001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.CookieNotSupportedException;
018    import com.liferay.portal.NoSuchUserException;
019    import com.liferay.portal.PasswordExpiredException;
020    import com.liferay.portal.UserEmailAddressException;
021    import com.liferay.portal.UserIdException;
022    import com.liferay.portal.UserLockoutException;
023    import com.liferay.portal.UserPasswordException;
024    import com.liferay.portal.UserScreenNameException;
025    import com.liferay.portal.kernel.log.Log;
026    import com.liferay.portal.kernel.log.LogFactoryUtil;
027    import com.liferay.portal.kernel.servlet.SessionErrors;
028    import com.liferay.portal.kernel.util.Http;
029    import com.liferay.portal.kernel.util.ParamUtil;
030    import com.liferay.portal.kernel.util.Validator;
031    import com.liferay.portal.security.auth.AuthException;
032    import com.liferay.portal.struts.PortletAction;
033    import com.liferay.portal.theme.ThemeDisplay;
034    import com.liferay.portal.util.PortalUtil;
035    import com.liferay.portal.util.PropsValues;
036    import com.liferay.portal.util.WebKeys;
037    import com.liferay.portlet.PortletPreferencesFactoryUtil;
038    import com.liferay.portlet.login.util.LoginUtil;
039    
040    import javax.portlet.ActionRequest;
041    import javax.portlet.ActionResponse;
042    import javax.portlet.PortletConfig;
043    import javax.portlet.PortletPreferences;
044    import javax.portlet.RenderRequest;
045    import javax.portlet.RenderResponse;
046    
047    import javax.servlet.http.HttpServletRequest;
048    import javax.servlet.http.HttpServletResponse;
049    import javax.servlet.http.HttpSession;
050    
051    import org.apache.struts.action.ActionForm;
052    import org.apache.struts.action.ActionForward;
053    import org.apache.struts.action.ActionMapping;
054    
055    /**
056     * @author Brian Wing Shun Chan
057     */
058    public class LoginAction extends PortletAction {
059    
060            @Override
061            public void processAction(
062                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
063                            ActionRequest actionRequest, ActionResponse actionResponse)
064                    throws Exception {
065    
066                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
067                            WebKeys.THEME_DISPLAY);
068    
069                    if (PropsValues.AUTH_LOGIN_DISABLED) {
070                            actionResponse.sendRedirect(
071                                    themeDisplay.getPathMain() +
072                                            PropsValues.AUTH_LOGIN_DISABLED_PATH);
073    
074                            return;
075                    }
076    
077                    /*if (actionRequest.getRemoteUser() != null) {
078                            actionResponse.sendRedirect(themeDisplay.getPathMain());
079    
080                            return;
081                    }*/
082    
083                    try {
084                            PortletPreferences preferences =
085                                    PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
086    
087                            login(themeDisplay, actionRequest, actionResponse, preferences);
088    
089                            boolean doActionAfterLogin = ParamUtil.getBoolean(
090                                    actionRequest, "doActionAfterLogin");
091    
092                            if (doActionAfterLogin) {
093                                    setForward(actionRequest, "portlet.login.login_redirect");
094                            }
095                    }
096                    catch (Exception e) {
097                            if (e instanceof AuthException) {
098                                    Throwable cause = e.getCause();
099    
100                                    if (cause instanceof PasswordExpiredException ||
101                                            cause instanceof UserLockoutException) {
102    
103                                            SessionErrors.add(
104                                                    actionRequest, cause.getClass().getName());
105                                    }
106                                    else {
107                                            if (_log.isInfoEnabled()) {
108                                                    _log.info("Authentication failed");
109                                            }
110    
111                                            SessionErrors.add(actionRequest, e.getClass().getName());
112                                    }
113                            }
114                            else if (e instanceof CookieNotSupportedException ||
115                                             e instanceof NoSuchUserException ||
116                                             e instanceof PasswordExpiredException ||
117                                             e instanceof UserEmailAddressException ||
118                                             e instanceof UserIdException ||
119                                             e instanceof UserLockoutException ||
120                                             e instanceof UserPasswordException ||
121                                             e instanceof UserScreenNameException) {
122    
123                                    SessionErrors.add(actionRequest, e.getClass().getName());
124                            }
125                            else {
126                                    _log.error(e, e);
127    
128                                    PortalUtil.sendError(e, actionRequest, actionResponse);
129                            }
130                    }
131            }
132    
133            @Override
134            public ActionForward render(
135                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
136                            RenderRequest renderRequest, RenderResponse renderResponse)
137                    throws Exception {
138    
139                    return mapping.findForward(
140                            getForward(renderRequest, "portlet.login.login"));
141            }
142    
143            protected String getCompleteRedirectURL(
144                    HttpServletRequest request, String redirect) {
145    
146                    HttpSession session = request.getSession();
147    
148                    Boolean httpsInitial = (Boolean)session.getAttribute(
149                            WebKeys.HTTPS_INITIAL);
150    
151                    String portalURL = null;
152    
153                    if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
154                            (!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&
155                            (httpsInitial != null) && (!httpsInitial.booleanValue())) {
156    
157                            portalURL = PortalUtil.getPortalURL(request, false);
158                    }
159                    else {
160                            portalURL = PortalUtil.getPortalURL(request);
161                    }
162    
163                    return portalURL.concat(redirect);
164            }
165    
166            @Override
167            protected boolean isCheckMethodOnProcessAction() {
168                    return _CHECK_METHOD_ON_PROCESS_ACTION;
169            }
170    
171            protected void login(
172                            ThemeDisplay themeDisplay, ActionRequest actionRequest,
173                            ActionResponse actionResponse, PortletPreferences preferences)
174                    throws Exception {
175    
176                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
177                            actionRequest);
178                    HttpServletResponse response = PortalUtil.getHttpServletResponse(
179                            actionResponse);
180    
181                    String login = ParamUtil.getString(actionRequest, "login");
182                    String password = actionRequest.getParameter("password");
183                    boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
184    
185                    String authType = preferences.getValue("authType", null);
186    
187                    LoginUtil.login(
188                            request, response, login, password, rememberMe, authType);
189    
190                    if (PropsValues.PORTAL_JAAS_ENABLE) {
191                            actionResponse.sendRedirect(
192                                    themeDisplay.getPathMain() + "/portal/protected");
193                    }
194                    else {
195                            String redirect = ParamUtil.getString(actionRequest, "redirect");
196    
197                            if (Validator.isNotNull(redirect)) {
198                                    redirect = PortalUtil.escapeRedirect(redirect);
199    
200                                    if (!redirect.startsWith(Http.HTTP)) {
201                                            redirect = getCompleteRedirectURL(request, redirect);
202                                    }
203    
204                                    actionResponse.sendRedirect(redirect);
205                            }
206                            else {
207                                    boolean doActionAfterLogin = ParamUtil.getBoolean(
208                                            actionRequest, "doActionAfterLogin");
209    
210                                    if (doActionAfterLogin) {
211                                            return;
212                                    }
213                                    else {
214                                            actionResponse.sendRedirect(themeDisplay.getPathMain());
215                                    }
216                            }
217                    }
218            }
219    
220            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
221    
222            private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
223    
224    }