001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.CompanyMaxUsersException;
018    import com.liferay.portal.CookieNotSupportedException;
019    import com.liferay.portal.NoSuchUserException;
020    import com.liferay.portal.PasswordExpiredException;
021    import com.liferay.portal.UserEmailAddressException;
022    import com.liferay.portal.UserIdException;
023    import com.liferay.portal.UserLockoutException;
024    import com.liferay.portal.UserPasswordException;
025    import com.liferay.portal.UserScreenNameException;
026    import com.liferay.portal.kernel.log.Log;
027    import com.liferay.portal.kernel.log.LogFactoryUtil;
028    import com.liferay.portal.kernel.servlet.SessionErrors;
029    import com.liferay.portal.kernel.util.Http;
030    import com.liferay.portal.kernel.util.ParamUtil;
031    import com.liferay.portal.kernel.util.Validator;
032    import com.liferay.portal.model.Layout;
033    import com.liferay.portal.security.auth.AuthException;
034    import com.liferay.portal.struts.PortletAction;
035    import com.liferay.portal.theme.ThemeDisplay;
036    import com.liferay.portal.util.PortalUtil;
037    import com.liferay.portal.util.PortletKeys;
038    import com.liferay.portal.util.PropsValues;
039    import com.liferay.portal.util.WebKeys;
040    import com.liferay.portlet.PortletPreferencesFactoryUtil;
041    import com.liferay.portlet.PortletURLImpl;
042    import com.liferay.portlet.login.util.LoginUtil;
043    
044    import javax.portlet.ActionRequest;
045    import javax.portlet.ActionResponse;
046    import javax.portlet.PortletConfig;
047    import javax.portlet.PortletPreferences;
048    import javax.portlet.PortletRequest;
049    import javax.portlet.PortletURL;
050    import javax.portlet.RenderRequest;
051    import javax.portlet.RenderResponse;
052    import javax.portlet.WindowState;
053    
054    import javax.servlet.http.HttpServletRequest;
055    import javax.servlet.http.HttpServletResponse;
056    import javax.servlet.http.HttpSession;
057    
058    import org.apache.struts.action.ActionForm;
059    import org.apache.struts.action.ActionForward;
060    import org.apache.struts.action.ActionMapping;
061    
062    /**
063     * @author Brian Wing Shun Chan
064     */
065    public class LoginAction extends PortletAction {
066    
067            @Override
068            public void processAction(
069                            ActionMapping actionMapping, ActionForm actionForm,
070                            PortletConfig portletConfig, ActionRequest actionRequest,
071                            ActionResponse actionResponse)
072                    throws Exception {
073    
074                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
075                            WebKeys.THEME_DISPLAY);
076    
077                    if (PropsValues.AUTH_LOGIN_DISABLED) {
078                            actionResponse.sendRedirect(
079                                    themeDisplay.getPathMain() +
080                                            PropsValues.AUTH_LOGIN_DISABLED_PATH);
081    
082                            return;
083                    }
084    
085                    /*if (actionRequest.getRemoteUser() != null) {
086                            actionResponse.sendRedirect(themeDisplay.getPathMain());
087    
088                            return;
089                    }*/
090    
091                    try {
092                            PortletPreferences portletPreferences =
093                                    PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
094    
095                            login(
096                                    themeDisplay, actionRequest, actionResponse,
097                                    portletPreferences);
098    
099                            boolean doActionAfterLogin = ParamUtil.getBoolean(
100                                    actionRequest, "doActionAfterLogin");
101    
102                            if (doActionAfterLogin) {
103                                    setForward(actionRequest, "portlet.login.login_redirect");
104                            }
105                    }
106                    catch (Exception e) {
107                            if (e instanceof AuthException) {
108                                    Throwable cause = e.getCause();
109    
110                                    if (cause instanceof PasswordExpiredException ||
111                                            cause instanceof UserLockoutException) {
112    
113                                            SessionErrors.add(actionRequest, cause.getClass());
114                                    }
115                                    else {
116                                            if (_log.isInfoEnabled()) {
117                                                    _log.info("Authentication failed");
118                                            }
119    
120                                            SessionErrors.add(actionRequest, e.getClass());
121                                    }
122                            }
123                            else if (e instanceof CompanyMaxUsersException ||
124                                             e instanceof CookieNotSupportedException ||
125                                             e instanceof NoSuchUserException ||
126                                             e instanceof PasswordExpiredException ||
127                                             e instanceof UserEmailAddressException ||
128                                             e instanceof UserIdException ||
129                                             e instanceof UserLockoutException ||
130                                             e instanceof UserPasswordException ||
131                                             e instanceof UserScreenNameException) {
132    
133                                    SessionErrors.add(actionRequest, e.getClass());
134                            }
135                            else {
136                                    _log.error(e, e);
137    
138                                    PortalUtil.sendError(e, actionRequest, actionResponse);
139    
140                                    return;
141                            }
142    
143                            postProcessAuthFailure(actionRequest, actionResponse);
144                    }
145            }
146    
147            @Override
148            public ActionForward render(
149                            ActionMapping actionMapping, ActionForm actionForm,
150                            PortletConfig portletConfig, RenderRequest renderRequest,
151                            RenderResponse renderResponse)
152                    throws Exception {
153    
154                    return actionMapping.findForward(
155                            getForward(renderRequest, "portlet.login.login"));
156            }
157    
158            protected String getCompleteRedirectURL(
159                    HttpServletRequest request, String redirect) {
160    
161                    HttpSession session = request.getSession();
162    
163                    Boolean httpsInitial = (Boolean)session.getAttribute(
164                            WebKeys.HTTPS_INITIAL);
165    
166                    String portalURL = null;
167    
168                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
169                            !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
170                            (httpsInitial != null) && !httpsInitial.booleanValue()) {
171    
172                            portalURL = PortalUtil.getPortalURL(request, false);
173                    }
174                    else {
175                            portalURL = PortalUtil.getPortalURL(request);
176                    }
177    
178                    return portalURL.concat(redirect);
179            }
180    
181            @Override
182            protected boolean isCheckMethodOnProcessAction() {
183                    return _CHECK_METHOD_ON_PROCESS_ACTION;
184            }
185    
186            protected void login(
187                            ThemeDisplay themeDisplay, ActionRequest actionRequest,
188                            ActionResponse actionResponse,
189                            PortletPreferences portletPreferences)
190                    throws Exception {
191    
192                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
193                            actionRequest);
194                    HttpServletResponse response = PortalUtil.getHttpServletResponse(
195                            actionResponse);
196    
197                    String login = ParamUtil.getString(actionRequest, "login");
198                    String password = actionRequest.getParameter("password");
199                    boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
200    
201                    String authType = portletPreferences.getValue("authType", null);
202    
203                    if (!themeDisplay.isSignedIn()) {
204                            LoginUtil.login(
205                                    request, response, login, password, rememberMe, authType);
206                    }
207    
208                    if (PropsValues.PORTAL_JAAS_ENABLE) {
209                            actionResponse.sendRedirect(
210                                    themeDisplay.getPathMain() + "/portal/protected");
211                    }
212                    else {
213                            String redirect = ParamUtil.getString(actionRequest, "redirect");
214    
215                            if (Validator.isNotNull(redirect)) {
216                                    redirect = PortalUtil.escapeRedirect(redirect);
217    
218                                    if (!redirect.startsWith(Http.HTTP)) {
219                                            redirect = getCompleteRedirectURL(request, redirect);
220                                    }
221    
222                                    actionResponse.sendRedirect(redirect);
223                            }
224                            else {
225                                    boolean doActionAfterLogin = ParamUtil.getBoolean(
226                                            actionRequest, "doActionAfterLogin");
227    
228                                    if (doActionAfterLogin) {
229                                            return;
230                                    }
231                                    else {
232                                            actionResponse.sendRedirect(themeDisplay.getPathMain());
233                                    }
234                            }
235                    }
236            }
237    
238            protected void postProcessAuthFailure(
239                            ActionRequest actionRequest, ActionResponse actionResponse)
240                    throws Exception {
241    
242                    Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
243    
244                    PortletURL portletURL = new PortletURLImpl(
245                            actionRequest, PortletKeys.LOGIN, layout.getPlid(),
246                            PortletRequest.RENDER_PHASE);
247    
248                    String redirect = ParamUtil.getString(actionRequest, "redirect");
249    
250                    if (Validator.isNotNull(redirect)) {
251                            portletURL.setParameter(
252                                    "redirect", PortalUtil.escapeRedirect(redirect));
253                    }
254    
255                    portletURL.setWindowState(WindowState.MAXIMIZED);
256    
257                    actionResponse.sendRedirect(portletURL.toString());
258            }
259    
260            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
261    
262            private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
263    
264    }