001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.util.GetterUtil;
018 import com.liferay.portal.kernel.util.ParamUtil;
019 import com.liferay.portal.kernel.util.Validator;
020 import com.liferay.portal.model.Company;
021 import com.liferay.portal.model.CompanyConstants;
022 import com.liferay.portal.model.User;
023 import com.liferay.portal.security.pwd.PwdEncryptor;
024 import com.liferay.portal.service.UserLocalServiceUtil;
025 import com.liferay.portal.util.PortalUtil;
026
027 import java.util.Properties;
028
029 import javax.servlet.http.HttpServletRequest;
030 import javax.servlet.http.HttpServletResponse;
031
032
036 public class ParameterAutoLogin implements AuthVerifier, AutoLogin {
037
038 public String getAuthType() {
039 return ParameterAutoLogin.class.getSimpleName();
040 }
041
042 public String[] login(
043 HttpServletRequest request, HttpServletResponse response)
044 throws AutoLoginException {
045
046 try {
047 String login = ParamUtil.getString(request, getLoginParam());
048
049 if (Validator.isNull(login)) {
050 return null;
051 }
052
053 String password = ParamUtil.getString(request, getPasswordParam());
054
055 if (Validator.isNull(password)) {
056 return null;
057 }
058
059 Company company = PortalUtil.getCompany(request);
060
061 String authType = company.getAuthType();
062
063 long userId = 0;
064
065 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
066 userId = UserLocalServiceUtil.getUserIdByEmailAddress(
067 company.getCompanyId(), login);
068 }
069 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
070 userId = UserLocalServiceUtil.getUserIdByScreenName(
071 company.getCompanyId(), login);
072 }
073 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
074 userId = GetterUtil.getLong(login);
075 }
076 else {
077 return null;
078 }
079
080 if (userId > 0) {
081 User user = UserLocalServiceUtil.getUserById(userId);
082
083 String userPassword = user.getPassword();
084
085 if (!user.isPasswordEncrypted()) {
086 userPassword = PwdEncryptor.encrypt(userPassword);
087 }
088
089 String encPassword = PwdEncryptor.encrypt(password);
090
091 if (!userPassword.equals(password) &&
092 !userPassword.equals(encPassword)) {
093
094 return null;
095 }
096 }
097
098 String[] credentials = new String[] {
099 String.valueOf(userId), password, Boolean.FALSE.toString()
100 };
101
102 return credentials;
103 }
104 catch (Exception e) {
105 throw new AutoLoginException(e);
106 }
107 }
108
109 public AuthVerifierResult verify(
110 AccessControlContext accessControlContext, Properties properties)
111 throws AuthException {
112
113 try {
114 AuthVerifierResult authVerifierResult = new AuthVerifierResult();
115
116 String[] credentials = login(
117 accessControlContext.getRequest(),
118 accessControlContext.getResponse());
119
120 if (credentials != null) {
121 authVerifierResult.setPassword(credentials[1]);
122 authVerifierResult.setState(AuthVerifierResult.State.SUCCESS);
123 authVerifierResult.setUserId(Long.valueOf(credentials[0]));
124 }
125
126 return authVerifierResult;
127 }
128 catch (AutoLoginException ale) {
129 throw new AuthException(ale);
130 }
131 }
132
133 protected String getLoginParam() {
134 return _LOGIN_PARAM;
135 }
136
137 protected String getPasswordParam() {
138 return _PASSWORD_PARAM;
139 }
140
141 private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
142
143 private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
144
145 }