String redirect) {
157    
158                    HttpSession session = request.getSession();
159    
160                    Boolean httpsInitial = (Boolean)session.getAttribute(
161                            WebKeys.HTTPS_INITIAL);
162    
163                    String portalURL = null;
164    
165                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
166                            !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
167                            (httpsInitial != null) && !httpsInitial.booleanValue()) {
168    
169                            portalURL = PortalUtil.getPortalURL(request, false);
170                    }
171                    else {
172                            portalURL = PortalUtil.getPortalURL(request);
173                    }
174    
175                    return portalURL.concat(redirect);
176            }
177    
178            @Override
179            protected boolean isCheckMethodOnProcessAction() {
180                    return _CHECK_METHOD_ON_PROCESS_ACTION;
181            }
182    
183            protected void login(
184                            ThemeDisplay themeDisplay, ActionRequest actionRequest,
185                            ActionResponse actionResponse)
186                    throws Exception {
187    
188                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
189                            actionRequest);
190                    HttpServletResponse response = PortalUtil.getHttpServletResponse(
191                            actionResponse);
192    
193                    String login = ParamUtil.getString(actionRequest, "login");
194                    String password = actionRequest.getParameter("password");
195                    boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
196    
197                    if (!themeDisplay.isSignedIn()) {
198                            String portletId = PortalUtil.getPortletId(actionRequest);
199    
200                            PortletPreferences portletPreferences =
201                                    PortletPreferencesFactoryUtil.getStrictPortletSetup(
202                                            themeDisplay.getLayout(), portletId);
203    
204                            String authType = portletPreferences.getValue("authType", null);
205    
206                            LoginUtil.login(
207                                    request, response, login, password, rememberMe, authType);
208                    }
209    
210                    String redirect = ParamUtil.getString(actionRequest, "redirect");
211    
212                    if (Validator.isNotNull(redirect)) {
213                            redirect = PortalUtil.escapeRedirect(redirect);
214    
215                            if (Validator.isNotNull(redirect) &&
216                                    !redirect.startsWith(Http.HTTP)) {
217    
218                                    redirect = getCompleteRedirectURL(request, redirect);
219                            }
220                    }
221    
222                    String mainPath = themeDisplay.getPathMain();
223    
224                    if (PropsValues.PORTAL_JAAS_ENABLE) {
225                            if (Validator.isNotNull(redirect)) {
226                                    redirect = mainPath.concat(
227                                            "/portal/protected?redirect=").concat(
228                                                    HttpUtil.encodeURL(redirect));
229                            }
230                            else {
231                                    redirect = mainPath.concat("/portal/protected");
232                            }
233    
234                            actionResponse.sendRedirect(redirect);
235                    }
236                    else {
237                            if (Validator.isNotNull(redirect)) {
238                                    actionResponse.sendRedirect(redirect);
239                            }
240                            else {
241                                    boolean doActionAfterLogin = ParamUtil.getBoolean(
242                                            actionRequest, "doActionAfterLogin");
243    
244                                    if (doActionAfterLogin) {
245                                            return;
246                                    }
247                                    else {
248                                            actionResponse.sendRedirect(mainPath);
249                                    }
250                            }
251                    }
252            }
253    
254            protected void postProcessAuthFailure(
255                            ActionRequest actionRequest, ActionResponse actionResponse)
256                    throws Exception {
257    
258                    LiferayPortletRequest liferayPortletRequest =
259                            PortalUtil.getLiferayPortletRequest(actionRequest);
260    
261                    String portletName = liferayPortletRequest.getPortletName();
262    
263                    Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
264    
265                    PortletURL portletURL = new PortletURLImpl(
266                            actionRequest, portletName, layout.getPlid(),
267                            PortletRequest.RENDER_PHASE);
268    
269                    portletURL.setParameter("saveLastPath", Boolean.FALSE.toString());
270    
271                    String redirect = ParamUtil.getString(actionRequest, "redirect");
272    
273                    if (Validator.isNotNull(redirect)) {
274                            portletURL.setParameter("redirect", redirect);
275                    }
276    
277                    String login = ParamUtil.getString(actionRequest, "login");
278    
279                    if (Validator.isNotNull(login)) {
280                            portletURL.setParameter("login", login);
281                    }
282    
283                    if (portletName.equals(PortletKeys.LOGIN)) {
284                            portletURL.setWindowState(WindowState.MAXIMIZED);
285                    }
286                    else {
287                            portletURL.setWindowState(actionRequest.getWindowState());
288                    }
289    
290                    actionResponse.sendRedirect(portletURL.toString());
291            }
292    
293            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
294    
295            private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
296    
297    }