001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.ParamUtil;
020 import com.liferay.portal.kernel.util.StringPool;
021 import com.liferay.portal.kernel.util.Validator;
022 import com.liferay.portal.model.User;
023 import com.liferay.portal.security.ldap.LDAPSettingsUtil;
024 import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
025 import com.liferay.portal.security.ldap.PortalLDAPUtil;
026 import com.liferay.portal.util.PortalUtil;
027 import com.liferay.portal.util.WebKeys;
028
029 import javax.naming.directory.SearchResult;
030 import javax.naming.ldap.LdapContext;
031
032 import javax.servlet.http.HttpServletRequest;
033 import javax.servlet.http.HttpServletResponse;
034
035
038 public class NtlmAutoLogin implements AutoLogin {
039
040 public String[] login(
041 HttpServletRequest request, HttpServletResponse response) {
042
043 String[] credentials = null;
044
045 try {
046 long companyId = PortalUtil.getCompanyId(request);
047
048 if (!LDAPSettingsUtil.isNtlmEnabled(companyId)) {
049 return credentials;
050 }
051
052 String screenName = (String)request.getAttribute(
053 WebKeys.NTLM_REMOTE_USER);
054
055 if (screenName == null) {
056 return credentials;
057 }
058
059 request.removeAttribute(WebKeys.NTLM_REMOTE_USER);
060
061 User user = getUser(companyId, screenName);
062
063 if (user != null) {
064 String redirect = ParamUtil.getString(request, "redirect");
065
066 if (Validator.isNotNull(redirect)) {
067 request.setAttribute(
068 AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE, redirect);
069 }
070
071 credentials = new String[3];
072
073 credentials[0] = String.valueOf(user.getUserId());
074 credentials[1] = user.getPassword();
075 credentials[2] = Boolean.TRUE.toString();
076 }
077 }
078 catch (Exception e) {
079 _log.error(e, e);
080 }
081
082 return credentials;
083 }
084
085 protected User getUser(long companyId, String screenName) throws Exception {
086 long ldapServerId = PortalLDAPUtil.getLdapServerId(
087 companyId, screenName);
088
089 SearchResult result = (SearchResult)PortalLDAPUtil.getUser(
090 ldapServerId, companyId, screenName);
091
092 if (result == null) {
093 if (_log.isWarnEnabled()) {
094 _log.warn(
095 "No user was found in LDAP with screenName " + screenName);
096 }
097
098 return null;
099 }
100
101 LdapContext ctx = PortalLDAPUtil.getContext(ldapServerId, companyId);
102
103 User user = PortalLDAPImporterUtil.importLDAPUser(
104 ldapServerId, companyId, ctx, result.getAttributes(),
105 StringPool.BLANK);
106
107 ctx.close();
108
109 return user;
110 }
111
112 private static Log _log = LogFactoryUtil.getLog(NtlmAutoLogin.class);
113
114 }