001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.ParamUtil;
020    import com.liferay.portal.kernel.util.StringPool;
021    import com.liferay.portal.kernel.util.Validator;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.ldap.LDAPSettingsUtil;
024    import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
025    import com.liferay.portal.security.ldap.PortalLDAPUtil;
026    import com.liferay.portal.util.PortalUtil;
027    import com.liferay.portal.util.WebKeys;
028    
029    import javax.naming.directory.SearchResult;
030    import javax.naming.ldap.LdapContext;
031    
032    import javax.servlet.http.HttpServletRequest;
033    import javax.servlet.http.HttpServletResponse;
034    
035    /**
036     * @author Bruno Farache
037     */
038    public class NtlmAutoLogin implements AutoLogin {
039    
040            public String[] login(
041                    HttpServletRequest request, HttpServletResponse response) {
042    
043                    String[] credentials = null;
044    
045                    try {
046                            long companyId = PortalUtil.getCompanyId(request);
047    
048                            if (!LDAPSettingsUtil.isNtlmEnabled(companyId)) {
049                                    return credentials;
050                            }
051    
052                            String screenName = (String)request.getAttribute(
053                                    WebKeys.NTLM_REMOTE_USER);
054    
055                            if (screenName == null) {
056                                    return credentials;
057                            }
058    
059                            request.removeAttribute(WebKeys.NTLM_REMOTE_USER);
060    
061                            User user = getUser(companyId, screenName);
062    
063                            if (user != null) {
064                                    String redirect = ParamUtil.getString(request, "redirect");
065    
066                                    if (Validator.isNotNull(redirect)) {
067                                            request.setAttribute(
068                                                    AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE, redirect);
069                                    }
070    
071                                    credentials = new String[3];
072    
073                                    credentials[0] = String.valueOf(user.getUserId());
074                                    credentials[1] = user.getPassword();
075                                    credentials[2] = Boolean.TRUE.toString();
076                            }
077                    }
078                    catch (Exception e) {
079                            _log.error(e, e);
080                    }
081    
082                    return credentials;
083            }
084    
085            protected User getUser(long companyId, String screenName) throws Exception {
086                    long ldapServerId = PortalLDAPUtil.getLdapServerId(
087                            companyId, screenName);
088    
089                    SearchResult result = (SearchResult)PortalLDAPUtil.getUser(
090                            ldapServerId, companyId, screenName);
091    
092                    if (result == null) {
093                            if (_log.isWarnEnabled()) {
094                                    _log.warn(
095                                            "No user was found in LDAP with screenName " + screenName);
096                            }
097    
098                            return null;
099                    }
100    
101                    LdapContext ctx = PortalLDAPUtil.getContext(ldapServerId, companyId);
102    
103                    User user = PortalLDAPImporterUtil.importLDAPUser(
104                            ldapServerId, companyId, ctx, result.getAttributes(),
105                            StringPool.BLANK);
106    
107                    ctx.close();
108    
109                    return user;
110            }
111    
112            private static Log _log = LogFactoryUtil.getLog(NtlmAutoLogin.class);
113    
114    }