001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.NoSuchUserException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.util.ParamUtil;
022    import com.liferay.portal.kernel.util.PropsKeys;
023    import com.liferay.portal.kernel.util.StringPool;
024    import com.liferay.portal.kernel.util.Validator;
025    import com.liferay.portal.model.CompanyConstants;
026    import com.liferay.portal.model.User;
027    import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
028    import com.liferay.portal.service.UserLocalServiceUtil;
029    import com.liferay.portal.util.PortalUtil;
030    import com.liferay.portal.util.PrefsPropsUtil;
031    import com.liferay.portal.util.PropsValues;
032    import com.liferay.portal.util.WebKeys;
033    
034    import javax.servlet.http.HttpServletRequest;
035    import javax.servlet.http.HttpServletResponse;
036    import javax.servlet.http.HttpSession;
037    
038    /**
039     * @author Brian Wing Shun Chan
040     * @author Jorge Ferrer
041     * @author Wesley Gong
042     * @author Daeyoung Song
043     */
044    public class CASAutoLogin implements AutoLogin {
045    
046            @Override
047            public String[] login(
048                    HttpServletRequest request, HttpServletResponse response) {
049    
050                    HttpSession session = request.getSession();
051    
052                    String[] credentials = null;
053    
054                    try {
055                            long companyId = PortalUtil.getCompanyId(request);
056    
057                            if (!PrefsPropsUtil.getBoolean(
058                                            companyId, PropsKeys.CAS_AUTH_ENABLED,
059                                            PropsValues.CAS_AUTH_ENABLED)) {
060    
061                                    return credentials;
062                            }
063    
064                            String login = (String)session.getAttribute(WebKeys.CAS_LOGIN);
065    
066                            if (Validator.isNull(login)) {
067                                    Object noSuchUserException = session.getAttribute(
068                                            WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
069    
070                                    if (noSuchUserException == null) {
071                                            return credentials;
072                                    }
073    
074                                    session.removeAttribute(WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
075    
076                                    session.setAttribute(WebKeys.CAS_FORCE_LOGOUT, Boolean.TRUE);
077    
078                                    String redirect = PrefsPropsUtil.getString(
079                                            companyId, PropsKeys.CAS_NO_SUCH_USER_REDIRECT_URL,
080                                            PropsValues.CAS_NO_SUCH_USER_REDIRECT_URL);
081    
082                                    request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
083    
084                                    return credentials;
085                            }
086    
087                            String authType = PrefsPropsUtil.getString(
088                                    companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE,
089                                    PropsValues.COMPANY_SECURITY_AUTH_TYPE);
090    
091                            User user = null;
092    
093                            if (PrefsPropsUtil.getBoolean(
094                                            companyId, PropsKeys.CAS_IMPORT_FROM_LDAP,
095                                            PropsValues.CAS_IMPORT_FROM_LDAP)) {
096    
097                                    try {
098                                            if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
099                                                    user = PortalLDAPImporterUtil.importLDAPUser(
100                                                            companyId, StringPool.BLANK, login);
101                                            }
102                                            else {
103                                                    user = PortalLDAPImporterUtil.importLDAPUser(
104                                                            companyId, login, StringPool.BLANK);
105                                            }
106                                    }
107                                    catch (SystemException se) {
108                                    }
109                            }
110    
111                            if (user == null) {
112                                    if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
113                                            user = UserLocalServiceUtil.getUserByScreenName(
114                                                    companyId, login);
115                                    }
116                                    else {
117                                            user = UserLocalServiceUtil.getUserByEmailAddress(
118                                                    companyId, login);
119                                    }
120                            }
121    
122                            String redirect = ParamUtil.getString(request, "redirect");
123    
124                            if (Validator.isNotNull(redirect)) {
125                                    request.setAttribute(
126                                            AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE, redirect);
127                            }
128    
129                            credentials = new String[3];
130    
131                            credentials[0] = String.valueOf(user.getUserId());
132                            credentials[1] = user.getPassword();
133                            credentials[2] = Boolean.TRUE.toString();
134    
135                            return credentials;
136                    }
137                    catch (NoSuchUserException nsue) {
138                            session.removeAttribute(WebKeys.CAS_LOGIN);
139    
140                            session.setAttribute(
141                                    WebKeys.CAS_NO_SUCH_USER_EXCEPTION, Boolean.TRUE);
142                    }
143                    catch (Exception e) {
144                            _log.error(e, e);
145                    }
146    
147                    return credentials;
148            }
149    
150            /**
151             * @deprecated Use <code>importLDAPUser</code>.
152             */
153            protected User addUser(long companyId, String screenName) throws Exception {
154                    return PortalLDAPImporterUtil.importLDAPUser(
155                            companyId, StringPool.BLANK, screenName);
156            }
157    
158            private static Log _log = LogFactoryUtil.getLog(CASAutoLogin.class);
159    
160    }