001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.kernel.util.KeyValuePair;
021 import com.liferay.portal.kernel.util.StringPool;
022 import com.liferay.portal.kernel.util.Validator;
023 import com.liferay.portal.model.Company;
024 import com.liferay.portal.model.User;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026 import com.liferay.portal.util.CookieKeys;
027 import com.liferay.portal.util.PortalUtil;
028
029 import javax.servlet.http.Cookie;
030 import javax.servlet.http.HttpServletRequest;
031 import javax.servlet.http.HttpServletResponse;
032
033
036 public class RememberMeAutoLogin implements AutoLogin {
037
038 @Override
039 public String[] login(
040 HttpServletRequest request, HttpServletResponse response)
041 throws AutoLoginException {
042
043 try {
044 String[] credentials = null;
045
046 String autoUserId = CookieKeys.getCookie(
047 request, CookieKeys.ID, false);
048 String autoPassword = CookieKeys.getCookie(
049 request, CookieKeys.PASSWORD, false);
050 String rememberMe = CookieKeys.getCookie(
051 request, CookieKeys.REMEMBER_ME, false);
052
053
054
055 String proxyPath = PortalUtil.getPathProxy();
056 String contextPath = PortalUtil.getPathContext();
057
058 if (proxyPath.equals(contextPath)) {
059 if (Validator.isNotNull(request.getContextPath())) {
060 rememberMe = Boolean.TRUE.toString();
061 }
062 }
063 else {
064 if (!contextPath.equals(request.getContextPath())) {
065 rememberMe = Boolean.TRUE.toString();
066 }
067 }
068
069 if (Validator.isNotNull(autoUserId) &&
070 Validator.isNotNull(autoPassword) &&
071 Validator.isNotNull(rememberMe)) {
072
073 Company company = PortalUtil.getCompany(request);
074
075 KeyValuePair kvp = null;
076
077 if (company.isAutoLogin()) {
078 kvp = UserLocalServiceUtil.decryptUserId(
079 company.getCompanyId(), autoUserId, autoPassword);
080
081 credentials = new String[3];
082
083 credentials[0] = kvp.getKey();
084 credentials[1] = kvp.getValue();
085 credentials[2] = Boolean.FALSE.toString();
086 }
087 }
088
089
090
091 if (credentials != null) {
092 Company company = PortalUtil.getCompany(request);
093
094 User defaultUser = UserLocalServiceUtil.getDefaultUser(
095 company.getCompanyId());
096
097 long userId = GetterUtil.getLong(credentials[0]);
098
099 if (defaultUser.getUserId() == userId) {
100 credentials = null;
101
102 removeCookies(request, response);
103 }
104 }
105
106 return credentials;
107 }
108 catch (Exception e) {
109 _log.warn(e, e);
110
111 removeCookies(request, response);
112
113 throw new AutoLoginException(e);
114 }
115 }
116
117 protected void removeCookies(
118 HttpServletRequest request, HttpServletResponse response) {
119
120 Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
121
122 cookie.setMaxAge(0);
123 cookie.setPath(StringPool.SLASH);
124
125 CookieKeys.addCookie(request, response, cookie);
126
127 cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
128
129 cookie.setMaxAge(0);
130 cookie.setPath(StringPool.SLASH);
131
132 CookieKeys.addCookie(request, response, cookie);
133 }
134
135 private static Log _log = LogFactoryUtil.getLog(RememberMeAutoLogin.class);
136
137 }