001
014
015 package com.liferay.portal.struts;
016
017 import com.liferay.portal.LayoutPermissionException;
018 import com.liferay.portal.PortletActiveException;
019 import com.liferay.portal.UserActiveException;
020 import com.liferay.portal.kernel.exception.SystemException;
021 import com.liferay.portal.kernel.log.Log;
022 import com.liferay.portal.kernel.log.LogFactoryUtil;
023 import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
024 import com.liferay.portal.kernel.servlet.HttpMethods;
025 import com.liferay.portal.kernel.servlet.SessionErrors;
026 import com.liferay.portal.kernel.struts.LastPath;
027 import com.liferay.portal.kernel.util.CharPool;
028 import com.liferay.portal.kernel.util.GetterUtil;
029 import com.liferay.portal.kernel.util.HttpUtil;
030 import com.liferay.portal.kernel.util.JavaConstants;
031 import com.liferay.portal.kernel.util.ParamUtil;
032 import com.liferay.portal.kernel.util.PropsKeys;
033 import com.liferay.portal.kernel.util.StringBundler;
034 import com.liferay.portal.kernel.util.StringPool;
035 import com.liferay.portal.kernel.util.Validator;
036 import com.liferay.portal.liveusers.LiveUsers;
037 import com.liferay.portal.model.Company;
038 import com.liferay.portal.model.Layout;
039 import com.liferay.portal.model.LayoutConstants;
040 import com.liferay.portal.model.Portlet;
041 import com.liferay.portal.model.PortletPreferencesIds;
042 import com.liferay.portal.model.User;
043 import com.liferay.portal.model.UserTracker;
044 import com.liferay.portal.model.UserTrackerPath;
045 import com.liferay.portal.security.auth.PrincipalException;
046 import com.liferay.portal.security.permission.ActionKeys;
047 import com.liferay.portal.security.permission.PermissionChecker;
048 import com.liferay.portal.service.LayoutLocalServiceUtil;
049 import com.liferay.portal.service.PortletLocalServiceUtil;
050 import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
051 import com.liferay.portal.service.permission.PortletPermissionUtil;
052 import com.liferay.portal.service.persistence.UserTrackerPathUtil;
053 import com.liferay.portal.setup.SetupWizardUtil;
054 import com.liferay.portal.theme.ThemeDisplay;
055 import com.liferay.portal.util.PortalUtil;
056 import com.liferay.portal.util.PrefsPropsUtil;
057 import com.liferay.portal.util.PropsUtil;
058 import com.liferay.portal.util.PropsValues;
059 import com.liferay.portal.util.WebKeys;
060 import com.liferay.portlet.InvokerPortlet;
061 import com.liferay.portlet.PortletConfigFactoryUtil;
062 import com.liferay.portlet.PortletInstanceFactoryUtil;
063 import com.liferay.portlet.PortletPreferencesFactoryUtil;
064 import com.liferay.portlet.PortletURLImpl;
065 import com.liferay.portlet.RenderRequestFactory;
066 import com.liferay.portlet.RenderRequestImpl;
067 import com.liferay.portlet.RenderResponseFactory;
068 import com.liferay.portlet.RenderResponseImpl;
069
070 import java.io.IOException;
071
072 import java.util.Date;
073 import java.util.HashSet;
074 import java.util.Iterator;
075 import java.util.Map.Entry;
076 import java.util.Map;
077 import java.util.Set;
078
079 import javax.portlet.PortletConfig;
080 import javax.portlet.PortletContext;
081 import javax.portlet.PortletMode;
082 import javax.portlet.PortletPreferences;
083 import javax.portlet.PortletRequest;
084 import javax.portlet.WindowState;
085
086 import javax.servlet.ServletContext;
087 import javax.servlet.ServletException;
088 import javax.servlet.http.HttpServletRequest;
089 import javax.servlet.http.HttpServletResponse;
090 import javax.servlet.http.HttpSession;
091 import javax.servlet.jsp.PageContext;
092
093 import org.apache.struts.Globals;
094 import org.apache.struts.action.Action;
095 import org.apache.struts.action.ActionMapping;
096 import org.apache.struts.config.ActionConfig;
097 import org.apache.struts.config.ForwardConfig;
098 import org.apache.struts.tiles.TilesRequestProcessor;
099 import org.apache.struts.util.MessageResources;
100
101
107 public class PortalRequestProcessor extends TilesRequestProcessor {
108
109 public PortalRequestProcessor() {
110
111
112
113 _lastPaths = new HashSet<String>();
114
115 _lastPaths.add(_PATH_PORTAL_LAYOUT);
116
117 addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
118
119
120
121 _publicPaths = new HashSet<String>();
122
123 _publicPaths.add(_PATH_C);
124 _publicPaths.add(_PATH_PORTAL_API_JSONWS);
125 _publicPaths.add(_PATH_PORTAL_EE_LICENSE);
126 _publicPaths.add(_PATH_PORTAL_FLASH);
127 _publicPaths.add(_PATH_PORTAL_J_LOGIN);
128 _publicPaths.add(_PATH_PORTAL_LAYOUT);
129 _publicPaths.add(_PATH_PORTAL_LOGIN);
130 _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
131 _publicPaths.add(_PATH_PORTAL_TCK);
132 _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
133 _publicPaths.add(_PATH_PORTAL_VERIFY_EMAIL_ADDRESS);
134 _publicPaths.add(PropsValues.AUTH_LOGIN_DISABLED_PATH);
135
136 _trackerIgnorePaths = new HashSet<String>();
137
138 addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
139 }
140
141 @Override
142 public void process(
143 HttpServletRequest request, HttpServletResponse response)
144 throws IOException, ServletException {
145
146 HttpSession session = request.getSession();
147
148 Boolean basicAuthEnabled = (Boolean)session.getAttribute(
149 WebKeys.BASIC_AUTH_ENABLED);
150
151 session.removeAttribute(WebKeys.BASIC_AUTH_ENABLED);
152
153 String path = super.processPath(request, response);
154
155 ActionMapping actionMapping =
156 (ActionMapping)moduleConfig.findActionConfig(path);
157
158 Action action = StrutsActionRegistry.getAction(path);
159
160 if (((basicAuthEnabled != null) && basicAuthEnabled.booleanValue()) ||
161 ((actionMapping == null) && (action == null))) {
162
163 String lastPath = getLastPath(request);
164
165 if (_log.isDebugEnabled()) {
166 _log.debug("Last path " + lastPath);
167 }
168
169 response.sendRedirect(lastPath);
170
171 return;
172 }
173
174 super.process(request, response);
175
176 try {
177 if (isPortletPath(path)) {
178 cleanUp(request);
179 }
180 }
181 catch (Exception e) {
182 _log.error(e, e);
183 }
184 }
185
186 protected void addPaths(Set<String> paths, String propsKey) {
187 String[] pathsArray = PropsUtil.getArray(propsKey);
188
189 for (String path : pathsArray) {
190 paths.add(path);
191 }
192 }
193
194 protected void callParentDoForward(
195 String uri, HttpServletRequest request,
196 HttpServletResponse response)
197 throws IOException, ServletException {
198
199 super.doForward(uri, request, response);
200 }
201
202 protected HttpServletRequest callParentProcessMultipart(
203 HttpServletRequest request) {
204
205 return super.processMultipart(request);
206 }
207
208 protected String callParentProcessPath(
209 HttpServletRequest request, HttpServletResponse response)
210 throws IOException {
211
212 return super.processPath(request, response);
213 }
214
215 protected boolean callParentProcessRoles(
216 HttpServletRequest request, HttpServletResponse response,
217 ActionMapping actionMapping)
218 throws IOException, ServletException {
219
220 return super.processRoles(request, response, actionMapping);
221 }
222
223 protected void cleanUp(HttpServletRequest request) throws Exception {
224
225
226
227
228 RenderRequestImpl renderRequestImpl =
229 (RenderRequestImpl)request.getAttribute(
230 JavaConstants.JAVAX_PORTLET_REQUEST);
231
232 if (renderRequestImpl != null) {
233 renderRequestImpl.cleanUp();
234 }
235 }
236
237 protected void defineObjects(
238 HttpServletRequest request, HttpServletResponse response,
239 Portlet portlet)
240 throws Exception {
241
242 String portletId = portlet.getPortletId();
243
244 ServletContext servletContext = (ServletContext)request.getAttribute(
245 WebKeys.CTX);
246
247 InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
248 portlet, servletContext);
249
250 PortletPreferencesIds portletPreferencesIds =
251 PortletPreferencesFactoryUtil.getPortletPreferencesIds(
252 request, portletId);
253
254 PortletPreferences portletPreferences =
255 PortletPreferencesLocalServiceUtil.getPreferences(
256 portletPreferencesIds);
257
258 PortletConfig portletConfig = PortletConfigFactoryUtil.create(
259 portlet, servletContext);
260 PortletContext portletContext = portletConfig.getPortletContext();
261
262 RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
263 request, portlet, invokerPortlet, portletContext,
264 WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
265
266 RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
267 renderRequestImpl, response, portletId, portlet.getCompanyId());
268
269 renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
270
271 request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
272 }
273
274 @Override
275 protected void doForward(
276 String uri, HttpServletRequest request,
277 HttpServletResponse response)
278 throws ServletException {
279
280 StrutsUtil.forward(uri, getServletContext(), request, response);
281 }
282
283 @Override
284 protected void doInclude(
285 String uri, HttpServletRequest request,
286 HttpServletResponse response)
287 throws ServletException {
288
289 StrutsUtil.include(uri, getServletContext(), request, response);
290 }
291
292 protected String getFriendlyTrackerPath(
293 String path, ThemeDisplay themeDisplay, HttpServletRequest request)
294 throws Exception {
295
296 if (!path.equals(_PATH_PORTAL_LAYOUT)) {
297 return null;
298 }
299
300 long plid = ParamUtil.getLong(request, "p_l_id");
301
302 if (plid == 0) {
303 return null;
304 }
305
306 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
307
308 String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
309 layout, themeDisplay);
310
311 String portletId = ParamUtil.getString(request, "p_p_id");
312
313 if (Validator.isNull(portletId)) {
314 return layoutFriendlyURL;
315 }
316
317 long companyId = PortalUtil.getCompanyId(request);
318
319 Portlet portlet = PortletLocalServiceUtil.getPortletById(
320 companyId, portletId);
321
322 if (portlet == null) {
323 String strutsPath = path.substring(
324 1, path.lastIndexOf(CharPool.SLASH));
325
326 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
327 companyId, strutsPath);
328 }
329
330 if ((portlet == null) || !portlet.isActive()) {
331 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
332 request.getQueryString());
333 }
334
335 String namespace = PortalUtil.getPortletNamespace(portletId);
336
337 FriendlyURLMapper friendlyURLMapper =
338 portlet.getFriendlyURLMapperInstance();
339
340 if (friendlyURLMapper == null) {
341 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
342 request.getQueryString());
343 }
344
345 PortletURLImpl portletURL = new PortletURLImpl(
346 request, portletId, plid, PortletRequest.RENDER_PHASE);
347
348 Iterator<Map.Entry<String, String[]>> itr =
349 request.getParameterMap().entrySet().iterator();
350
351 while (itr.hasNext()) {
352 Entry<String, String[]> entry = itr.next();
353
354 String key = entry.getKey();
355
356 if (key.startsWith(namespace)) {
357 key = key.substring(namespace.length());
358
359 portletURL.setParameter(key, entry.getValue());
360 }
361 }
362
363 String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
364
365 if (portletFriendlyURL != null) {
366 return layoutFriendlyURL.concat(portletFriendlyURL);
367 }
368 else {
369 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
370 request.getQueryString());
371 }
372 }
373
374 protected String getLastPath(HttpServletRequest request) {
375 HttpSession session = request.getSession();
376
377 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
378 WebKeys.THEME_DISPLAY);
379
380 Boolean httpsInitial = (Boolean)session.getAttribute(
381 WebKeys.HTTPS_INITIAL);
382
383 String portalURL = null;
384
385 if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
386 (!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&
387 (httpsInitial != null) && (!httpsInitial.booleanValue())) {
388
389 portalURL = PortalUtil.getPortalURL(request, false);
390 }
391 else {
392 portalURL = PortalUtil.getPortalURL(request);
393 }
394
395 StringBundler sb = new StringBundler();
396
397 sb.append(portalURL);
398 sb.append(themeDisplay.getPathMain());
399 sb.append(_PATH_PORTAL_LAYOUT);
400
401 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
402 if (request.getRemoteUser() != null) {
403
404
405
406
407
408 sb.append(StringPool.QUESTION);
409 sb.append("p_l_id");
410 sb.append(StringPool.EQUAL);
411 sb.append(LayoutConstants.DEFAULT_PLID);
412 }
413
414 return sb.toString();
415 }
416
417 LastPath lastPath = (LastPath)request.getAttribute(WebKeys.LAST_PATH);
418
419 if (lastPath == null) {
420 lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
421 }
422
423 if (lastPath == null) {
424 return sb.toString();
425 }
426
427 Map<String, String[]> parameterMap = lastPath.getParameterMap();
428
429
430
431
432 if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
433 ActionMapping actionMapping =
434 (ActionMapping)moduleConfig.findActionConfig(
435 lastPath.getPath());
436
437 if ((actionMapping == null) || (parameterMap == null)) {
438 return sb.toString();
439 }
440 }
441
442 StringBundler lastPathSB = new StringBundler(4);
443
444 lastPathSB.append(portalURL);
445 lastPathSB.append(lastPath.getContextPath());
446 lastPathSB.append(lastPath.getPath());
447 lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
448
449 return lastPathSB.toString();
450 }
451
452 protected boolean isPortletPath(String path) {
453 if ((path != null) &&
454 (!path.equals(_PATH_C)) &&
455 (!path.startsWith(_PATH_COMMON)) &&
456 (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
457 (!path.startsWith(_PATH_PORTAL))) {
458
459 return true;
460 }
461 else {
462 return false;
463 }
464 }
465
466 protected boolean isPublicPath(String path) {
467 if ((path != null) &&
468 (_publicPaths.contains(path) || path.startsWith(_PATH_COMMON) ||
469 AuthPublicPathRegistry.contains(path))) {
470
471 return true;
472 }
473 else {
474 return false;
475 }
476 }
477
478 @Override
479 protected Action processActionCreate(
480 HttpServletRequest request, HttpServletResponse response,
481 ActionMapping actionMapping)
482 throws IOException {
483
484 ActionAdapter actionAdapter =
485 (ActionAdapter)StrutsActionRegistry.getAction(
486 actionMapping.getPath());
487
488 if (actionAdapter != null) {
489 ActionConfig actionConfig = moduleConfig.findActionConfig(
490 actionMapping.getPath());
491
492 if (actionConfig != null) {
493 Action originalAction = super.processActionCreate(
494 request, response, actionMapping);
495
496 actionAdapter.setOriginalAction(originalAction);
497 }
498
499 return actionAdapter;
500 }
501
502 return super.processActionCreate(request, response, actionMapping);
503 }
504
505 @Override
506 protected ActionMapping processMapping(
507 HttpServletRequest request, HttpServletResponse response,
508 String path)
509 throws IOException {
510
511 if (path == null) {
512 return null;
513 }
514
515 Action action = StrutsActionRegistry.getAction(path);
516
517 if (action != null) {
518 ActionMapping actionMapping =
519 (ActionMapping)moduleConfig.findActionConfig(path);
520
521 if (actionMapping == null) {
522 actionMapping = new ActionMapping();
523
524 actionMapping.setModuleConfig(moduleConfig);
525 actionMapping.setPath(path);
526
527 request.setAttribute(Globals.MAPPING_KEY, actionMapping);
528 }
529
530 return actionMapping;
531 }
532
533 ActionMapping actionMapping = super.processMapping(
534 request, response, path);
535
536 if (actionMapping == null) {
537 MessageResources messageResources = getInternal();
538
539 String msg = messageResources.getMessage("processInvalid");
540
541 _log.error("User ID " + request.getRemoteUser());
542 _log.error("Current URL " + PortalUtil.getCurrentURL(request));
543 _log.error("Referer " + request.getHeader("Referer"));
544 _log.error("Remote address " + request.getRemoteAddr());
545
546 _log.error(msg + " " + path);
547 }
548
549 return actionMapping;
550 }
551
552 @Override
553 protected HttpServletRequest processMultipart(HttpServletRequest request) {
554
555
556
557 return request;
558 }
559
560 @Override
561 protected String processPath(
562 HttpServletRequest request, HttpServletResponse response)
563 throws IOException {
564
565 String path = GetterUtil.getString(
566 super.processPath(request, response));
567
568 HttpSession session = request.getSession();
569
570 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
571 WebKeys.THEME_DISPLAY);
572
573
574
575 UserTracker userTracker = LiveUsers.getUserTracker(
576 themeDisplay.getCompanyId(), session.getId());
577
578 if ((userTracker != null) && (!path.equals(_PATH_C)) &&
579 (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
580 (path.indexOf(_PATH_PORTAL_PROTECTED) == -1) &&
581 (!_trackerIgnorePaths.contains(path))) {
582
583 String fullPath = null;
584
585 try {
586 if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
587 fullPath = getFriendlyTrackerPath(
588 path, themeDisplay, request);
589 }
590 }
591 catch (Exception e) {
592 _log.error(e, e);
593 }
594
595 String fullPathWithoutQueryString = fullPath;
596
597 if (Validator.isNull(fullPath)) {
598 String queryString = request.getQueryString();
599
600 fullPathWithoutQueryString = path;
601
602 if (Validator.isNotNull(queryString)) {
603 fullPath = path.concat(StringPool.QUESTION).concat(
604 queryString);
605 }
606 else {
607 fullPath = path;
608 }
609 }
610
611 int pos = fullPathWithoutQueryString.indexOf(StringPool.QUESTION);
612
613 if (pos != -1) {
614 fullPathWithoutQueryString =
615 fullPathWithoutQueryString.substring(0, pos);
616 }
617
618 if (!_trackerIgnorePaths.contains(fullPathWithoutQueryString)) {
619 UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
620
621 userTrackerPath.setUserTrackerId(
622 userTracker.getUserTrackerId());
623 userTrackerPath.setPath(fullPath);
624 userTrackerPath.setPathDate(new Date());
625
626 userTracker.addPath(userTrackerPath);
627 }
628 }
629
630 String remoteUser = request.getRemoteUser();
631
632 User user = null;
633
634 try {
635 user = PortalUtil.getUser(request);
636 }
637 catch (Exception e) {
638 }
639
640
641
642 if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
643 boolean saveLastPath = ParamUtil.getBoolean(
644 request, "saveLastPath", true);
645
646 if (themeDisplay.isLifecycleResource() ||
647 themeDisplay.isStateExclusive() ||
648 themeDisplay.isStatePopUp() ||
649 !request.getMethod().equalsIgnoreCase(HttpMethods.GET)) {
650
651 saveLastPath = false;
652 }
653
654
655
656 if (saveLastPath) {
657
658
659
660
661 LastPath lastPath = (LastPath)request.getAttribute(
662 WebKeys.LAST_PATH);
663
664 if (lastPath == null) {
665 lastPath = new LastPath(
666 themeDisplay.getPathMain(), path,
667 request.getParameterMap());
668 }
669
670 session.setAttribute(WebKeys.LAST_PATH, lastPath);
671 }
672 }
673
674
675
676 if (!SetupWizardUtil.isSetupFinished()) {
677 return _PATH_PORTAL_SETUP_WIZARD;
678 }
679 else if (path.equals(_PATH_PORTAL_SETUP_WIZARD)) {
680 return _PATH_PORTAL_LAYOUT;
681 }
682
683
684
685 if (((remoteUser != null) || (user != null)) &&
686 (path.equals(_PATH_PORTAL_LOGOUT))) {
687
688 return path;
689 }
690
691
692
693 if (((remoteUser != null) || (user != null)) &&
694 (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
695 path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
696
697 return path;
698 }
699
700
701
702 if (((remoteUser != null) || (user != null)) &&
703 (path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE))) {
704
705 return path;
706 }
707
708
709
710 if ((remoteUser != null) && (user == null)) {
711 return _PATH_PORTAL_LOGOUT;
712 }
713
714
715
716 if ((user != null) && !user.isActive()) {
717 SessionErrors.add(request, UserActiveException.class.getName());
718
719 return _PATH_PORTAL_ERROR;
720 }
721
722 if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
723 !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
724 !ParamUtil.getBoolean(request, "wsrp")) {
725
726
727
728 if ((user != null) && !user.isAgreedToTermsOfUse()) {
729 boolean termsOfUseRequired = false;
730
731 try {
732 termsOfUseRequired = PrefsPropsUtil.getBoolean(
733 user.getCompanyId(), PropsKeys.TERMS_OF_USE_REQUIRED);
734 }
735 catch (SystemException se) {
736 termsOfUseRequired = PropsValues.TERMS_OF_USE_REQUIRED;
737 }
738
739 if (termsOfUseRequired) {
740 return _PATH_PORTAL_TERMS_OF_USE;
741 }
742 }
743
744
745
746 boolean emailAddressVerificationRequired = false;
747
748 try {
749 Company company = PortalUtil.getCompany(request);
750
751 emailAddressVerificationRequired = company.isStrangersVerify();
752 }
753 catch (Exception e) {
754 _log.error(e, e);
755 }
756
757 if ((user != null) && !user.isEmailAddressVerified() &&
758 emailAddressVerificationRequired &&
759 !path.equals(_PATH_PORTAL_UPDATE_EMAIL_ADDRESS)) {
760
761 return _PATH_PORTAL_VERIFY_EMAIL_ADDRESS;
762 }
763
764
765
766 if ((user != null) && user.isPasswordReset()) {
767 return _PATH_PORTAL_UPDATE_PASSWORD;
768 }
769
770
771
772 if ((user != null) &&
773 (Validator.isNull(user.getEmailAddress()) ||
774 (PropsValues.USERS_EMAIL_ADDRESS_REQUIRED &&
775 Validator.isNull(user.getDisplayEmailAddress())))) {
776
777 return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
778 }
779
780
781
782 if ((user != null) &&
783 (Validator.isNull(user.getReminderQueryQuestion()) ||
784 Validator.isNull(user.getReminderQueryAnswer()))) {
785
786 if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
787 return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
788 }
789 }
790 }
791
792
793
794 if (!isPublicPath(path)) {
795 if (user == null) {
796 SessionErrors.add(request, PrincipalException.class.getName());
797
798 return _PATH_PORTAL_LOGIN;
799 }
800 }
801
802 ActionMapping actionMapping =
803 (ActionMapping)moduleConfig.findActionConfig(path);
804
805 if (actionMapping == null) {
806 Action strutsAction = StrutsActionRegistry.getAction(path);
807
808 if (strutsAction == null) {
809 return null;
810 }
811 }
812 else {
813 path = actionMapping.getPath();
814 }
815
816
817
818 if (isPortletPath(path)) {
819 try {
820 Portlet portlet = null;
821
822 long companyId = PortalUtil.getCompanyId(request);
823 String portletId = ParamUtil.getString(request, "p_p_id");
824
825 if (Validator.isNotNull(portletId)) {
826 portlet = PortletLocalServiceUtil.getPortletById(
827 companyId, portletId);
828 }
829
830 if (portlet == null) {
831 String strutsPath = path.substring(
832 1, path.lastIndexOf(CharPool.SLASH));
833
834 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
835 companyId, strutsPath);
836 }
837
838 if ((portlet != null) && portlet.isActive()) {
839 defineObjects(request, response, portlet);
840 }
841 }
842 catch (Exception e) {
843 request.setAttribute(PageContext.EXCEPTION, e);
844
845 path = _PATH_COMMON_ERROR;
846 }
847 }
848
849
850
851 if (SessionErrors.contains(
852 request, LayoutPermissionException.class.getName())) {
853
854 return _PATH_PORTAL_ERROR;
855 }
856
857 return path;
858 }
859
860 @Override
861 protected boolean processRoles(
862 HttpServletRequest request, HttpServletResponse response,
863 ActionMapping actionMapping)
864 throws IOException, ServletException {
865
866 String path = actionMapping.getPath();
867
868 if (isPublicPath(path)) {
869 return true;
870 }
871
872 boolean authorized = true;
873
874 User user = null;
875
876 try {
877 user = PortalUtil.getUser(request);
878 }
879 catch (Exception e) {
880 }
881
882 if ((user != null) && isPortletPath(path)) {
883 try {
884
885
886
887 if (path.equals(_PATH_PORTAL_LOGOUT)) {
888 return true;
889 }
890
891 Portlet portlet = null;
892
893 String portletId = ParamUtil.getString(request, "p_p_id");
894
895 if (Validator.isNotNull(portletId)) {
896 portlet = PortletLocalServiceUtil.getPortletById(
897 user.getCompanyId(), portletId);
898 }
899
900 String strutsPath = path.substring(
901 1, path.lastIndexOf(CharPool.SLASH));
902
903 if (portlet != null) {
904 if (!strutsPath.equals(portlet.getStrutsPath())) {
905 throw new PrincipalException();
906 }
907 }
908 else {
909 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
910 user.getCompanyId(), strutsPath);
911 }
912
913 if ((portlet != null) && portlet.isActive()) {
914 ThemeDisplay themeDisplay =
915 (ThemeDisplay)request.getAttribute(
916 WebKeys.THEME_DISPLAY);
917
918 Layout layout = themeDisplay.getLayout();
919 PermissionChecker permissionChecker =
920 themeDisplay.getPermissionChecker();
921
922 if (!PortletPermissionUtil.contains(
923 permissionChecker, layout.getPlid(), portlet,
924 ActionKeys.VIEW)) {
925
926 throw new PrincipalException();
927 }
928 }
929 else if (portlet != null && !portlet.isActive()) {
930 SessionErrors.add(
931 request, PortletActiveException.class.getName());
932
933 authorized = false;
934 }
935 }
936 catch (Exception e) {
937 SessionErrors.add(request, PrincipalException.class.getName());
938
939 authorized = false;
940 }
941 }
942
943 if (!authorized) {
944 ForwardConfig forwardConfig =
945 actionMapping.findForward(_PATH_PORTAL_ERROR);
946
947 processForwardConfig(request, response, forwardConfig);
948
949 return false;
950 }
951 else {
952 return true;
953 }
954 }
955
956 private static String _PATH_C = "/c";
957
958 private static String _PATH_COMMON = "/common";
959
960 private static String _PATH_COMMON_ERROR = "/common/error";
961
962 private static String _PATH_J_SECURITY_CHECK = "/j_security_check";
963
964 private static String _PATH_PORTAL = "/portal";
965
966 private static String _PATH_PORTAL_API_JSONWS = "/portal/api/jsonws";
967
968 private static String _PATH_PORTAL_EE_LICENSE = "/portal/ee/license";
969
970 private static String _PATH_PORTAL_ERROR = "/portal/error";
971
972 private static String _PATH_PORTAL_EXPIRE_SESSION =
973 "/portal/expire_session";
974
975 private static String _PATH_PORTAL_EXTEND_SESSION =
976 "/portal/extend_session";
977
978 private static String _PATH_PORTAL_FLASH = "/portal/flash";
979
980 private static String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
981
982 private static String _PATH_PORTAL_JSON_SERVICE = "/portal/json_service";
983
984 private static String _PATH_PORTAL_LAYOUT = "/portal/layout";
985
986 private static String _PATH_PORTAL_LOGIN = "/portal/login";
987
988 private static String _PATH_PORTAL_LOGOUT = "/portal/logout";
989
990 private static String _PATH_PORTAL_PROTECTED = "/portal/protected";
991
992 private static String _PATH_PORTAL_RENDER_PORTLET =
993 "/portal/render_portlet";
994
995 private static String _PATH_PORTAL_SETUP_WIZARD = "/portal/setup_wizard";
996
997 private static String _PATH_PORTAL_TCK = "/portal/tck";
998
999 private static String _PATH_PORTAL_TERMS_OF_USE = "/portal/terms_of_use";
1000
1001 private static String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
1002 "/portal/update_email_address";
1003
1004 private static String _PATH_PORTAL_UPDATE_PASSWORD =
1005 "/portal/update_password";
1006
1007 private static String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
1008 "/portal/update_reminder_query";
1009
1010 private static String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
1011 "/portal/update_terms_of_use";
1012
1013 private static String _PATH_PORTAL_VERIFY_EMAIL_ADDRESS =
1014 "/portal/verify_email_address";
1015
1016 private static Log _log = LogFactoryUtil.getLog(
1017 PortalRequestProcessor.class);
1018
1019 private Set<String> _lastPaths;
1020 private Set<String> _publicPaths;
1021 private Set<String> _trackerIgnorePaths;
1022
1023 }