001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.CompanyMaxUsersException;
018    import com.liferay.portal.CookieNotSupportedException;
019    import com.liferay.portal.NoSuchUserException;
020    import com.liferay.portal.PasswordExpiredException;
021    import com.liferay.portal.UserEmailAddressException;
022    import com.liferay.portal.UserIdException;
023    import com.liferay.portal.UserLockoutException;
024    import com.liferay.portal.UserPasswordException;
025    import com.liferay.portal.UserScreenNameException;
026    import com.liferay.portal.kernel.log.Log;
027    import com.liferay.portal.kernel.log.LogFactoryUtil;
028    import com.liferay.portal.kernel.servlet.SessionErrors;
029    import com.liferay.portal.kernel.util.Http;
030    import com.liferay.portal.kernel.util.ParamUtil;
031    import com.liferay.portal.kernel.util.Validator;
032    import com.liferay.portal.security.auth.AuthException;
033    import com.liferay.portal.struts.PortletAction;
034    import com.liferay.portal.theme.ThemeDisplay;
035    import com.liferay.portal.util.PortalUtil;
036    import com.liferay.portal.util.PropsValues;
037    import com.liferay.portal.util.WebKeys;
038    import com.liferay.portlet.PortletPreferencesFactoryUtil;
039    import com.liferay.portlet.login.util.LoginUtil;
040    
041    import javax.portlet.ActionRequest;
042    import javax.portlet.ActionResponse;
043    import javax.portlet.PortletConfig;
044    import javax.portlet.PortletPreferences;
045    import javax.portlet.RenderRequest;
046    import javax.portlet.RenderResponse;
047    
048    import javax.servlet.http.HttpServletRequest;
049    import javax.servlet.http.HttpServletResponse;
050    import javax.servlet.http.HttpSession;
051    
052    import org.apache.struts.action.ActionForm;
053    import org.apache.struts.action.ActionForward;
054    import org.apache.struts.action.ActionMapping;
055    
056    /**
057     * @author Brian Wing Shun Chan
058     */
059    public class LoginAction extends PortletAction {
060    
061            @Override
062            public void processAction(
063                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
064                            ActionRequest actionRequest, ActionResponse actionResponse)
065                    throws Exception {
066    
067                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
068                            WebKeys.THEME_DISPLAY);
069    
070                    if (PropsValues.AUTH_LOGIN_DISABLED) {
071                            actionResponse.sendRedirect(
072                                    themeDisplay.getPathMain() +
073                                            PropsValues.AUTH_LOGIN_DISABLED_PATH);
074    
075                            return;
076                    }
077    
078                    /*if (actionRequest.getRemoteUser() != null) {
079                            actionResponse.sendRedirect(themeDisplay.getPathMain());
080    
081                            return;
082                    }*/
083    
084                    try {
085                            PortletPreferences preferences =
086                                    PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
087    
088                            login(themeDisplay, actionRequest, actionResponse, preferences);
089    
090                            boolean doActionAfterLogin = ParamUtil.getBoolean(
091                                    actionRequest, "doActionAfterLogin");
092    
093                            if (doActionAfterLogin) {
094                                    setForward(actionRequest, "portlet.login.login_redirect");
095                            }
096                    }
097                    catch (Exception e) {
098                            if (e instanceof AuthException) {
099                                    Throwable cause = e.getCause();
100    
101                                    if (cause instanceof PasswordExpiredException ||
102                                            cause instanceof UserLockoutException) {
103    
104                                            SessionErrors.add(actionRequest, cause.getClass());
105                                    }
106                                    else {
107                                            if (_log.isInfoEnabled()) {
108                                                    _log.info("Authentication failed");
109                                            }
110    
111                                            SessionErrors.add(actionRequest, e.getClass());
112                                    }
113                            }
114                            else if (e instanceof CompanyMaxUsersException ||
115                                             e instanceof CookieNotSupportedException ||
116                                             e instanceof NoSuchUserException ||
117                                             e instanceof PasswordExpiredException ||
118                                             e instanceof UserEmailAddressException ||
119                                             e instanceof UserIdException ||
120                                             e instanceof UserLockoutException ||
121                                             e instanceof UserPasswordException ||
122                                             e instanceof UserScreenNameException) {
123    
124                                    SessionErrors.add(actionRequest, e.getClass());
125                            }
126                            else {
127                                    _log.error(e, e);
128    
129                                    PortalUtil.sendError(e, actionRequest, actionResponse);
130                            }
131                    }
132            }
133    
134            @Override
135            public ActionForward render(
136                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
137                            RenderRequest renderRequest, RenderResponse renderResponse)
138                    throws Exception {
139    
140                    return mapping.findForward(
141                            getForward(renderRequest, "portlet.login.login"));
142            }
143    
144            protected String getCompleteRedirectURL(
145                    HttpServletRequest request, String redirect) {
146    
147                    HttpSession session = request.getSession();
148    
149                    Boolean httpsInitial = (Boolean)session.getAttribute(
150                            WebKeys.HTTPS_INITIAL);
151    
152                    String portalURL = null;
153    
154                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
155                            !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
156                            (httpsInitial != null) && !httpsInitial.booleanValue()) {
157    
158                            portalURL = PortalUtil.getPortalURL(request, false);
159                    }
160                    else {
161                            portalURL = PortalUtil.getPortalURL(request);
162                    }
163    
164                    return portalURL.concat(redirect);
165            }
166    
167            @Override
168            protected boolean isCheckMethodOnProcessAction() {
169                    return _CHECK_METHOD_ON_PROCESS_ACTION;
170            }
171    
172            protected void login(
173                            ThemeDisplay themeDisplay, ActionRequest actionRequest,
174                            ActionResponse actionResponse, PortletPreferences preferences)
175                    throws Exception {
176    
177                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
178                            actionRequest);
179                    HttpServletResponse response = PortalUtil.getHttpServletResponse(
180                            actionResponse);
181    
182                    String login = ParamUtil.getString(actionRequest, "login");
183                    String password = actionRequest.getParameter("password");
184                    boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
185    
186                    String authType = preferences.getValue("authType", null);
187    
188                    if (!themeDisplay.isSignedIn()) {
189                            LoginUtil.login(
190                                    request, response, login, password, rememberMe, authType);
191                    }
192    
193                    if (PropsValues.PORTAL_JAAS_ENABLE) {
194                            actionResponse.sendRedirect(
195                                    themeDisplay.getPathMain() + "/portal/protected");
196                    }
197                    else {
198                            String redirect = ParamUtil.getString(actionRequest, "redirect");
199    
200                            if (Validator.isNotNull(redirect)) {
201                                    redirect = PortalUtil.escapeRedirect(redirect);
202    
203                                    if (!redirect.startsWith(Http.HTTP)) {
204                                            redirect = getCompleteRedirectURL(request, redirect);
205                                    }
206    
207                                    actionResponse.sendRedirect(redirect);
208                            }
209                            else {
210                                    boolean doActionAfterLogin = ParamUtil.getBoolean(
211                                            actionRequest, "doActionAfterLogin");
212    
213                                    if (doActionAfterLogin) {
214                                            return;
215                                    }
216                                    else {
217                                            actionResponse.sendRedirect(themeDisplay.getPathMain());
218                                    }
219                            }
220                    }
221            }
222    
223            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
224    
225            private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
226    
227    }