001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.struts;
016    
017    import com.liferay.portal.LayoutPermissionException;
018    import com.liferay.portal.PortletActiveException;
019    import com.liferay.portal.UserActiveException;
020    import com.liferay.portal.kernel.exception.SystemException;
021    import com.liferay.portal.kernel.log.Log;
022    import com.liferay.portal.kernel.log.LogFactoryUtil;
023    import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
024    import com.liferay.portal.kernel.servlet.HttpMethods;
025    import com.liferay.portal.kernel.servlet.SessionErrors;
026    import com.liferay.portal.kernel.struts.LastPath;
027    import com.liferay.portal.kernel.util.GetterUtil;
028    import com.liferay.portal.kernel.util.HttpUtil;
029    import com.liferay.portal.kernel.util.JavaConstants;
030    import com.liferay.portal.kernel.util.ParamUtil;
031    import com.liferay.portal.kernel.util.PropsKeys;
032    import com.liferay.portal.kernel.util.StringBundler;
033    import com.liferay.portal.kernel.util.StringPool;
034    import com.liferay.portal.kernel.util.Validator;
035    import com.liferay.portal.liveusers.LiveUsers;
036    import com.liferay.portal.model.Layout;
037    import com.liferay.portal.model.LayoutConstants;
038    import com.liferay.portal.model.Portlet;
039    import com.liferay.portal.model.PortletPreferencesIds;
040    import com.liferay.portal.model.User;
041    import com.liferay.portal.model.UserTracker;
042    import com.liferay.portal.model.UserTrackerPath;
043    import com.liferay.portal.security.auth.PrincipalException;
044    import com.liferay.portal.security.permission.ActionKeys;
045    import com.liferay.portal.security.permission.PermissionChecker;
046    import com.liferay.portal.service.LayoutLocalServiceUtil;
047    import com.liferay.portal.service.PortletLocalServiceUtil;
048    import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
049    import com.liferay.portal.service.permission.PortletPermissionUtil;
050    import com.liferay.portal.service.persistence.UserTrackerPathUtil;
051    import com.liferay.portal.theme.ThemeDisplay;
052    import com.liferay.portal.util.PortalUtil;
053    import com.liferay.portal.util.PrefsPropsUtil;
054    import com.liferay.portal.util.PropsUtil;
055    import com.liferay.portal.util.PropsValues;
056    import com.liferay.portal.util.WebKeys;
057    import com.liferay.portlet.InvokerPortlet;
058    import com.liferay.portlet.PortletConfigFactoryUtil;
059    import com.liferay.portlet.PortletInstanceFactoryUtil;
060    import com.liferay.portlet.PortletPreferencesFactoryUtil;
061    import com.liferay.portlet.PortletURLImpl;
062    import com.liferay.portlet.RenderRequestFactory;
063    import com.liferay.portlet.RenderRequestImpl;
064    import com.liferay.portlet.RenderResponseFactory;
065    import com.liferay.portlet.RenderResponseImpl;
066    
067    import java.io.IOException;
068    
069    import java.util.Date;
070    import java.util.HashSet;
071    import java.util.Iterator;
072    import java.util.Map.Entry;
073    import java.util.Map;
074    import java.util.Set;
075    
076    import javax.portlet.PortletConfig;
077    import javax.portlet.PortletContext;
078    import javax.portlet.PortletMode;
079    import javax.portlet.PortletPreferences;
080    import javax.portlet.PortletRequest;
081    import javax.portlet.WindowState;
082    
083    import javax.servlet.ServletContext;
084    import javax.servlet.ServletException;
085    import javax.servlet.http.HttpServletRequest;
086    import javax.servlet.http.HttpServletResponse;
087    import javax.servlet.http.HttpSession;
088    import javax.servlet.jsp.PageContext;
089    
090    import org.apache.struts.action.ActionMapping;
091    import org.apache.struts.config.ForwardConfig;
092    import org.apache.struts.tiles.TilesRequestProcessor;
093    
094    /**
095     * @author Brian Wing Shun Chan
096     * @author Jorge Ferrer
097     * @author Wesley Gong
098     */
099    public class PortalRequestProcessor extends TilesRequestProcessor {
100    
101            public PortalRequestProcessor() {
102    
103                    // auth.forward.last.path.
104    
105                    _lastPaths = new HashSet<String>();
106    
107                    _lastPaths.add(_PATH_PORTAL_LAYOUT);
108    
109                    addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
110    
111                    // auth.public.path.
112    
113                    _publicPaths = new HashSet<String>();
114    
115                    _publicPaths.add(_PATH_C);
116                    _publicPaths.add(_PATH_PORTAL_FLASH);
117                    _publicPaths.add(_PATH_PORTAL_J_LOGIN);
118                    _publicPaths.add(_PATH_PORTAL_LAYOUT);
119                    _publicPaths.add(_PATH_PORTAL_LOGIN);
120                    _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
121                    _publicPaths.add(_PATH_PORTAL_TCK);
122                    _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
123    
124                    addPaths(_publicPaths, PropsKeys.AUTH_PUBLIC_PATHS);
125    
126                    _trackerIgnorePaths = new HashSet<String>();
127    
128                    addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
129            }
130    
131            public void process(
132                            HttpServletRequest request, HttpServletResponse response)
133                    throws IOException, ServletException {
134    
135                    String path = super.processPath(request, response);
136    
137                    ActionMapping mapping = (ActionMapping)moduleConfig.findActionConfig(
138                            path);
139    
140                    if (mapping == null) {
141                            String lastPath = getLastPath(request);
142    
143                            if (_log.isDebugEnabled()) {
144                                    _log.debug("Last path " + lastPath);
145                            }
146    
147                            response.sendRedirect(lastPath);
148    
149                            return;
150                    }
151    
152                    super.process(request, response);
153    
154                    try {
155                            if (isPortletPath(path)) {
156                                    cleanUp(request);
157                            }
158                    }
159                    catch (Exception e) {
160                            _log.error(e, e);
161                    }
162            }
163    
164            protected void addPaths(Set<String> paths, String propsKey) {
165                    String[] pathsArray = PropsUtil.getArray(propsKey);
166    
167                    for (String path : pathsArray) {
168                            paths.add(path);
169                    }
170            }
171    
172            protected void callParentDoForward(
173                            String uri, HttpServletRequest request,
174                            HttpServletResponse response)
175                    throws IOException, ServletException {
176    
177                    super.doForward(uri, request, response);
178            }
179    
180            protected HttpServletRequest callParentProcessMultipart(
181                    HttpServletRequest request) {
182    
183                    return super.processMultipart(request);
184            }
185    
186            protected String callParentProcessPath(
187                            HttpServletRequest request, HttpServletResponse response)
188                    throws IOException {
189    
190                    return super.processPath(request, response);
191            }
192    
193            protected boolean callParentProcessRoles(
194                            HttpServletRequest request, HttpServletResponse response,
195                            ActionMapping mapping)
196                    throws IOException, ServletException {
197    
198                    return super.processRoles(request, response, mapping);
199            }
200    
201            protected void cleanUp(HttpServletRequest request) throws Exception {
202    
203                    // Clean up portlet objects that may have been created by defineObjects
204                    // for portlets that are called directly from a Struts path
205    
206                    RenderRequestImpl renderRequestImpl =
207                            (RenderRequestImpl)request.getAttribute(
208                                    JavaConstants.JAVAX_PORTLET_REQUEST);
209    
210                    if (renderRequestImpl != null) {
211                            renderRequestImpl.cleanUp();
212                    }
213            }
214    
215            protected void defineObjects(
216                            HttpServletRequest request, HttpServletResponse response,
217                            Portlet portlet)
218                    throws Exception {
219    
220                    String portletId = portlet.getPortletId();
221    
222                    ServletContext servletContext = (ServletContext)request.getAttribute(
223                            WebKeys.CTX);
224    
225                    InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
226                            portlet, servletContext);
227    
228                    PortletPreferencesIds portletPreferencesIds =
229                            PortletPreferencesFactoryUtil.getPortletPreferencesIds(
230                                    request, portletId);
231    
232                    PortletPreferences portletPreferences =
233                            PortletPreferencesLocalServiceUtil.getPreferences(
234                                    portletPreferencesIds);
235    
236                    PortletConfig portletConfig = PortletConfigFactoryUtil.create(
237                            portlet, servletContext);
238                    PortletContext portletContext = portletConfig.getPortletContext();
239    
240                    RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
241                            request, portlet, invokerPortlet, portletContext,
242                            WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
243    
244                    RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
245                            renderRequestImpl, response, portletId, portlet.getCompanyId());
246    
247                    renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
248    
249                    request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
250            }
251    
252            protected void doForward(
253                            String uri, HttpServletRequest request,
254                            HttpServletResponse response)
255                    throws ServletException {
256    
257                    StrutsUtil.forward(uri, getServletContext(), request, response);
258            }
259    
260            protected void doInclude(
261                            String uri, HttpServletRequest request,
262                            HttpServletResponse response)
263                    throws ServletException {
264    
265                    StrutsUtil.include(uri, getServletContext(), request, response);
266            }
267    
268            protected String getFriendlyTrackerPath(
269                            String path, ThemeDisplay themeDisplay, HttpServletRequest request)
270                    throws Exception {
271    
272                    if (!path.equals(_PATH_PORTAL_LAYOUT)) {
273                            return null;
274                    }
275    
276                    long plid = ParamUtil.getLong(request, "p_l_id");
277    
278                    if (plid == 0) {
279                            return null;
280                    }
281    
282                    Layout layout = LayoutLocalServiceUtil.getLayout(plid);
283    
284                    String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
285                            layout, themeDisplay);
286    
287                    String portletId = ParamUtil.getString(request, "p_p_id");
288    
289                    if (Validator.isNull(portletId)) {
290                            return layoutFriendlyURL;
291                    }
292    
293                    long companyId = PortalUtil.getCompanyId(request);
294    
295                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
296                            companyId, portletId);
297    
298                    if (portlet == null) {
299                            String strutsPath = path.substring(
300                                    1, path.lastIndexOf(StringPool.SLASH));
301    
302                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
303                                    companyId, strutsPath);
304                    }
305    
306                    if ((portlet == null) || !portlet.isActive()) {
307                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
308                                    request.getQueryString());
309                    }
310    
311                    String namespace = PortalUtil.getPortletNamespace(portletId);
312    
313                    FriendlyURLMapper friendlyURLMapper =
314                            portlet.getFriendlyURLMapperInstance();
315    
316                    if (friendlyURLMapper == null) {
317                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
318                                    request.getQueryString());
319                    }
320    
321                    PortletURLImpl portletURL = new PortletURLImpl(
322                            request, portletId, plid, PortletRequest.RENDER_PHASE);
323    
324                    Iterator<Map.Entry<String, String[]>> itr =
325                            request.getParameterMap().entrySet().iterator();
326    
327                    while (itr.hasNext()) {
328                            Entry<String, String[]> entry = itr.next();
329    
330                            String key = entry.getKey();
331    
332                            if (key.startsWith(namespace)) {
333                                    key = key.substring(namespace.length());
334    
335                                    portletURL.setParameter(key, entry.getValue());
336                            }
337                    }
338    
339                    String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
340    
341                    if (portletFriendlyURL != null) {
342                            return layoutFriendlyURL.concat(portletFriendlyURL);
343                    }
344                    else {
345                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
346                                    request.getQueryString());
347                    }
348            }
349    
350            protected String getLastPath(HttpServletRequest request) {
351                    HttpSession session = request.getSession();
352    
353                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
354                            WebKeys.THEME_DISPLAY);
355    
356                    Boolean httpsInitial = (Boolean)session.getAttribute(
357                            WebKeys.HTTPS_INITIAL);
358    
359                    String portalURL = null;
360    
361                    if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
362                            (!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&
363                            (httpsInitial != null) && (!httpsInitial.booleanValue())) {
364    
365                            portalURL = PortalUtil.getPortalURL(request, false);
366                    }
367                    else {
368                            portalURL = PortalUtil.getPortalURL(request);
369                    }
370    
371                    StringBundler sb = new StringBundler();
372    
373                    sb.append(portalURL);
374                    sb.append(themeDisplay.getPathMain());
375                    sb.append(_PATH_PORTAL_LAYOUT);
376    
377                    if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
378                            if (request.getRemoteUser() != null) {
379    
380                                    // If we do not forward by last path and the user is logged in,
381                                    // forward to the user's default layout to prevent a lagging
382                                    // loop
383    
384                                    sb.append(StringPool.QUESTION);
385                                    sb.append("p_l_id");
386                                    sb.append(StringPool.EQUAL);
387                                    sb.append(LayoutConstants.DEFAULT_PLID);
388                            }
389    
390                            return sb.toString();
391                    }
392    
393                    LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
394    
395                    if (lastPath == null) {
396                            return sb.toString();
397                    }
398    
399                    Map<String, String[]> parameterMap = lastPath.getParameterMap();
400    
401                    // Only test for existing mappings for last paths that were set when the
402                    // user accessed a layout directly instead of through its friendly URL
403    
404                    if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
405                            ActionMapping mapping =
406                                    (ActionMapping)moduleConfig.findActionConfig(
407                                            lastPath.getPath());
408    
409                            if ((mapping == null) || (parameterMap == null)) {
410                                    return sb.toString();
411                            }
412                    }
413    
414                    StringBundler lastPathSB = new StringBundler(4);
415    
416                    lastPathSB.append(portalURL);
417                    lastPathSB.append(lastPath.getContextPath());
418                    lastPathSB.append(lastPath.getPath());
419                    lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
420    
421                    return lastPathSB.toString();
422            }
423    
424            protected boolean isPortletPath(String path) {
425                    if ((path != null) &&
426                            (!path.equals(_PATH_C)) &&
427                            (!path.startsWith(_PATH_COMMON)) &&
428                            (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
429                            (!path.startsWith(_PATH_PORTAL))) {
430    
431                            return true;
432                    }
433                    else {
434                            return false;
435                    }
436            }
437    
438            protected boolean isPublicPath(String path) {
439                    if ((path != null) &&
440                            (_publicPaths.contains(path)) ||
441                            (path.startsWith(_PATH_COMMON))) {
442    
443                            return true;
444                    }
445                    else {
446                            return false;
447                    }
448            }
449    
450            protected ActionMapping processMapping(
451                            HttpServletRequest request, HttpServletResponse response,
452                            String path)
453                    throws IOException {
454    
455                    if (path == null) {
456                            return null;
457                    }
458    
459                    ActionMapping mapping = super.processMapping(request, response, path);
460    
461                    if (mapping == null) {
462                            String msg = getInternal().getMessage("processInvalid");
463    
464                            _log.error("User ID " + request.getRemoteUser());
465                            _log.error("Current URL " + PortalUtil.getCurrentURL(request));
466                            _log.error("Referer " + request.getHeader("Referer"));
467                            _log.error("Remote address " + request.getRemoteAddr());
468    
469                            _log.error(msg + " " + path);
470                    }
471    
472                    return mapping;
473            }
474    
475            protected HttpServletRequest processMultipart(HttpServletRequest request) {
476    
477                    // Disable Struts from automatically wrapping a multipart request
478    
479                    return request;
480            }
481    
482            protected String processPath(
483                            HttpServletRequest request, HttpServletResponse response)
484                    throws IOException {
485    
486                    String path = GetterUtil.getString(
487                            super.processPath(request, response));
488    
489                    HttpSession session = request.getSession();
490    
491                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
492                            WebKeys.THEME_DISPLAY);
493    
494                    // Current users
495    
496                    UserTracker userTracker = LiveUsers.getUserTracker(
497                            themeDisplay.getCompanyId(), session.getId());
498    
499                    if ((userTracker != null) && (!path.equals(_PATH_C)) &&
500                            (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
501                            (path.indexOf(_PATH_PORTAL_PROTECTED) == -1) &&
502                            (!_trackerIgnorePaths.contains(path))) {
503    
504                            String fullPath = null;
505    
506                            try {
507                                    if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
508                                            fullPath = getFriendlyTrackerPath(
509                                                    path, themeDisplay, request);
510                                    }
511                            }
512                            catch (Exception e) {
513                                    _log.error(e, e);
514                            }
515    
516                            String queryString = request.getQueryString();
517    
518                            if (Validator.isNull(fullPath) &&
519                                    Validator.isNotNull(queryString)) {
520    
521                                    fullPath = path.concat(StringPool.QUESTION).concat(queryString);
522                            }
523                            else {
524                                    fullPath = path;
525                            }
526    
527                            UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
528    
529                            userTrackerPath.setUserTrackerId(userTracker.getUserTrackerId());
530                            userTrackerPath.setPath(fullPath);
531                            userTrackerPath.setPathDate(new Date());
532    
533                            userTracker.addPath(userTrackerPath);
534                    }
535    
536                    String remoteUser = request.getRemoteUser();
537    
538                    User user = null;
539    
540                    try {
541                            user = PortalUtil.getUser(request);
542                    }
543                    catch (Exception e) {
544                    }
545    
546                    // Last path
547    
548                    if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
549                            boolean saveLastPath = ParamUtil.getBoolean(
550                                    request, "saveLastPath", true);
551    
552                            if (themeDisplay.isLifecycleResource() ||
553                                    themeDisplay.isStateExclusive() ||
554                                    themeDisplay.isStatePopUp() ||
555                                    !request.getMethod().equalsIgnoreCase(HttpMethods.GET)) {
556    
557                                    saveLastPath = false;
558                            }
559    
560                            // Save last path
561    
562                            if (saveLastPath) {
563    
564                                    // Was a last path set by another servlet that dispatched to
565                                    // the MainServlet? If so, use that last path instead.
566    
567                                    LastPath lastPath = (LastPath)request.getAttribute(
568                                            WebKeys.LAST_PATH);
569    
570                                    if (lastPath == null) {
571                                            lastPath = new LastPath(
572                                                    themeDisplay.getPathMain(), path,
573                                                    request.getParameterMap());
574                                    }
575    
576                                    session.setAttribute(WebKeys.LAST_PATH, lastPath);
577                            }
578                    }
579    
580                    // Authenticated users can always log out
581    
582                    if (((remoteUser != null) || (user != null)) &&
583                            (path.equals(_PATH_PORTAL_LOGOUT))) {
584    
585                            return path;
586                    }
587    
588                    // Authenticated users can always extend or confirm their session
589    
590                    if (((remoteUser != null) || (user != null)) &&
591                            (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
592                             path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
593    
594                            return path;
595                    }
596    
597                    // Authenticated users can always agree to terms of use
598    
599                    if (((remoteUser != null) || (user != null)) &&
600                            (path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE))) {
601    
602                            return path;
603                    }
604    
605                    // Authenticated users must still exist in the system
606    
607                    if ((remoteUser != null) && (user == null)) {
608                            return _PATH_PORTAL_LOGOUT;
609                    }
610    
611                    // Authenticated users must be active
612    
613                    if ((user != null) && !user.isActive()) {
614                            SessionErrors.add(request, UserActiveException.class.getName());
615    
616                            return _PATH_PORTAL_ERROR;
617                    }
618    
619                    if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
620                            !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
621                            !ParamUtil.getBoolean(request, "wsrp")) {
622    
623                            // Authenticated users should agree to Terms of Use
624    
625                            if ((user != null) && !user.isAgreedToTermsOfUse()) {
626                                    boolean termsOfUseRequired = false;
627    
628                                    try {
629                                            termsOfUseRequired = PrefsPropsUtil.getBoolean(
630                                                    user.getCompanyId(), PropsKeys.TERMS_OF_USE_REQUIRED);
631                                    }
632                                    catch (SystemException se) {
633                                            termsOfUseRequired = PropsValues.TERMS_OF_USE_REQUIRED;
634                                    }
635    
636                                    if (termsOfUseRequired) {
637                                            return _PATH_PORTAL_TERMS_OF_USE;
638                                    }
639                            }
640    
641                            // Authenticated users must have a current password
642    
643                            if ((user != null) && user.isPasswordReset()) {
644                                    return _PATH_PORTAL_UPDATE_PASSWORD;
645                            }
646    
647                            // Authenticated users must have an email address
648    
649                            if ((user != null) &&
650                                    Validator.isNull(user.getDisplayEmailAddress())) {
651    
652                                    return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
653                            }
654    
655                            // Authenticated users should have a reminder query
656    
657                            if ((user != null) &&
658                                    (Validator.isNull(user.getReminderQueryQuestion()) ||
659                                     Validator.isNull(user.getReminderQueryAnswer()))) {
660    
661                                    if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
662                                            return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
663                                    }
664                            }
665                    }
666    
667                    // Users must sign in
668    
669                    if (!isPublicPath(path)) {
670                            if (user == null) {
671                                    SessionErrors.add(request, PrincipalException.class.getName());
672    
673                                    return _PATH_PORTAL_LOGIN;
674                            }
675                    }
676    
677                    ActionMapping mapping =
678                            (ActionMapping)moduleConfig.findActionConfig(path);
679    
680                    path = mapping.getPath();
681    
682                    // Define the portlet objects
683    
684                    if (isPortletPath(path)) {
685                            try {
686                                    Portlet portlet = null;
687    
688                                    long companyId = PortalUtil.getCompanyId(request);
689                                    String portletId = ParamUtil.getString(request, "p_p_id");
690    
691                                    if (Validator.isNotNull(portletId)) {
692                                            portlet = PortletLocalServiceUtil.getPortletById(
693                                                    companyId, portletId);
694                                    }
695    
696                                    if (portlet == null) {
697                                            String strutsPath = path.substring(
698                                                    1, path.lastIndexOf(StringPool.SLASH));
699    
700                                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
701                                                    companyId, strutsPath);
702                                    }
703    
704                                    if ((portlet != null) && portlet.isActive()) {
705                                            defineObjects(request, response, portlet);
706                                    }
707                            }
708                            catch (Exception e) {
709                                    request.setAttribute(PageContext.EXCEPTION, e);
710    
711                                    path = _PATH_COMMON_ERROR;
712                            }
713                    }
714    
715                    // Authenticated users must have access to at least one layout
716    
717                    if (SessionErrors.contains(
718                                    request, LayoutPermissionException.class.getName())) {
719    
720                            return _PATH_PORTAL_ERROR;
721                    }
722    
723                    return path;
724            }
725    
726            protected boolean processRoles(
727                            HttpServletRequest request, HttpServletResponse response,
728                            ActionMapping mapping)
729                    throws IOException, ServletException {
730    
731                    String path = mapping.getPath();
732    
733                    if (isPublicPath(path)) {
734                            return true;
735                    }
736    
737                    boolean authorized = true;
738    
739                    User user = null;
740    
741                    try {
742                            user = PortalUtil.getUser(request);
743                    }
744                    catch (Exception e) {
745                    }
746    
747                    if ((user != null) && isPortletPath(path)) {
748                            try {
749    
750                                    // Authenticated users can always log out
751    
752                                    if (path.equals(_PATH_PORTAL_LOGOUT)) {
753                                            return true;
754                                    }
755    
756                                    Portlet portlet = null;
757    
758                                    String portletId = ParamUtil.getString(request, "p_p_id");
759    
760                                    if (Validator.isNotNull(portletId)) {
761                                            portlet = PortletLocalServiceUtil.getPortletById(
762                                                    user.getCompanyId(), portletId);
763                                    }
764    
765                                    String strutsPath = path.substring(
766                                            1, path.lastIndexOf(StringPool.SLASH));
767    
768                                    if (portlet != null) {
769                                            if (!strutsPath.equals(portlet.getStrutsPath())) {
770                                                    throw new PrincipalException();
771                                            }
772                                    }
773                                    else {
774                                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
775                                                    user.getCompanyId(), strutsPath);
776                                    }
777    
778                                    if ((portlet != null) && portlet.isActive()) {
779                                            ThemeDisplay themeDisplay =
780                                                    (ThemeDisplay)request.getAttribute(
781                                                            WebKeys.THEME_DISPLAY);
782    
783                                            Layout layout = themeDisplay.getLayout();
784                                            PermissionChecker permissionChecker =
785                                                    themeDisplay.getPermissionChecker();
786    
787                                            if (!PortletPermissionUtil.contains(
788                                                            permissionChecker, layout.getPlid(), portlet,
789                                                            ActionKeys.VIEW)) {
790    
791                                                    throw new PrincipalException();
792                                            }
793                                    }
794                                    else if (portlet != null && !portlet.isActive()) {
795                                            SessionErrors.add(
796                                                    request, PortletActiveException.class.getName());
797    
798                                            authorized = false;
799                                    }
800                            }
801                            catch (Exception e) {
802                                    SessionErrors.add(request, PrincipalException.class.getName());
803    
804                                    authorized = false;
805                            }
806                    }
807    
808                    if (!authorized) {
809                            ForwardConfig forwardConfig =
810                                    mapping.findForward(_PATH_PORTAL_ERROR);
811    
812                            processForwardConfig(request, response, forwardConfig);
813    
814                            return false;
815                    }
816                    else {
817                            return true;
818                    }
819            }
820    
821            private static String _PATH_C = "/c";
822    
823            private static String _PATH_COMMON = "/common";
824    
825            private static String _PATH_COMMON_ERROR = "/common/error";
826    
827            private static String _PATH_J_SECURITY_CHECK = "/j_security_check";
828    
829            private static String _PATH_PORTAL = "/portal";
830    
831            private static String _PATH_PORTAL_ERROR = "/portal/error";
832    
833            private static String _PATH_PORTAL_EXPIRE_SESSION =
834                    "/portal/expire_session";
835    
836            private static String _PATH_PORTAL_EXTEND_SESSION =
837                    "/portal/extend_session";
838    
839            private static String _PATH_PORTAL_FLASH = "/portal/flash";
840    
841            private static String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
842    
843            private static String _PATH_PORTAL_JSON_SERVICE = "/portal/json_service";
844    
845            private static String _PATH_PORTAL_LAYOUT = "/portal/layout";
846    
847            private static String _PATH_PORTAL_LOGIN = "/portal/login";
848    
849            private static String _PATH_PORTAL_LOGOUT = "/portal/logout";
850    
851            private static String _PATH_PORTAL_PROTECTED = "/portal/protected";
852    
853            private static String _PATH_PORTAL_RENDER_PORTLET =
854                    "/portal/render_portlet";
855    
856            private static String _PATH_PORTAL_TCK = "/portal/tck";
857    
858            private static String _PATH_PORTAL_TERMS_OF_USE = "/portal/terms_of_use";
859    
860            private static String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
861                    "/portal/update_email_address";
862    
863            private static String _PATH_PORTAL_UPDATE_PASSWORD =
864                    "/portal/update_password";
865    
866            private static String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
867                    "/portal/update_reminder_query";
868    
869            private static String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
870                    "/portal/update_terms_of_use";
871    
872            private static Log _log = LogFactoryUtil.getLog(
873                    PortalRequestProcessor.class);
874    
875            private Set<String> _lastPaths;
876            private Set<String> _publicPaths;
877            private Set<String> _trackerIgnorePaths;
878    
879    }