001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.struts;
016    
017    import com.liferay.portal.LayoutPermissionException;
018    import com.liferay.portal.PortletActiveException;
019    import com.liferay.portal.UserActiveException;
020    import com.liferay.portal.kernel.exception.SystemException;
021    import com.liferay.portal.kernel.log.Log;
022    import com.liferay.portal.kernel.log.LogFactoryUtil;
023    import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
024    import com.liferay.portal.kernel.servlet.HttpMethods;
025    import com.liferay.portal.kernel.servlet.SessionErrors;
026    import com.liferay.portal.kernel.struts.LastPath;
027    import com.liferay.portal.kernel.util.CharPool;
028    import com.liferay.portal.kernel.util.GetterUtil;
029    import com.liferay.portal.kernel.util.HttpUtil;
030    import com.liferay.portal.kernel.util.JavaConstants;
031    import com.liferay.portal.kernel.util.ParamUtil;
032    import com.liferay.portal.kernel.util.PropsKeys;
033    import com.liferay.portal.kernel.util.StringBundler;
034    import com.liferay.portal.kernel.util.StringPool;
035    import com.liferay.portal.kernel.util.Validator;
036    import com.liferay.portal.liveusers.LiveUsers;
037    import com.liferay.portal.model.Company;
038    import com.liferay.portal.model.Layout;
039    import com.liferay.portal.model.LayoutConstants;
040    import com.liferay.portal.model.Portlet;
041    import com.liferay.portal.model.PortletPreferencesIds;
042    import com.liferay.portal.model.User;
043    import com.liferay.portal.model.UserTracker;
044    import com.liferay.portal.model.UserTrackerPath;
045    import com.liferay.portal.security.auth.PrincipalException;
046    import com.liferay.portal.security.permission.ActionKeys;
047    import com.liferay.portal.security.permission.PermissionChecker;
048    import com.liferay.portal.service.LayoutLocalServiceUtil;
049    import com.liferay.portal.service.PortletLocalServiceUtil;
050    import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
051    import com.liferay.portal.service.permission.PortletPermissionUtil;
052    import com.liferay.portal.service.persistence.UserTrackerPathUtil;
053    import com.liferay.portal.setup.SetupWizardUtil;
054    import com.liferay.portal.theme.ThemeDisplay;
055    import com.liferay.portal.util.PortalUtil;
056    import com.liferay.portal.util.PrefsPropsUtil;
057    import com.liferay.portal.util.PropsUtil;
058    import com.liferay.portal.util.PropsValues;
059    import com.liferay.portal.util.WebKeys;
060    import com.liferay.portlet.InvokerPortlet;
061    import com.liferay.portlet.PortletConfigFactoryUtil;
062    import com.liferay.portlet.PortletInstanceFactoryUtil;
063    import com.liferay.portlet.PortletPreferencesFactoryUtil;
064    import com.liferay.portlet.PortletURLImpl;
065    import com.liferay.portlet.RenderRequestFactory;
066    import com.liferay.portlet.RenderRequestImpl;
067    import com.liferay.portlet.RenderResponseFactory;
068    import com.liferay.portlet.RenderResponseImpl;
069    
070    import java.io.IOException;
071    
072    import java.util.Date;
073    import java.util.HashSet;
074    import java.util.Iterator;
075    import java.util.Map.Entry;
076    import java.util.Map;
077    import java.util.Set;
078    
079    import javax.portlet.PortletConfig;
080    import javax.portlet.PortletContext;
081    import javax.portlet.PortletMode;
082    import javax.portlet.PortletPreferences;
083    import javax.portlet.PortletRequest;
084    import javax.portlet.WindowState;
085    
086    import javax.servlet.ServletContext;
087    import javax.servlet.ServletException;
088    import javax.servlet.http.HttpServletRequest;
089    import javax.servlet.http.HttpServletResponse;
090    import javax.servlet.http.HttpSession;
091    import javax.servlet.jsp.PageContext;
092    
093    import org.apache.struts.Globals;
094    import org.apache.struts.action.Action;
095    import org.apache.struts.action.ActionMapping;
096    import org.apache.struts.config.ActionConfig;
097    import org.apache.struts.config.ForwardConfig;
098    import org.apache.struts.tiles.TilesRequestProcessor;
099    import org.apache.struts.util.MessageResources;
100    
101    /**
102     * @author Brian Wing Shun Chan
103     * @author Jorge Ferrer
104     * @author Wesley Gong
105     * @author Mika Koivisto
106     */
107    public class PortalRequestProcessor extends TilesRequestProcessor {
108    
109            public PortalRequestProcessor() {
110    
111                    // auth.forward.last.path.
112    
113                    _lastPaths = new HashSet<String>();
114    
115                    _lastPaths.add(_PATH_PORTAL_LAYOUT);
116    
117                    addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
118    
119                    // auth.public.path.
120    
121                    _publicPaths = new HashSet<String>();
122    
123                    _publicPaths.add(_PATH_C);
124                    _publicPaths.add(_PATH_PORTAL_EE_LICENSE);
125                    _publicPaths.add(_PATH_PORTAL_FLASH);
126                    _publicPaths.add(_PATH_PORTAL_J_LOGIN);
127                    _publicPaths.add(_PATH_PORTAL_LAYOUT);
128                    _publicPaths.add(_PATH_PORTAL_LOGIN);
129                    _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
130                    _publicPaths.add(_PATH_PORTAL_TCK);
131                    _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
132                    _publicPaths.add(_PATH_PORTAL_VERIFY_EMAIL_ADDRESS);
133                    _publicPaths.add(PropsValues.AUTH_LOGIN_DISABLED_PATH);
134    
135                    _trackerIgnorePaths = new HashSet<String>();
136    
137                    addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
138            }
139    
140            @Override
141            public void process(
142                            HttpServletRequest request, HttpServletResponse response)
143                    throws IOException, ServletException {
144    
145                    HttpSession session = request.getSession();
146    
147                    Boolean basicAuthEnabled = (Boolean)session.getAttribute(
148                            WebKeys.BASIC_AUTH_ENABLED);
149    
150                    session.removeAttribute(WebKeys.BASIC_AUTH_ENABLED);
151    
152                    String path = super.processPath(request, response);
153    
154                    ActionMapping actionMapping =
155                            (ActionMapping)moduleConfig.findActionConfig(path);
156    
157                    Action action = StrutsActionRegistry.getAction(path);
158    
159                    if (((basicAuthEnabled != null) && basicAuthEnabled.booleanValue()) ||
160                            ((actionMapping == null) && (action == null))) {
161    
162                            String lastPath = getLastPath(request);
163    
164                            if (_log.isDebugEnabled()) {
165                                    _log.debug("Last path " + lastPath);
166                            }
167    
168                            response.sendRedirect(lastPath);
169    
170                            return;
171                    }
172    
173                    super.process(request, response);
174    
175                    try {
176                            if (isPortletPath(path)) {
177                                    cleanUp(request);
178                            }
179                    }
180                    catch (Exception e) {
181                            _log.error(e, e);
182                    }
183            }
184    
185            protected void addPaths(Set<String> paths, String propsKey) {
186                    String[] pathsArray = PropsUtil.getArray(propsKey);
187    
188                    for (String path : pathsArray) {
189                            paths.add(path);
190                    }
191            }
192    
193            protected void callParentDoForward(
194                            String uri, HttpServletRequest request,
195                            HttpServletResponse response)
196                    throws IOException, ServletException {
197    
198                    super.doForward(uri, request, response);
199            }
200    
201            protected HttpServletRequest callParentProcessMultipart(
202                    HttpServletRequest request) {
203    
204                    return super.processMultipart(request);
205            }
206    
207            protected String callParentProcessPath(
208                            HttpServletRequest request, HttpServletResponse response)
209                    throws IOException {
210    
211                    return super.processPath(request, response);
212            }
213    
214            protected boolean callParentProcessRoles(
215                            HttpServletRequest request, HttpServletResponse response,
216                            ActionMapping actionMapping)
217                    throws IOException, ServletException {
218    
219                    return super.processRoles(request, response, actionMapping);
220            }
221    
222            protected void cleanUp(HttpServletRequest request) throws Exception {
223    
224                    // Clean up portlet objects that may have been created by defineObjects
225                    // for portlets that are called directly from a Struts path
226    
227                    RenderRequestImpl renderRequestImpl =
228                            (RenderRequestImpl)request.getAttribute(
229                                    JavaConstants.JAVAX_PORTLET_REQUEST);
230    
231                    if (renderRequestImpl != null) {
232                            renderRequestImpl.cleanUp();
233                    }
234            }
235    
236            protected void defineObjects(
237                            HttpServletRequest request, HttpServletResponse response,
238                            Portlet portlet)
239                    throws Exception {
240    
241                    String portletId = portlet.getPortletId();
242    
243                    ServletContext servletContext = (ServletContext)request.getAttribute(
244                            WebKeys.CTX);
245    
246                    InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
247                            portlet, servletContext);
248    
249                    PortletPreferencesIds portletPreferencesIds =
250                            PortletPreferencesFactoryUtil.getPortletPreferencesIds(
251                                    request, portletId);
252    
253                    PortletPreferences portletPreferences =
254                            PortletPreferencesLocalServiceUtil.getPreferences(
255                                    portletPreferencesIds);
256    
257                    PortletConfig portletConfig = PortletConfigFactoryUtil.create(
258                            portlet, servletContext);
259                    PortletContext portletContext = portletConfig.getPortletContext();
260    
261                    RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
262                            request, portlet, invokerPortlet, portletContext,
263                            WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
264    
265                    RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
266                            renderRequestImpl, response, portletId, portlet.getCompanyId());
267    
268                    renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
269    
270                    request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
271            }
272    
273            @Override
274            protected void doForward(
275                            String uri, HttpServletRequest request,
276                            HttpServletResponse response)
277                    throws ServletException {
278    
279                    StrutsUtil.forward(uri, getServletContext(), request, response);
280            }
281    
282            @Override
283            protected void doInclude(
284                            String uri, HttpServletRequest request,
285                            HttpServletResponse response)
286                    throws ServletException {
287    
288                    StrutsUtil.include(uri, getServletContext(), request, response);
289            }
290    
291            protected String getFriendlyTrackerPath(
292                            String path, ThemeDisplay themeDisplay, HttpServletRequest request)
293                    throws Exception {
294    
295                    if (!path.equals(_PATH_PORTAL_LAYOUT)) {
296                            return null;
297                    }
298    
299                    long plid = ParamUtil.getLong(request, "p_l_id");
300    
301                    if (plid == 0) {
302                            return null;
303                    }
304    
305                    Layout layout = LayoutLocalServiceUtil.getLayout(plid);
306    
307                    String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
308                            layout, themeDisplay);
309    
310                    String portletId = ParamUtil.getString(request, "p_p_id");
311    
312                    if (Validator.isNull(portletId)) {
313                            return layoutFriendlyURL;
314                    }
315    
316                    long companyId = PortalUtil.getCompanyId(request);
317    
318                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
319                            companyId, portletId);
320    
321                    if (portlet == null) {
322                            String strutsPath = path.substring(
323                                    1, path.lastIndexOf(CharPool.SLASH));
324    
325                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
326                                    companyId, strutsPath);
327                    }
328    
329                    if ((portlet == null) || !portlet.isActive()) {
330                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
331                                    request.getQueryString());
332                    }
333    
334                    String namespace = PortalUtil.getPortletNamespace(portletId);
335    
336                    FriendlyURLMapper friendlyURLMapper =
337                            portlet.getFriendlyURLMapperInstance();
338    
339                    if (friendlyURLMapper == null) {
340                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
341                                    request.getQueryString());
342                    }
343    
344                    PortletURLImpl portletURL = new PortletURLImpl(
345                            request, portletId, plid, PortletRequest.RENDER_PHASE);
346    
347                    Iterator<Map.Entry<String, String[]>> itr =
348                            request.getParameterMap().entrySet().iterator();
349    
350                    while (itr.hasNext()) {
351                            Entry<String, String[]> entry = itr.next();
352    
353                            String key = entry.getKey();
354    
355                            if (key.startsWith(namespace)) {
356                                    key = key.substring(namespace.length());
357    
358                                    portletURL.setParameter(key, entry.getValue());
359                            }
360                    }
361    
362                    String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
363    
364                    if (portletFriendlyURL != null) {
365                            return layoutFriendlyURL.concat(portletFriendlyURL);
366                    }
367                    else {
368                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
369                                    request.getQueryString());
370                    }
371            }
372    
373            protected String getLastPath(HttpServletRequest request) {
374                    HttpSession session = request.getSession();
375    
376                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
377                            WebKeys.THEME_DISPLAY);
378    
379                    Boolean httpsInitial = (Boolean)session.getAttribute(
380                            WebKeys.HTTPS_INITIAL);
381    
382                    String portalURL = null;
383    
384                    if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
385                            (!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&
386                            (httpsInitial != null) && (!httpsInitial.booleanValue())) {
387    
388                            portalURL = PortalUtil.getPortalURL(request, false);
389                    }
390                    else {
391                            portalURL = PortalUtil.getPortalURL(request);
392                    }
393    
394                    StringBundler sb = new StringBundler();
395    
396                    sb.append(portalURL);
397                    sb.append(themeDisplay.getPathMain());
398                    sb.append(_PATH_PORTAL_LAYOUT);
399    
400                    if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
401                            if (request.getRemoteUser() != null) {
402    
403                                    // If we do not forward by last path and the user is logged in,
404                                    // forward to the user's default layout to prevent a lagging
405                                    // loop
406    
407                                    sb.append(StringPool.QUESTION);
408                                    sb.append("p_l_id");
409                                    sb.append(StringPool.EQUAL);
410                                    sb.append(LayoutConstants.DEFAULT_PLID);
411                            }
412    
413                            return sb.toString();
414                    }
415    
416                    LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
417    
418                    if (lastPath == null) {
419                            return sb.toString();
420                    }
421    
422                    Map<String, String[]> parameterMap = lastPath.getParameterMap();
423    
424                    // Only test for existing mappings for last paths that were set when the
425                    // user accessed a layout directly instead of through its friendly URL
426    
427                    if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
428                            ActionMapping actionMapping =
429                                    (ActionMapping)moduleConfig.findActionConfig(
430                                            lastPath.getPath());
431    
432                            if ((actionMapping == null) || (parameterMap == null)) {
433                                    return sb.toString();
434                            }
435                    }
436    
437                    StringBundler lastPathSB = new StringBundler(4);
438    
439                    lastPathSB.append(portalURL);
440                    lastPathSB.append(lastPath.getContextPath());
441                    lastPathSB.append(lastPath.getPath());
442                    lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
443    
444                    return lastPathSB.toString();
445            }
446    
447            protected boolean isPortletPath(String path) {
448                    if ((path != null) &&
449                            (!path.equals(_PATH_C)) &&
450                            (!path.startsWith(_PATH_COMMON)) &&
451                            (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
452                            (!path.startsWith(_PATH_PORTAL))) {
453    
454                            return true;
455                    }
456                    else {
457                            return false;
458                    }
459            }
460    
461            protected boolean isPublicPath(String path) {
462                    if ((path != null) &&
463                            (_publicPaths.contains(path) || path.startsWith(_PATH_COMMON) ||
464                             AuthPublicPathRegistry.contains(path))) {
465    
466                            return true;
467                    }
468                    else {
469                            return false;
470                    }
471            }
472    
473            @Override
474            protected Action processActionCreate(
475                            HttpServletRequest request, HttpServletResponse response,
476                            ActionMapping actionMapping)
477                    throws IOException {
478    
479                    ActionAdapter actionAdapter =
480                            (ActionAdapter)StrutsActionRegistry.getAction(
481                                    actionMapping.getPath());
482    
483                    if (actionAdapter != null) {
484                            ActionConfig actionConfig = moduleConfig.findActionConfig(
485                                    actionMapping.getPath());
486    
487                            if (actionConfig != null) {
488                                    Action originalAction = super.processActionCreate(
489                                            request, response, actionMapping);
490    
491                                    actionAdapter.setOriginalAction(originalAction);
492                            }
493    
494                            return actionAdapter;
495                    }
496    
497                    return super.processActionCreate(request, response, actionMapping);
498            }
499    
500            @Override
501            protected ActionMapping processMapping(
502                            HttpServletRequest request, HttpServletResponse response,
503                            String path)
504                    throws IOException {
505    
506                    if (path == null) {
507                            return null;
508                    }
509    
510                    Action action = StrutsActionRegistry.getAction(path);
511    
512                    if (action != null) {
513                            ActionMapping actionMapping =
514                                    (ActionMapping)moduleConfig.findActionConfig(path);
515    
516                            if (actionMapping == null) {
517                                    actionMapping = new ActionMapping();
518    
519                                    actionMapping.setModuleConfig(moduleConfig);
520                                    actionMapping.setPath(path);
521    
522                                    request.setAttribute(Globals.MAPPING_KEY, actionMapping);
523                            }
524    
525                            return actionMapping;
526                    }
527    
528                    ActionMapping actionMapping = super.processMapping(
529                            request, response, path);
530    
531                    if (actionMapping == null) {
532                            MessageResources messageResources = getInternal();
533    
534                            String msg = messageResources.getMessage("processInvalid");
535    
536                            _log.error("User ID " + request.getRemoteUser());
537                            _log.error("Current URL " + PortalUtil.getCurrentURL(request));
538                            _log.error("Referer " + request.getHeader("Referer"));
539                            _log.error("Remote address " + request.getRemoteAddr());
540    
541                            _log.error(msg + " " + path);
542                    }
543    
544                    return actionMapping;
545            }
546    
547            @Override
548            protected HttpServletRequest processMultipart(HttpServletRequest request) {
549    
550                    // Disable Struts from automatically wrapping a multipart request
551    
552                    return request;
553            }
554    
555            @Override
556            protected String processPath(
557                            HttpServletRequest request, HttpServletResponse response)
558                    throws IOException {
559    
560                    String path = GetterUtil.getString(
561                            super.processPath(request, response));
562    
563                    HttpSession session = request.getSession();
564    
565                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
566                            WebKeys.THEME_DISPLAY);
567    
568                    // Current users
569    
570                    UserTracker userTracker = LiveUsers.getUserTracker(
571                            themeDisplay.getCompanyId(), session.getId());
572    
573                    if ((userTracker != null) && (!path.equals(_PATH_C)) &&
574                            (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
575                            (path.indexOf(_PATH_PORTAL_PROTECTED) == -1) &&
576                            (!_trackerIgnorePaths.contains(path))) {
577    
578                            String fullPath = null;
579    
580                            try {
581                                    if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
582                                            fullPath = getFriendlyTrackerPath(
583                                                    path, themeDisplay, request);
584                                    }
585                            }
586                            catch (Exception e) {
587                                    _log.error(e, e);
588                            }
589    
590                            String fullPathWithoutQueryString = fullPath;
591    
592                            if (Validator.isNull(fullPath)) {
593                                    String queryString = request.getQueryString();
594    
595                                    fullPathWithoutQueryString = path;
596    
597                                    if (Validator.isNotNull(queryString)) {
598                                            fullPath = path.concat(StringPool.QUESTION).concat(
599                                                    queryString);
600                                    }
601                                    else {
602                                            fullPath = path;
603                                    }
604                            }
605    
606                            int pos = fullPathWithoutQueryString.indexOf(StringPool.QUESTION);
607    
608                            if (pos != -1) {
609                                    fullPathWithoutQueryString =
610                                            fullPathWithoutQueryString.substring(0, pos);
611                            }
612    
613                            if (!_trackerIgnorePaths.contains(fullPathWithoutQueryString)) {
614                                    UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
615    
616                                    userTrackerPath.setUserTrackerId(
617                                            userTracker.getUserTrackerId());
618                                    userTrackerPath.setPath(fullPath);
619                                    userTrackerPath.setPathDate(new Date());
620    
621                                    userTracker.addPath(userTrackerPath);
622                            }
623                    }
624    
625                    String remoteUser = request.getRemoteUser();
626    
627                    User user = null;
628    
629                    try {
630                            user = PortalUtil.getUser(request);
631                    }
632                    catch (Exception e) {
633                    }
634    
635                    // Last path
636    
637                    if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
638                            boolean saveLastPath = ParamUtil.getBoolean(
639                                    request, "saveLastPath", true);
640    
641                            if (themeDisplay.isLifecycleResource() ||
642                                    themeDisplay.isStateExclusive() ||
643                                    themeDisplay.isStatePopUp() ||
644                                    !request.getMethod().equalsIgnoreCase(HttpMethods.GET)) {
645    
646                                    saveLastPath = false;
647                            }
648    
649                            // Save last path
650    
651                            if (saveLastPath) {
652    
653                                    // Was a last path set by another servlet that dispatched to
654                                    // the MainServlet? If so, use that last path instead.
655    
656                                    LastPath lastPath = (LastPath)request.getAttribute(
657                                            WebKeys.LAST_PATH);
658    
659                                    if (lastPath == null) {
660                                            lastPath = new LastPath(
661                                                    themeDisplay.getPathMain(), path,
662                                                    request.getParameterMap());
663                                    }
664    
665                                    session.setAttribute(WebKeys.LAST_PATH, lastPath);
666                            }
667                    }
668    
669                    // Setup wizard
670    
671                    if (!SetupWizardUtil.isSetupFinished(request)) {
672                            return _PATH_PORTAL_SETUP_WIZARD;
673                    }
674                    else if (path.equals(_PATH_PORTAL_SETUP_WIZARD)) {
675                            return _PATH_PORTAL_LAYOUT;
676                    }
677    
678                    // Authenticated users can always log out
679    
680                    if (((remoteUser != null) || (user != null)) &&
681                            (path.equals(_PATH_PORTAL_LOGOUT))) {
682    
683                            return path;
684                    }
685    
686                    // Authenticated users can always extend or confirm their session
687    
688                    if (((remoteUser != null) || (user != null)) &&
689                            (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
690                             path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
691    
692                            return path;
693                    }
694    
695                    // Authenticated users can always agree to terms of use
696    
697                    if (((remoteUser != null) || (user != null)) &&
698                            (path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE))) {
699    
700                            return path;
701                    }
702    
703                    // Authenticated users must still exist in the system
704    
705                    if ((remoteUser != null) && (user == null)) {
706                            return _PATH_PORTAL_LOGOUT;
707                    }
708    
709                    // Authenticated users must be active
710    
711                    if ((user != null) && !user.isActive()) {
712                            SessionErrors.add(request, UserActiveException.class.getName());
713    
714                            return _PATH_PORTAL_ERROR;
715                    }
716    
717                    if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
718                            !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
719                            !ParamUtil.getBoolean(request, "wsrp")) {
720    
721                            // Authenticated users should agree to Terms of Use
722    
723                            if ((user != null) && !user.isAgreedToTermsOfUse()) {
724                                    boolean termsOfUseRequired = false;
725    
726                                    try {
727                                            termsOfUseRequired = PrefsPropsUtil.getBoolean(
728                                                    user.getCompanyId(), PropsKeys.TERMS_OF_USE_REQUIRED);
729                                    }
730                                    catch (SystemException se) {
731                                            termsOfUseRequired = PropsValues.TERMS_OF_USE_REQUIRED;
732                                    }
733    
734                                    if (termsOfUseRequired) {
735                                            return _PATH_PORTAL_TERMS_OF_USE;
736                                    }
737                            }
738    
739                            // Authenticated users should have a verified email address
740    
741                            boolean emailAddressVerificationRequired = false;
742    
743                            try {
744                                    Company company = PortalUtil.getCompany(request);
745    
746                                    emailAddressVerificationRequired = company.isStrangersVerify();
747                            }
748                            catch (Exception e) {
749                                    _log.error(e, e);
750                            }
751    
752                            if ((user != null) && !user.isEmailAddressVerified() &&
753                                    emailAddressVerificationRequired) {
754    
755                                    return _PATH_PORTAL_VERIFY_EMAIL_ADDRESS;
756                            }
757    
758                            // Authenticated users must have a current password
759    
760                            if ((user != null) && user.isPasswordReset()) {
761                                    return _PATH_PORTAL_UPDATE_PASSWORD;
762                            }
763    
764                            // Authenticated users must have an email address
765    
766                            if ((user != null) &&
767                                    (Validator.isNull(user.getEmailAddress()) ||
768                                     (PropsValues.USERS_EMAIL_ADDRESS_REQUIRED &&
769                                      Validator.isNull(user.getDisplayEmailAddress())))) {
770    
771                                    return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
772                            }
773    
774                            // Authenticated users should have a reminder query
775    
776                            if ((user != null) &&
777                                    (Validator.isNull(user.getReminderQueryQuestion()) ||
778                                     Validator.isNull(user.getReminderQueryAnswer()))) {
779    
780                                    if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
781                                            return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
782                                    }
783                            }
784                    }
785    
786                    // Users must sign in
787    
788                    if (!isPublicPath(path)) {
789                            if (user == null) {
790                                    SessionErrors.add(request, PrincipalException.class.getName());
791    
792                                    return _PATH_PORTAL_LOGIN;
793                            }
794                    }
795    
796                    ActionMapping actionMapping =
797                            (ActionMapping)moduleConfig.findActionConfig(path);
798    
799                    if (actionMapping == null) {
800                            Action strutsAction = StrutsActionRegistry.getAction(path);
801    
802                            if (strutsAction == null) {
803                                    return null;
804                            }
805                    }
806                    else {
807                            path = actionMapping.getPath();
808                    }
809    
810                    // Define the portlet objects
811    
812                    if (isPortletPath(path)) {
813                            try {
814                                    Portlet portlet = null;
815    
816                                    long companyId = PortalUtil.getCompanyId(request);
817                                    String portletId = ParamUtil.getString(request, "p_p_id");
818    
819                                    if (Validator.isNotNull(portletId)) {
820                                            portlet = PortletLocalServiceUtil.getPortletById(
821                                                    companyId, portletId);
822                                    }
823    
824                                    if (portlet == null) {
825                                            String strutsPath = path.substring(
826                                                    1, path.lastIndexOf(CharPool.SLASH));
827    
828                                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
829                                                    companyId, strutsPath);
830                                    }
831    
832                                    if ((portlet != null) && portlet.isActive()) {
833                                            defineObjects(request, response, portlet);
834                                    }
835                            }
836                            catch (Exception e) {
837                                    request.setAttribute(PageContext.EXCEPTION, e);
838    
839                                    path = _PATH_COMMON_ERROR;
840                            }
841                    }
842    
843                    // Authenticated users must have access to at least one layout
844    
845                    if (SessionErrors.contains(
846                                    request, LayoutPermissionException.class.getName())) {
847    
848                            return _PATH_PORTAL_ERROR;
849                    }
850    
851                    return path;
852            }
853    
854            @Override
855            protected boolean processRoles(
856                            HttpServletRequest request, HttpServletResponse response,
857                            ActionMapping actionMapping)
858                    throws IOException, ServletException {
859    
860                    String path = actionMapping.getPath();
861    
862                    if (isPublicPath(path)) {
863                            return true;
864                    }
865    
866                    boolean authorized = true;
867    
868                    User user = null;
869    
870                    try {
871                            user = PortalUtil.getUser(request);
872                    }
873                    catch (Exception e) {
874                    }
875    
876                    if ((user != null) && isPortletPath(path)) {
877                            try {
878    
879                                    // Authenticated users can always log out
880    
881                                    if (path.equals(_PATH_PORTAL_LOGOUT)) {
882                                            return true;
883                                    }
884    
885                                    Portlet portlet = null;
886    
887                                    String portletId = ParamUtil.getString(request, "p_p_id");
888    
889                                    if (Validator.isNotNull(portletId)) {
890                                            portlet = PortletLocalServiceUtil.getPortletById(
891                                                    user.getCompanyId(), portletId);
892                                    }
893    
894                                    String strutsPath = path.substring(
895                                            1, path.lastIndexOf(CharPool.SLASH));
896    
897                                    if (portlet != null) {
898                                            if (!strutsPath.equals(portlet.getStrutsPath())) {
899                                                    throw new PrincipalException();
900                                            }
901                                    }
902                                    else {
903                                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
904                                                    user.getCompanyId(), strutsPath);
905                                    }
906    
907                                    if ((portlet != null) && portlet.isActive()) {
908                                            ThemeDisplay themeDisplay =
909                                                    (ThemeDisplay)request.getAttribute(
910                                                            WebKeys.THEME_DISPLAY);
911    
912                                            Layout layout = themeDisplay.getLayout();
913                                            PermissionChecker permissionChecker =
914                                                    themeDisplay.getPermissionChecker();
915    
916                                            if (!PortletPermissionUtil.contains(
917                                                            permissionChecker, layout.getPlid(), portlet,
918                                                            ActionKeys.VIEW)) {
919    
920                                                    throw new PrincipalException();
921                                            }
922                                    }
923                                    else if (portlet != null && !portlet.isActive()) {
924                                            SessionErrors.add(
925                                                    request, PortletActiveException.class.getName());
926    
927                                            authorized = false;
928                                    }
929                            }
930                            catch (Exception e) {
931                                    SessionErrors.add(request, PrincipalException.class.getName());
932    
933                                    authorized = false;
934                            }
935                    }
936    
937                    if (!authorized) {
938                            ForwardConfig forwardConfig =
939                                    actionMapping.findForward(_PATH_PORTAL_ERROR);
940    
941                            processForwardConfig(request, response, forwardConfig);
942    
943                            return false;
944                    }
945                    else {
946                            return true;
947                    }
948            }
949    
950            private static String _PATH_C = "/c";
951    
952            private static String _PATH_COMMON = "/common";
953    
954            private static String _PATH_COMMON_ERROR = "/common/error";
955    
956            private static String _PATH_J_SECURITY_CHECK = "/j_security_check";
957    
958            private static String _PATH_PORTAL = "/portal";
959    
960            private static String _PATH_PORTAL_EE_LICENSE = "/portal/ee/license";
961    
962            private static String _PATH_PORTAL_ERROR = "/portal/error";
963    
964            private static String _PATH_PORTAL_EXPIRE_SESSION =
965                    "/portal/expire_session";
966    
967            private static String _PATH_PORTAL_EXTEND_SESSION =
968                    "/portal/extend_session";
969    
970            private static String _PATH_PORTAL_FLASH = "/portal/flash";
971    
972            private static String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
973    
974            private static String _PATH_PORTAL_JSON_SERVICE = "/portal/json_service";
975    
976            private static String _PATH_PORTAL_LAYOUT = "/portal/layout";
977    
978            private static String _PATH_PORTAL_LOGIN = "/portal/login";
979    
980            private static String _PATH_PORTAL_LOGOUT = "/portal/logout";
981    
982            private static String _PATH_PORTAL_PROTECTED = "/portal/protected";
983    
984            private static String _PATH_PORTAL_RENDER_PORTLET =
985                    "/portal/render_portlet";
986    
987            private static String _PATH_PORTAL_SETUP_WIZARD =
988                    "/portal/setup_wizard";
989    
990            private static String _PATH_PORTAL_TCK = "/portal/tck";
991    
992            private static String _PATH_PORTAL_TERMS_OF_USE = "/portal/terms_of_use";
993    
994            private static String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
995                    "/portal/update_email_address";
996    
997            private static String _PATH_PORTAL_UPDATE_PASSWORD =
998                    "/portal/update_password";
999    
1000            private static String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
1001                    "/portal/update_reminder_query";
1002    
1003            private static String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
1004                    "/portal/update_terms_of_use";
1005    
1006            private static String _PATH_PORTAL_VERIFY_EMAIL_ADDRESS =
1007                    "/portal/verify_email_address";
1008    
1009            private static Log _log = LogFactoryUtil.getLog(
1010                    PortalRequestProcessor.class);
1011    
1012            private Set<String> _lastPaths;
1013            private Set<String> _publicPaths;
1014            private Set<String> _trackerIgnorePaths;
1015    
1016    }