001
014
015 package com.liferay.portlet.login.action;
016
017 import com.liferay.portal.CookieNotSupportedException;
018 import com.liferay.portal.NoSuchUserException;
019 import com.liferay.portal.PasswordExpiredException;
020 import com.liferay.portal.UserEmailAddressException;
021 import com.liferay.portal.UserIdException;
022 import com.liferay.portal.UserLockoutException;
023 import com.liferay.portal.UserPasswordException;
024 import com.liferay.portal.UserScreenNameException;
025 import com.liferay.portal.kernel.log.Log;
026 import com.liferay.portal.kernel.log.LogFactoryUtil;
027 import com.liferay.portal.kernel.servlet.SessionErrors;
028 import com.liferay.portal.kernel.util.Http;
029 import com.liferay.portal.kernel.util.ParamUtil;
030 import com.liferay.portal.kernel.util.Validator;
031 import com.liferay.portal.security.auth.AuthException;
032 import com.liferay.portal.struts.PortletAction;
033 import com.liferay.portal.theme.ThemeDisplay;
034 import com.liferay.portal.util.PortalUtil;
035 import com.liferay.portal.util.PropsValues;
036 import com.liferay.portal.util.WebKeys;
037 import com.liferay.portlet.PortletPreferencesFactoryUtil;
038 import com.liferay.portlet.login.util.LoginUtil;
039
040 import javax.portlet.ActionRequest;
041 import javax.portlet.ActionResponse;
042 import javax.portlet.PortletConfig;
043 import javax.portlet.PortletPreferences;
044 import javax.portlet.RenderRequest;
045 import javax.portlet.RenderResponse;
046
047 import javax.servlet.http.HttpServletRequest;
048 import javax.servlet.http.HttpServletResponse;
049 import javax.servlet.http.HttpSession;
050
051 import org.apache.struts.action.ActionForm;
052 import org.apache.struts.action.ActionForward;
053 import org.apache.struts.action.ActionMapping;
054
055
058 public class LoginAction extends PortletAction {
059
060 @Override
061 public void processAction(
062 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
063 ActionRequest actionRequest, ActionResponse actionResponse)
064 throws Exception {
065
066 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
067 WebKeys.THEME_DISPLAY);
068
069 if (PropsValues.AUTH_LOGIN_DISABLED) {
070 actionResponse.sendRedirect(
071 themeDisplay.getPathMain() +
072 PropsValues.AUTH_LOGIN_DISABLED_PATH);
073
074 return;
075 }
076
077
082
083 try {
084 PortletPreferences preferences =
085 PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
086
087 login(themeDisplay, actionRequest, actionResponse, preferences);
088
089 boolean doActionAfterLogin = ParamUtil.getBoolean(
090 actionRequest, "doActionAfterLogin");
091
092 if (doActionAfterLogin) {
093 setForward(actionRequest, "portlet.login.login_redirect");
094 }
095 }
096 catch (Exception e) {
097 if (e instanceof AuthException) {
098 Throwable cause = e.getCause();
099
100 if (cause instanceof PasswordExpiredException ||
101 cause instanceof UserLockoutException) {
102
103 SessionErrors.add(
104 actionRequest, cause.getClass().getName());
105 }
106 else {
107 if (_log.isInfoEnabled()) {
108 _log.info("Authentication failed");
109 }
110
111 SessionErrors.add(actionRequest, e.getClass().getName());
112 }
113 }
114 else if (e instanceof CookieNotSupportedException ||
115 e instanceof NoSuchUserException ||
116 e instanceof PasswordExpiredException ||
117 e instanceof UserEmailAddressException ||
118 e instanceof UserIdException ||
119 e instanceof UserLockoutException ||
120 e instanceof UserPasswordException ||
121 e instanceof UserScreenNameException) {
122
123 SessionErrors.add(actionRequest, e.getClass().getName());
124 }
125 else {
126 _log.error(e, e);
127
128 PortalUtil.sendError(e, actionRequest, actionResponse);
129 }
130 }
131 }
132
133 @Override
134 public ActionForward render(
135 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
136 RenderRequest renderRequest, RenderResponse renderResponse)
137 throws Exception {
138
139 return mapping.findForward(
140 getForward(renderRequest, "portlet.login.login"));
141 }
142
143 protected String getCompleteRedirectURL(
144 HttpServletRequest request, String redirect) {
145
146 HttpSession session = request.getSession();
147
148 Boolean httpsInitial = (Boolean)session.getAttribute(
149 WebKeys.HTTPS_INITIAL);
150
151 String portalURL = null;
152
153 if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
154 (!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&
155 (httpsInitial != null) && (!httpsInitial.booleanValue())) {
156
157 portalURL = PortalUtil.getPortalURL(request, false);
158 }
159 else {
160 portalURL = PortalUtil.getPortalURL(request);
161 }
162
163 return portalURL.concat(redirect);
164 }
165
166 @Override
167 protected boolean isCheckMethodOnProcessAction() {
168 return _CHECK_METHOD_ON_PROCESS_ACTION;
169 }
170
171 protected void login(
172 ThemeDisplay themeDisplay, ActionRequest actionRequest,
173 ActionResponse actionResponse, PortletPreferences preferences)
174 throws Exception {
175
176 HttpServletRequest request = PortalUtil.getHttpServletRequest(
177 actionRequest);
178 HttpServletResponse response = PortalUtil.getHttpServletResponse(
179 actionResponse);
180
181 String login = ParamUtil.getString(actionRequest, "login");
182 String password = actionRequest.getParameter("password");
183 boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
184
185 String authType = preferences.getValue("authType", null);
186
187 LoginUtil.login(
188 request, response, login, password, rememberMe, authType);
189
190 if (PropsValues.PORTAL_JAAS_ENABLE) {
191 actionResponse.sendRedirect(
192 themeDisplay.getPathMain() + "/portal/protected");
193 }
194 else {
195 String redirect = ParamUtil.getString(actionRequest, "redirect");
196
197 if (Validator.isNotNull(redirect)) {
198 redirect = PortalUtil.escapeRedirect(redirect);
199
200 if (!redirect.startsWith(Http.HTTP)) {
201 redirect = getCompleteRedirectURL(request, redirect);
202 }
203
204 actionResponse.sendRedirect(redirect);
205 }
206 else {
207 boolean doActionAfterLogin = ParamUtil.getBoolean(
208 actionRequest, "doActionAfterLogin");
209
210 if (doActionAfterLogin) {
211 return;
212 }
213 else {
214 actionResponse.sendRedirect(themeDisplay.getPathMain());
215 }
216 }
217 }
218 }
219
220 private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
221
222 private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
223
224 }