001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.action;
016    
017    import com.liferay.portal.kernel.portlet.WindowStateFactory;
018    import com.liferay.portal.kernel.util.CharPool;
019    import com.liferay.portal.kernel.util.HttpUtil;
020    import com.liferay.portal.kernel.util.ParamUtil;
021    import com.liferay.portal.kernel.util.PropsKeys;
022    import com.liferay.portal.kernel.util.StringBundler;
023    import com.liferay.portal.kernel.util.StringPool;
024    import com.liferay.portal.kernel.util.StringUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.theme.ThemeDisplay;
027    import com.liferay.portal.util.PortalUtil;
028    import com.liferay.portal.util.PortletKeys;
029    import com.liferay.portal.util.PrefsPropsUtil;
030    import com.liferay.portal.util.PropsValues;
031    import com.liferay.portal.util.WebKeys;
032    import com.liferay.portlet.PortletURLFactoryUtil;
033    import com.liferay.portlet.login.util.LoginUtil;
034    
035    import javax.portlet.PortletMode;
036    import javax.portlet.PortletRequest;
037    import javax.portlet.PortletURL;
038    import javax.portlet.WindowState;
039    
040    import javax.servlet.http.HttpServletRequest;
041    import javax.servlet.http.HttpServletResponse;
042    import javax.servlet.http.HttpSession;
043    
044    import org.apache.struts.action.Action;
045    import org.apache.struts.action.ActionForm;
046    import org.apache.struts.action.ActionForward;
047    import org.apache.struts.action.ActionMapping;
048    
049    /**
050     * @author Brian Wing Shun Chan
051     * @author Scott Lee
052     */
053    public class LoginAction extends Action {
054    
055            @Override
056            public ActionForward execute(
057                            ActionMapping mapping, ActionForm form, HttpServletRequest request,
058                            HttpServletResponse response)
059                    throws Exception {
060    
061                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
062                            WebKeys.THEME_DISPLAY);
063    
064                    if (PropsValues.AUTH_LOGIN_DISABLED) {
065                            response.sendRedirect(
066                                    themeDisplay.getPathMain() +
067                                            PropsValues.AUTH_LOGIN_DISABLED_PATH);
068    
069                            return null;
070                    }
071    
072                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
073                            !request.isSecure()) {
074    
075                            StringBundler sb = new StringBundler(4);
076    
077                            sb.append(PortalUtil.getPortalURL(request, true));
078                            sb.append(request.getRequestURI());
079                            sb.append(StringPool.QUESTION);
080                            sb.append(request.getQueryString());
081    
082                            response.sendRedirect(sb.toString());
083    
084                            return null;
085                    }
086    
087                    String login = ParamUtil.getString(request, "login");
088                    String password = request.getParameter("password");
089                    boolean rememberMe = ParamUtil.getBoolean(request, "rememberMe");
090                    String authType = ParamUtil.getString(request, "authType");
091    
092                    if (Validator.isNotNull(login) && Validator.isNotNull(password)) {
093                            LoginUtil.login(
094                                    request, response, login, password, rememberMe, authType);
095                    }
096    
097                    HttpSession session = request.getSession();
098    
099                    if ((session.getAttribute("j_username") != null) &&
100                            (session.getAttribute("j_password") != null)) {
101    
102                            if (PropsValues.PORTAL_JAAS_ENABLE) {
103                                    return mapping.findForward("/portal/touch_protected.jsp");
104                            }
105    
106                            String redirect = ParamUtil.getString(request, "redirect");
107    
108                            redirect = PortalUtil.escapeRedirect(redirect);
109    
110                            if (Validator.isNull(redirect)) {
111                                    redirect = themeDisplay.getPathMain();
112                            }
113    
114                            if (redirect.charAt(0) == CharPool.SLASH) {
115                                    String portalURL = PortalUtil.getPortalURL(
116                                            request, request.isSecure());
117    
118                                    if (Validator.isNotNull(portalURL)) {
119                                            redirect = portalURL.concat(redirect);
120                                    }
121                            }
122    
123                            response.sendRedirect(redirect);
124    
125                            return null;
126                    }
127    
128                    String redirect = PortalUtil.getSiteLoginURL(themeDisplay);
129    
130                    if (Validator.isNull(redirect)) {
131                            redirect = PropsValues.AUTH_LOGIN_URL;
132                    }
133    
134                    if (Validator.isNull(redirect)) {
135                            PortletURL portletURL = PortletURLFactoryUtil.create(
136                                    request, PortletKeys.LOGIN, themeDisplay.getPlid(),
137                                    PortletRequest.RENDER_PHASE);
138    
139                            portletURL.setParameter("saveLastPath", Boolean.FALSE.toString());
140                            portletURL.setParameter("struts_action", "/login/login");
141                            portletURL.setPortletMode(PortletMode.VIEW);
142                            portletURL.setWindowState(getWindowState(request));
143    
144                            redirect = portletURL.toString();
145                    }
146    
147                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) {
148                            String portalURL = PortalUtil.getPortalURL(request);
149                            String portalURLSecure = PortalUtil.getPortalURL(request, true);
150    
151                            if (!portalURL.equals(portalURLSecure)) {
152                                    redirect = StringUtil.replaceFirst(
153                                            redirect, portalURL, portalURLSecure);
154                            }
155                    }
156    
157                    String loginRedirect = ParamUtil.getString(request, "redirect");
158    
159                    if (Validator.isNotNull(loginRedirect)) {
160                            if (PrefsPropsUtil.getBoolean(
161                                            themeDisplay.getCompanyId(), PropsKeys.CAS_AUTH_ENABLED,
162                                            PropsValues.CAS_AUTH_ENABLED)) {
163    
164                                    redirect = loginRedirect;
165                            }
166                            else {
167                                    String loginPortletNamespace = PortalUtil.getPortletNamespace(
168                                            PropsValues.AUTH_LOGIN_PORTLET_NAME);
169    
170                                    String loginRedirectParameter =
171                                            loginPortletNamespace + "redirect";
172    
173                                    redirect = HttpUtil.setParameter(
174                                            redirect, "p_p_id", PropsValues.AUTH_LOGIN_PORTLET_NAME);
175                                    redirect = HttpUtil.setParameter(
176                                            redirect, "p_p_lifecycle", "0");
177                                    redirect = HttpUtil.setParameter(
178                                            redirect, loginRedirectParameter, loginRedirect);
179                            }
180                    }
181    
182                    response.sendRedirect(redirect);
183    
184                    return null;
185            }
186    
187            protected WindowState getWindowState(HttpServletRequest request) {
188                    WindowState windowState = WindowState.MAXIMIZED;
189    
190                    String windowStateString = ParamUtil.getString(request, "windowState");
191    
192                    if (Validator.isNotNull(windowStateString)) {
193                            windowState = WindowStateFactory.getWindowState(windowStateString);
194                    }
195    
196                    return windowState;
197            }
198    
199    }