001
014
015 package com.liferay.portlet.login.action;
016
017 import com.liferay.portal.CompanyMaxUsersException;
018 import com.liferay.portal.CookieNotSupportedException;
019 import com.liferay.portal.NoSuchUserException;
020 import com.liferay.portal.PasswordExpiredException;
021 import com.liferay.portal.UserEmailAddressException;
022 import com.liferay.portal.UserIdException;
023 import com.liferay.portal.UserLockoutException;
024 import com.liferay.portal.UserPasswordException;
025 import com.liferay.portal.UserScreenNameException;
026 import com.liferay.portal.kernel.log.Log;
027 import com.liferay.portal.kernel.log.LogFactoryUtil;
028 import com.liferay.portal.kernel.portlet.LiferayPortletRequest;
029 import com.liferay.portal.kernel.servlet.SessionErrors;
030 import com.liferay.portal.kernel.util.Http;
031 import com.liferay.portal.kernel.util.HttpUtil;
032 import com.liferay.portal.kernel.util.ParamUtil;
033 import com.liferay.portal.kernel.util.Validator;
034 import com.liferay.portal.model.Layout;
035 import com.liferay.portal.security.auth.AuthException;
036 import com.liferay.portal.struts.PortletAction;
037 import com.liferay.portal.theme.ThemeDisplay;
038 import com.liferay.portal.util.PortalUtil;
039 import com.liferay.portal.util.PortletKeys;
040 import com.liferay.portal.util.PropsValues;
041 import com.liferay.portal.util.WebKeys;
042 import com.liferay.portlet.PortletPreferencesFactoryUtil;
043 import com.liferay.portlet.PortletURLFactoryUtil;
044 import com.liferay.portlet.login.util.LoginUtil;
045
046 import javax.portlet.ActionRequest;
047 import javax.portlet.ActionResponse;
048 import javax.portlet.PortletConfig;
049 import javax.portlet.PortletPreferences;
050 import javax.portlet.PortletRequest;
051 import javax.portlet.PortletURL;
052 import javax.portlet.RenderRequest;
053 import javax.portlet.RenderResponse;
054 import javax.portlet.WindowState;
055
056 import javax.servlet.http.HttpServletRequest;
057 import javax.servlet.http.HttpServletResponse;
058 import javax.servlet.http.HttpSession;
059
060 import org.apache.struts.action.ActionForm;
061 import org.apache.struts.action.ActionForward;
062 import org.apache.struts.action.ActionMapping;
063
064
067 public class LoginAction extends PortletAction {
068
069 @Override
070 public void processAction(
071 ActionMapping actionMapping, ActionForm actionForm,
072 PortletConfig portletConfig, ActionRequest actionRequest,
073 ActionResponse actionResponse)
074 throws Exception {
075
076 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
077 WebKeys.THEME_DISPLAY);
078
079 if (PropsValues.AUTH_LOGIN_DISABLED) {
080 actionResponse.sendRedirect(
081 themeDisplay.getPathMain() +
082 PropsValues.AUTH_LOGIN_DISABLED_PATH);
083
084 return;
085 }
086
087
092
093 try {
094 login(themeDisplay, actionRequest, actionResponse);
095
096 boolean doActionAfterLogin = ParamUtil.getBoolean(
097 actionRequest, "doActionAfterLogin");
098
099 if (doActionAfterLogin) {
100 setForward(actionRequest, "portlet.login.login_redirect");
101 }
102 }
103 catch (Exception e) {
104 if (e instanceof AuthException) {
105 Throwable cause = e.getCause();
106
107 if (cause instanceof PasswordExpiredException ||
108 cause instanceof UserLockoutException) {
109
110 SessionErrors.add(actionRequest, cause.getClass());
111 }
112 else {
113 if (_log.isInfoEnabled()) {
114 _log.info("Authentication failed");
115 }
116
117 SessionErrors.add(actionRequest, e.getClass());
118 }
119 }
120 else if (e instanceof CompanyMaxUsersException ||
121 e instanceof CookieNotSupportedException ||
122 e instanceof NoSuchUserException ||
123 e instanceof PasswordExpiredException ||
124 e instanceof UserEmailAddressException ||
125 e instanceof UserIdException ||
126 e instanceof UserLockoutException ||
127 e instanceof UserPasswordException ||
128 e instanceof UserScreenNameException) {
129
130 SessionErrors.add(actionRequest, e.getClass());
131 }
132 else {
133 _log.error(e, e);
134
135 PortalUtil.sendError(e, actionRequest, actionResponse);
136
137 return;
138 }
139
140 postProcessAuthFailure(actionRequest, actionResponse);
141 }
142 }
143
144 @Override
145 public ActionForward render(
146 ActionMapping actionMapping, ActionForm actionForm,
147 PortletConfig portletConfig, RenderRequest renderRequest,
148 RenderResponse renderResponse)
149 throws Exception {
150
151 return actionMapping.findForward(
152 getForward(renderRequest, "portlet.login.login"));
153 }
154
155 protected String getCompleteRedirectURL(
156 HttpServletRequest request, String redirect) {
157
158 HttpSession session = request.getSession();
159
160 Boolean httpsInitial = (Boolean)session.getAttribute(
161 WebKeys.HTTPS_INITIAL);
162
163 String portalURL = null;
164
165 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
166 !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
167 (httpsInitial != null) && !httpsInitial.booleanValue()) {
168
169 portalURL = PortalUtil.getPortalURL(request, false);
170 }
171 else {
172 portalURL = PortalUtil.getPortalURL(request);
173 }
174
175 return portalURL.concat(redirect);
176 }
177
178 @Override
179 protected boolean isCheckMethodOnProcessAction() {
180 return _CHECK_METHOD_ON_PROCESS_ACTION;
181 }
182
183 protected void login(
184 ThemeDisplay themeDisplay, ActionRequest actionRequest,
185 ActionResponse actionResponse)
186 throws Exception {
187
188 HttpServletRequest request = PortalUtil.getHttpServletRequest(
189 actionRequest);
190 HttpServletResponse response = PortalUtil.getHttpServletResponse(
191 actionResponse);
192
193 String login = ParamUtil.getString(actionRequest, "login");
194 String password = actionRequest.getParameter("password");
195 boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
196
197 if (!themeDisplay.isSignedIn()) {
198 String portletId = PortalUtil.getPortletId(actionRequest);
199
200 PortletPreferences portletPreferences =
201 PortletPreferencesFactoryUtil.getStrictPortletSetup(
202 themeDisplay.getLayout(), portletId);
203
204 String authType = portletPreferences.getValue("authType", null);
205
206 LoginUtil.login(
207 request, response, login, password, rememberMe, authType);
208 }
209
210 String redirect = ParamUtil.getString(actionRequest, "redirect");
211
212 if (Validator.isNotNull(redirect)) {
213 redirect = PortalUtil.escapeRedirect(redirect);
214
215 if (Validator.isNotNull(redirect) &&
216 !redirect.startsWith(Http.HTTP)) {
217
218 redirect = getCompleteRedirectURL(request, redirect);
219 }
220 }
221
222 String mainPath = themeDisplay.getPathMain();
223
224 if (PropsValues.PORTAL_JAAS_ENABLE) {
225 if (Validator.isNotNull(redirect)) {
226 redirect = mainPath.concat(
227 "/portal/protected?redirect=").concat(
228 HttpUtil.encodeURL(redirect));
229 }
230 else {
231 redirect = mainPath.concat("/portal/protected");
232 }
233
234 actionResponse.sendRedirect(redirect);
235 }
236 else {
237 if (Validator.isNotNull(redirect)) {
238 actionResponse.sendRedirect(redirect);
239 }
240 else {
241 boolean doActionAfterLogin = ParamUtil.getBoolean(
242 actionRequest, "doActionAfterLogin");
243
244 if (doActionAfterLogin) {
245 return;
246 }
247 else {
248 actionResponse.sendRedirect(mainPath);
249 }
250 }
251 }
252 }
253
254 protected void postProcessAuthFailure(
255 ActionRequest actionRequest, ActionResponse actionResponse)
256 throws Exception {
257
258 LiferayPortletRequest liferayPortletRequest =
259 PortalUtil.getLiferayPortletRequest(actionRequest);
260
261 String portletName = liferayPortletRequest.getPortletName();
262
263 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
264
265 PortletURL portletURL = PortletURLFactoryUtil.create(
266 actionRequest, portletName, layout.getPlid(),
267 PortletRequest.RENDER_PHASE);
268
269 portletURL.setParameter("saveLastPath", Boolean.FALSE.toString());
270
271 String redirect = ParamUtil.getString(actionRequest, "redirect");
272
273 if (Validator.isNotNull(redirect)) {
274 portletURL.setParameter("redirect", redirect);
275 }
276
277 String login = ParamUtil.getString(actionRequest, "login");
278
279 if (Validator.isNotNull(login)) {
280 portletURL.setParameter("login", login);
281 }
282
283 if (portletName.equals(PortletKeys.LOGIN)) {
284 portletURL.setWindowState(WindowState.MAXIMIZED);
285 }
286 else {
287 portletURL.setWindowState(actionRequest.getWindowState());
288 }
289
290 actionResponse.sendRedirect(portletURL.toString());
291 }
292
293 private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
294
295 private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
296
297 }