001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.kernel.util.KeyValuePair;
021 import com.liferay.portal.kernel.util.StringPool;
022 import com.liferay.portal.kernel.util.Validator;
023 import com.liferay.portal.model.Company;
024 import com.liferay.portal.model.User;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026 import com.liferay.portal.util.CookieKeys;
027 import com.liferay.portal.util.PortalUtil;
028
029 import javax.servlet.http.Cookie;
030 import javax.servlet.http.HttpServletRequest;
031 import javax.servlet.http.HttpServletResponse;
032
033
036 public class RememberMeAutoLogin implements AutoLogin {
037
038 public String[] login(
039 HttpServletRequest request, HttpServletResponse response)
040 throws AutoLoginException {
041
042 try {
043 String[] credentials = null;
044
045 String autoUserId = CookieKeys.getCookie(request, CookieKeys.ID);
046 String autoPassword = CookieKeys.getCookie(
047 request, CookieKeys.PASSWORD);
048 String rememberMe = CookieKeys.getCookie(
049 request, CookieKeys.REMEMBER_ME);
050
051
052
053 String proxyPath = PortalUtil.getPathProxy();
054 String contextPath = PortalUtil.getPathContext();
055
056 if (proxyPath.equals(contextPath)) {
057 if (Validator.isNotNull(request.getContextPath())) {
058 rememberMe = Boolean.TRUE.toString();
059 }
060 }
061 else {
062 if (!contextPath.equals(request.getContextPath())) {
063 rememberMe = Boolean.TRUE.toString();
064 }
065 }
066
067 if (Validator.isNotNull(autoUserId) &&
068 Validator.isNotNull(autoPassword) &&
069 Validator.isNotNull(rememberMe)) {
070
071 Company company = PortalUtil.getCompany(request);
072
073 KeyValuePair kvp = null;
074
075 if (company.isAutoLogin()) {
076 kvp = UserLocalServiceUtil.decryptUserId(
077 company.getCompanyId(), autoUserId, autoPassword);
078
079 credentials = new String[3];
080
081 credentials[0] = kvp.getKey();
082 credentials[1] = kvp.getValue();
083 credentials[2] = Boolean.FALSE.toString();
084 }
085 }
086
087
088
089 if (credentials != null) {
090 Company company = PortalUtil.getCompany(request);
091
092 User defaultUser = UserLocalServiceUtil.getDefaultUser(
093 company.getCompanyId());
094
095 long userId = GetterUtil.getLong(credentials[0]);
096
097 if (defaultUser.getUserId() == userId) {
098 credentials = null;
099
100 removeCookies(request, response);
101 }
102 }
103
104 return credentials;
105 }
106 catch (Exception e) {
107 _log.warn(e, e);
108
109 removeCookies(request, response);
110
111 throw new AutoLoginException(e);
112 }
113 }
114
115 protected void removeCookies(
116 HttpServletRequest request, HttpServletResponse response) {
117
118 Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
119
120 cookie.setMaxAge(0);
121 cookie.setPath(StringPool.SLASH);
122
123 CookieKeys.addCookie(request, response, cookie);
124
125 cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
126
127 cookie.setMaxAge(0);
128 cookie.setPath(StringPool.SLASH);
129
130 CookieKeys.addCookie(request, response, cookie);
131 }
132
133 private static Log _log = LogFactoryUtil.getLog(RememberMeAutoLogin.class);
134
135 }