001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.util.ParamUtil;
022 import com.liferay.portal.kernel.util.PropsKeys;
023 import com.liferay.portal.kernel.util.StringPool;
024 import com.liferay.portal.kernel.util.Validator;
025 import com.liferay.portal.model.CompanyConstants;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
028 import com.liferay.portal.service.UserLocalServiceUtil;
029 import com.liferay.portal.util.PortalUtil;
030 import com.liferay.portal.util.PrefsPropsUtil;
031 import com.liferay.portal.util.PropsValues;
032 import com.liferay.portal.util.WebKeys;
033
034 import javax.servlet.http.HttpServletRequest;
035 import javax.servlet.http.HttpServletResponse;
036 import javax.servlet.http.HttpSession;
037
038
044 public class CASAutoLogin implements AutoLogin {
045
046 @Override
047 public String[] login(
048 HttpServletRequest request, HttpServletResponse response) {
049
050 HttpSession session = request.getSession();
051
052 String[] credentials = null;
053
054 try {
055 long companyId = PortalUtil.getCompanyId(request);
056
057 if (!PrefsPropsUtil.getBoolean(
058 companyId, PropsKeys.CAS_AUTH_ENABLED,
059 PropsValues.CAS_AUTH_ENABLED)) {
060
061 return credentials;
062 }
063
064 String login = (String)session.getAttribute(WebKeys.CAS_LOGIN);
065
066 if (Validator.isNull(login)) {
067 Object noSuchUserException = session.getAttribute(
068 WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
069
070 if (noSuchUserException == null) {
071 return credentials;
072 }
073
074 session.removeAttribute(WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
075
076 session.setAttribute(WebKeys.CAS_FORCE_LOGOUT, Boolean.TRUE);
077
078 String redirect = PrefsPropsUtil.getString(
079 companyId, PropsKeys.CAS_NO_SUCH_USER_REDIRECT_URL,
080 PropsValues.CAS_NO_SUCH_USER_REDIRECT_URL);
081
082 request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
083
084 return credentials;
085 }
086
087 String authType = PrefsPropsUtil.getString(
088 companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE,
089 PropsValues.COMPANY_SECURITY_AUTH_TYPE);
090
091 User user = null;
092
093 if (PrefsPropsUtil.getBoolean(
094 companyId, PropsKeys.CAS_IMPORT_FROM_LDAP,
095 PropsValues.CAS_IMPORT_FROM_LDAP)) {
096
097 try {
098 if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
099 user = PortalLDAPImporterUtil.importLDAPUser(
100 companyId, StringPool.BLANK, login);
101 }
102 else {
103 user = PortalLDAPImporterUtil.importLDAPUser(
104 companyId, login, StringPool.BLANK);
105 }
106 }
107 catch (SystemException se) {
108 }
109 }
110
111 if (user == null) {
112 if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
113 user = UserLocalServiceUtil.getUserByScreenName(
114 companyId, login);
115 }
116 else {
117 user = UserLocalServiceUtil.getUserByEmailAddress(
118 companyId, login);
119 }
120 }
121
122 String redirect = ParamUtil.getString(request, "redirect");
123
124 if (Validator.isNotNull(redirect)) {
125 request.setAttribute(
126 AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE, redirect);
127 }
128
129 credentials = new String[3];
130
131 credentials[0] = String.valueOf(user.getUserId());
132 credentials[1] = user.getPassword();
133 credentials[2] = Boolean.TRUE.toString();
134
135 return credentials;
136 }
137 catch (NoSuchUserException nsue) {
138 session.removeAttribute(WebKeys.CAS_LOGIN);
139
140 session.setAttribute(
141 WebKeys.CAS_NO_SUCH_USER_EXCEPTION, Boolean.TRUE);
142 }
143 catch (Exception e) {
144 _log.error(e, e);
145 }
146
147 return credentials;
148 }
149
150
153 protected User addUser(long companyId, String screenName) throws Exception {
154 return PortalLDAPImporterUtil.importLDAPUser(
155 companyId, StringPool.BLANK, screenName);
156 }
157
158 private static Log _log = LogFactoryUtil.getLog(CASAutoLogin.class);
159
160 }