001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.servlet.HttpHeaders;
020 import com.liferay.portal.kernel.util.PropsKeys;
021 import com.liferay.portal.kernel.util.StringPool;
022 import com.liferay.portal.kernel.util.Validator;
023 import com.liferay.portal.model.User;
024 import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026 import com.liferay.portal.util.PortalUtil;
027 import com.liferay.portal.util.PrefsPropsUtil;
028 import com.liferay.portal.util.PropsUtil;
029 import com.liferay.portal.util.PropsValues;
030
031 import java.util.HashSet;
032 import java.util.Set;
033
034 import javax.servlet.http.HttpServletRequest;
035 import javax.servlet.http.HttpServletResponse;
036
037
041 public class RequestHeaderAutoLogin implements AutoLogin {
042
043 public RequestHeaderAutoLogin() {
044 String[] hostsAllowedArray = PropsUtil.getArray(
045 "request.header.auth.hosts.allowed");
046
047 for (int i = 0; i < hostsAllowedArray.length; i++) {
048 _hostsAllowed.add(hostsAllowedArray[i]);
049 }
050 }
051
052 public String[] login(
053 HttpServletRequest request, HttpServletResponse response) {
054
055 String[] credentials = null;
056
057 String remoteAddr = request.getRemoteAddr();
058
059 if (AuthSettingsUtil.isAccessAllowed(request, _hostsAllowed)) {
060 if (_log.isDebugEnabled()) {
061 _log.debug("Access allowed for " + remoteAddr);
062 }
063 }
064 else {
065 if (_log.isWarnEnabled()) {
066 _log.warn("Access denied for " + remoteAddr);
067 }
068
069 return credentials;
070 }
071
072 try {
073 long companyId = PortalUtil.getCompanyId(request);
074
075 String screenName = request.getHeader(
076 HttpHeaders.LIFERAY_SCREEN_NAME);
077
078 if (Validator.isNull(screenName)) {
079 return credentials;
080 }
081
082 User user = null;
083
084 if (PrefsPropsUtil.getBoolean(
085 companyId, PropsKeys.REQUEST_HEADER_AUTH_IMPORT_FROM_LDAP,
086 PropsValues.REQUEST_HEADER_AUTH_IMPORT_FROM_LDAP)) {
087
088 try {
089 user = PortalLDAPImporterUtil.importLDAPUser(
090 companyId, StringPool.BLANK, screenName);
091 }
092 catch (Exception e) {
093 }
094 }
095
096 if (user == null) {
097 user = UserLocalServiceUtil.getUserByScreenName(
098 companyId, screenName);
099 }
100
101 credentials = new String[3];
102
103 credentials[0] = String.valueOf(user.getUserId());
104 credentials[1] = user.getPassword();
105 credentials[2] = Boolean.TRUE.toString();
106
107 return credentials;
108 }
109 catch (Exception e) {
110 _log.error(e, e);
111 }
112
113 return credentials;
114 }
115
116 private static Log _log = LogFactoryUtil.getLog(
117 RequestHeaderAutoLogin.class);
118
119 private Set<String> _hostsAllowed = new HashSet<String>();
120
121 }