001
014
015 package com.liferay.portal.servlet.filters.autologin;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.kernel.log.Log;
019 import com.liferay.portal.kernel.log.LogFactoryUtil;
020 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
021 import com.liferay.portal.kernel.util.GetterUtil;
022 import com.liferay.portal.kernel.util.InstancePool;
023 import com.liferay.portal.kernel.util.StringPool;
024 import com.liferay.portal.kernel.util.Validator;
025 import com.liferay.portal.model.User;
026 import com.liferay.portal.security.auth.AutoLogin;
027 import com.liferay.portal.security.pwd.PwdEncryptor;
028 import com.liferay.portal.service.UserLocalServiceUtil;
029 import com.liferay.portal.servlet.filters.BasePortalFilter;
030 import com.liferay.portal.util.PortalInstances;
031 import com.liferay.portal.util.PortalUtil;
032 import com.liferay.portal.util.PropsValues;
033 import com.liferay.portal.util.WebKeys;
034
035 import java.util.List;
036 import java.util.concurrent.CopyOnWriteArrayList;
037
038 import javax.servlet.FilterChain;
039 import javax.servlet.http.HttpServletRequest;
040 import javax.servlet.http.HttpServletResponse;
041 import javax.servlet.http.HttpSession;
042
043
047 public class AutoLoginFilter extends BasePortalFilter {
048
049 public static void registerAutoLogin(AutoLogin autoLogin) {
050 _autoLogins.add(autoLogin);
051 }
052
053 public static void unregisterAutoLogin(AutoLogin autoLogin) {
054 _autoLogins.remove(autoLogin);
055 }
056
057 public AutoLoginFilter() {
058 for (String autoLoginClassName : PropsValues.AUTO_LOGIN_HOOKS) {
059 AutoLogin autoLogin = (AutoLogin)InstancePool.get(
060 autoLoginClassName);
061
062 _autoLogins.add(autoLogin);
063 }
064 }
065
066 protected String getLoginRemoteUser(
067 HttpServletRequest request, HttpServletResponse response,
068 HttpSession session, String[] credentials)
069 throws Exception {
070
071 if ((credentials == null) || (credentials.length != 3)) {
072 return null;
073 }
074
075 String jUsername = credentials[0];
076 String jPassword = credentials[1];
077 boolean encPassword = GetterUtil.getBoolean(credentials[2]);
078
079 if (Validator.isNull(jUsername) || Validator.isNull(jPassword)) {
080 return null;
081 }
082
083 try {
084 long userId = GetterUtil.getLong(jUsername);
085
086 if (userId > 0) {
087 User user = UserLocalServiceUtil.getUserById(userId);
088
089 if (user.isLockout()) {
090 return null;
091 }
092 }
093 else {
094 return null;
095 }
096 }
097 catch (NoSuchUserException nsue) {
098 return null;
099 }
100
101 session.setAttribute("j_username", jUsername);
102
103
104
105
106 if (encPassword) {
107 session.setAttribute("j_password", jPassword);
108 }
109 else {
110 session.setAttribute("j_password", PwdEncryptor.encrypt(jPassword));
111
112 if (PropsValues.SESSION_STORE_PASSWORD) {
113 session.setAttribute(WebKeys.USER_PASSWORD, jPassword);
114 }
115 }
116
117 session.setAttribute("j_remoteuser", jUsername);
118
119 if (PropsValues.PORTAL_JAAS_ENABLE) {
120 response.sendRedirect(
121 PortalUtil.getPathMain() + "/portal/touch_protected");
122 }
123
124 return jUsername;
125 }
126
127 @Override
128 protected void processFilter(
129 HttpServletRequest request, HttpServletResponse response,
130 FilterChain filterChain)
131 throws Exception {
132
133 HttpSession session = request.getSession();
134
135 String host = PortalUtil.getHost(request);
136
137 if (PortalInstances.isAutoLoginIgnoreHost(host)) {
138 if (_log.isDebugEnabled()) {
139 _log.debug("Ignore host " + host);
140 }
141
142 processFilter(
143 AutoLoginFilter.class, request, response, filterChain);
144
145 return;
146 }
147
148 String contextPath = PortalUtil.getPathContext();
149
150 String path = request.getRequestURI().toLowerCase();
151
152 if (!contextPath.equals(StringPool.SLASH) &&
153 path.contains(contextPath)) {
154
155 path = path.substring(contextPath.length());
156 }
157
158 if (PortalInstances.isAutoLoginIgnorePath(path)) {
159 if (_log.isDebugEnabled()) {
160 _log.debug("Ignore path " + path);
161 }
162
163 processFilter(
164 AutoLoginFilter.class, request, response, filterChain);
165
166 return;
167 }
168
169 String remoteUser = request.getRemoteUser();
170 String jUserName = (String)session.getAttribute("j_username");
171
172
173
174
175
176
177
178 if (!PropsValues.AUTH_LOGIN_DISABLED &&
179 (remoteUser == null) && (jUserName == null)) {
180
181 for (AutoLogin autoLogin : _autoLogins) {
182 try {
183 String[] credentials = autoLogin.login(request, response);
184
185 String redirect = (String)request.getAttribute(
186 AutoLogin.AUTO_LOGIN_REDIRECT);
187
188 if (Validator.isNotNull(redirect)) {
189 response.sendRedirect(redirect);
190
191 return;
192 }
193
194 String loginRemoteUser = getLoginRemoteUser(
195 request, response, session, credentials);
196
197 if (loginRemoteUser != null) {
198 request = new ProtectedServletRequest(
199 request, loginRemoteUser);
200
201 if (PropsValues.PORTAL_JAAS_ENABLE) {
202 return;
203 }
204
205 redirect = (String)request.getAttribute(
206 AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE);
207
208 if (Validator.isNotNull(redirect)) {
209 response.sendRedirect(redirect);
210
211 break;
212 }
213 }
214 }
215 catch (Exception e) {
216 if (_log.isWarnEnabled()) {
217 _log.warn(e, e);
218 }
219
220 String currentURL = PortalUtil.getCurrentURL(request);
221
222 if (currentURL.endsWith(_PATH_CHAT_LATEST)) {
223 if (_log.isWarnEnabled()) {
224 _log.warn(
225 "Current URL " + currentURL +
226 " generates exception: " + e.getMessage());
227 }
228 }
229 else {
230 _log.error(
231 "Current URL " + currentURL +
232 " generates exception: " + e.getMessage());
233 }
234 }
235 }
236 }
237
238 processFilter(AutoLoginFilter.class, request, response, filterChain);
239 }
240
241 private static final String _PATH_CHAT_LATEST = "/-/chat/latest";
242
243 private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
244
245 private static List<AutoLogin> _autoLogins =
246 new CopyOnWriteArrayList<AutoLogin>();
247
248 }