001
014
015 package com.liferay.portlet.login.action;
016
017 import com.liferay.portal.CompanyMaxUsersException;
018 import com.liferay.portal.CookieNotSupportedException;
019 import com.liferay.portal.NoSuchUserException;
020 import com.liferay.portal.PasswordExpiredException;
021 import com.liferay.portal.UserEmailAddressException;
022 import com.liferay.portal.UserIdException;
023 import com.liferay.portal.UserLockoutException;
024 import com.liferay.portal.UserPasswordException;
025 import com.liferay.portal.UserScreenNameException;
026 import com.liferay.portal.kernel.log.Log;
027 import com.liferay.portal.kernel.log.LogFactoryUtil;
028 import com.liferay.portal.kernel.servlet.SessionErrors;
029 import com.liferay.portal.kernel.util.Http;
030 import com.liferay.portal.kernel.util.ParamUtil;
031 import com.liferay.portal.kernel.util.Validator;
032 import com.liferay.portal.model.Layout;
033 import com.liferay.portal.security.auth.AuthException;
034 import com.liferay.portal.struts.PortletAction;
035 import com.liferay.portal.theme.ThemeDisplay;
036 import com.liferay.portal.util.PortalUtil;
037 import com.liferay.portal.util.PortletKeys;
038 import com.liferay.portal.util.PropsValues;
039 import com.liferay.portal.util.WebKeys;
040 import com.liferay.portlet.PortletPreferencesFactoryUtil;
041 import com.liferay.portlet.PortletURLImpl;
042 import com.liferay.portlet.login.util.LoginUtil;
043
044 import javax.portlet.ActionRequest;
045 import javax.portlet.ActionResponse;
046 import javax.portlet.PortletConfig;
047 import javax.portlet.PortletPreferences;
048 import javax.portlet.PortletRequest;
049 import javax.portlet.PortletURL;
050 import javax.portlet.RenderRequest;
051 import javax.portlet.RenderResponse;
052 import javax.portlet.WindowState;
053
054 import javax.servlet.http.HttpServletRequest;
055 import javax.servlet.http.HttpServletResponse;
056 import javax.servlet.http.HttpSession;
057
058 import org.apache.struts.action.ActionForm;
059 import org.apache.struts.action.ActionForward;
060 import org.apache.struts.action.ActionMapping;
061
062
065 public class LoginAction extends PortletAction {
066
067 @Override
068 public void processAction(
069 ActionMapping actionMapping, ActionForm actionForm,
070 PortletConfig portletConfig, ActionRequest actionRequest,
071 ActionResponse actionResponse)
072 throws Exception {
073
074 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
075 WebKeys.THEME_DISPLAY);
076
077 if (PropsValues.AUTH_LOGIN_DISABLED) {
078 actionResponse.sendRedirect(
079 themeDisplay.getPathMain() +
080 PropsValues.AUTH_LOGIN_DISABLED_PATH);
081
082 return;
083 }
084
085
090
091 try {
092 PortletPreferences portletPreferences =
093 PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
094
095 login(
096 themeDisplay, actionRequest, actionResponse,
097 portletPreferences);
098
099 boolean doActionAfterLogin = ParamUtil.getBoolean(
100 actionRequest, "doActionAfterLogin");
101
102 if (doActionAfterLogin) {
103 setForward(actionRequest, "portlet.login.login_redirect");
104 }
105 }
106 catch (Exception e) {
107 if (e instanceof AuthException) {
108 Throwable cause = e.getCause();
109
110 if (cause instanceof PasswordExpiredException ||
111 cause instanceof UserLockoutException) {
112
113 SessionErrors.add(actionRequest, cause.getClass());
114 }
115 else {
116 if (_log.isInfoEnabled()) {
117 _log.info("Authentication failed");
118 }
119
120 SessionErrors.add(actionRequest, e.getClass());
121 }
122 }
123 else if (e instanceof CompanyMaxUsersException ||
124 e instanceof CookieNotSupportedException ||
125 e instanceof NoSuchUserException ||
126 e instanceof PasswordExpiredException ||
127 e instanceof UserEmailAddressException ||
128 e instanceof UserIdException ||
129 e instanceof UserLockoutException ||
130 e instanceof UserPasswordException ||
131 e instanceof UserScreenNameException) {
132
133 SessionErrors.add(actionRequest, e.getClass());
134 }
135 else {
136 _log.error(e, e);
137
138 PortalUtil.sendError(e, actionRequest, actionResponse);
139
140 return;
141 }
142
143 postProcessAuthFailure(actionRequest, actionResponse);
144 }
145 }
146
147 @Override
148 public ActionForward render(
149 ActionMapping actionMapping, ActionForm actionForm,
150 PortletConfig portletConfig, RenderRequest renderRequest,
151 RenderResponse renderResponse)
152 throws Exception {
153
154 return actionMapping.findForward(
155 getForward(renderRequest, "portlet.login.login"));
156 }
157
158 protected String getCompleteRedirectURL(
159 HttpServletRequest request, String redirect) {
160
161 HttpSession session = request.getSession();
162
163 Boolean httpsInitial = (Boolean)session.getAttribute(
164 WebKeys.HTTPS_INITIAL);
165
166 String portalURL = null;
167
168 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
169 !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
170 (httpsInitial != null) && !httpsInitial.booleanValue()) {
171
172 portalURL = PortalUtil.getPortalURL(request, false);
173 }
174 else {
175 portalURL = PortalUtil.getPortalURL(request);
176 }
177
178 return portalURL.concat(redirect);
179 }
180
181 @Override
182 protected boolean isCheckMethodOnProcessAction() {
183 return _CHECK_METHOD_ON_PROCESS_ACTION;
184 }
185
186 protected void login(
187 ThemeDisplay themeDisplay, ActionRequest actionRequest,
188 ActionResponse actionResponse,
189 PortletPreferences portletPreferences)
190 throws Exception {
191
192 HttpServletRequest request = PortalUtil.getHttpServletRequest(
193 actionRequest);
194 HttpServletResponse response = PortalUtil.getHttpServletResponse(
195 actionResponse);
196
197 String login = ParamUtil.getString(actionRequest, "login");
198 String password = actionRequest.getParameter("password");
199 boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
200
201 String authType = portletPreferences.getValue("authType", null);
202
203 if (!themeDisplay.isSignedIn()) {
204 LoginUtil.login(
205 request, response, login, password, rememberMe, authType);
206 }
207
208 if (PropsValues.PORTAL_JAAS_ENABLE) {
209 actionResponse.sendRedirect(
210 themeDisplay.getPathMain() + "/portal/protected");
211 }
212 else {
213 String redirect = ParamUtil.getString(actionRequest, "redirect");
214
215 if (Validator.isNotNull(redirect)) {
216 redirect = PortalUtil.escapeRedirect(redirect);
217
218 if (!redirect.startsWith(Http.HTTP)) {
219 redirect = getCompleteRedirectURL(request, redirect);
220 }
221
222 actionResponse.sendRedirect(redirect);
223 }
224 else {
225 boolean doActionAfterLogin = ParamUtil.getBoolean(
226 actionRequest, "doActionAfterLogin");
227
228 if (doActionAfterLogin) {
229 return;
230 }
231 else {
232 actionResponse.sendRedirect(themeDisplay.getPathMain());
233 }
234 }
235 }
236 }
237
238 protected void postProcessAuthFailure(
239 ActionRequest actionRequest, ActionResponse actionResponse)
240 throws Exception {
241
242 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
243
244 PortletURL portletURL = new PortletURLImpl(
245 actionRequest, PortletKeys.LOGIN, layout.getPlid(),
246 PortletRequest.RENDER_PHASE);
247
248 String redirect = ParamUtil.getString(actionRequest, "redirect");
249
250 if (Validator.isNotNull(redirect)) {
251 portletURL.setParameter(
252 "redirect", PortalUtil.escapeRedirect(redirect));
253 }
254
255 portletURL.setWindowState(WindowState.MAXIMIZED);
256
257 actionResponse.sendRedirect(portletURL.toString());
258 }
259
260 private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
261
262 private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
263
264 }