001
014
015 package com.liferay.portal.servlet.filters.autologin;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
020 import com.liferay.portal.kernel.util.GetterUtil;
021 import com.liferay.portal.kernel.util.InstancePool;
022 import com.liferay.portal.kernel.util.StringBundler;
023 import com.liferay.portal.kernel.util.StringPool;
024 import com.liferay.portal.kernel.util.StringUtil;
025 import com.liferay.portal.kernel.util.Validator;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.auth.AutoLogin;
028 import com.liferay.portal.security.pwd.PasswordEncryptorUtil;
029 import com.liferay.portal.service.UserLocalServiceUtil;
030 import com.liferay.portal.servlet.filters.BasePortalFilter;
031 import com.liferay.portal.util.Portal;
032 import com.liferay.portal.util.PortalInstances;
033 import com.liferay.portal.util.PortalUtil;
034 import com.liferay.portal.util.PropsValues;
035 import com.liferay.portal.util.WebKeys;
036 import com.liferay.portlet.login.util.LoginUtil;
037
038 import java.util.List;
039 import java.util.concurrent.CopyOnWriteArrayList;
040
041 import javax.servlet.FilterChain;
042 import javax.servlet.http.HttpServletRequest;
043 import javax.servlet.http.HttpServletResponse;
044 import javax.servlet.http.HttpSession;
045
046
050 public class AutoLoginFilter extends BasePortalFilter {
051
052 public static void registerAutoLogin(AutoLogin autoLogin) {
053 _autoLogins.add(autoLogin);
054 }
055
056 public static void unregisterAutoLogin(AutoLogin autoLogin) {
057 _autoLogins.remove(autoLogin);
058 }
059
060 public AutoLoginFilter() {
061 for (String autoLoginClassName : PropsValues.AUTO_LOGIN_HOOKS) {
062 AutoLogin autoLogin = (AutoLogin)InstancePool.get(
063 autoLoginClassName);
064
065 _autoLogins.add(autoLogin);
066 }
067 }
068
069 protected String getLoginRemoteUser(
070 HttpServletRequest request, HttpServletResponse response,
071 HttpSession session, String[] credentials)
072 throws Exception {
073
074 if ((credentials == null) || (credentials.length != 3)) {
075 return null;
076 }
077
078 String jUsername = credentials[0];
079 String jPassword = credentials[1];
080 boolean encPassword = GetterUtil.getBoolean(credentials[2]);
081
082 if (Validator.isNull(jUsername) || Validator.isNull(jPassword)) {
083 return null;
084 }
085
086 long userId = GetterUtil.getLong(jUsername);
087
088 if (userId <= 0) {
089 return null;
090 }
091
092 User user = UserLocalServiceUtil.fetchUserById(userId);
093
094 if ((user == null) || user.isLockout()) {
095 return null;
096 }
097
098 if (PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) {
099 session = LoginUtil.renewSession(request, session);
100 }
101
102 session.setAttribute("j_username", jUsername);
103
104
105
106
107 if (encPassword) {
108 session.setAttribute("j_password", jPassword);
109 }
110 else {
111 session.setAttribute(
112 "j_password", PasswordEncryptorUtil.encrypt(jPassword));
113
114 if (PropsValues.SESSION_STORE_PASSWORD) {
115 session.setAttribute(WebKeys.USER_PASSWORD, jPassword);
116 }
117 }
118
119 session.setAttribute("j_remoteuser", jUsername);
120
121 if (PropsValues.PORTAL_JAAS_ENABLE) {
122 String redirect = PortalUtil.getPathMain().concat(
123 "/portal/protected");
124
125 if (PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
126 String autoLoginRedirect = (String)request.getAttribute(
127 AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE);
128
129 redirect = redirect.concat("?redirect=");
130
131 if (Validator.isNotNull(autoLoginRedirect)) {
132 redirect = redirect.concat(autoLoginRedirect);
133 }
134 else {
135 redirect = redirect.concat(
136 PortalUtil.getCurrentCompleteURL(request));
137 }
138 }
139
140 response.sendRedirect(redirect);
141 }
142
143 return jUsername;
144 }
145
146 @Override
147 protected void processFilter(
148 HttpServletRequest request, HttpServletResponse response,
149 FilterChain filterChain)
150 throws Exception {
151
152 HttpSession session = request.getSession();
153
154 String host = PortalUtil.getHost(request);
155
156 if (PortalInstances.isAutoLoginIgnoreHost(host)) {
157 if (_log.isDebugEnabled()) {
158 _log.debug("Ignore host " + host);
159 }
160
161 processFilter(
162 AutoLoginFilter.class, request, response, filterChain);
163
164 return;
165 }
166
167 String contextPath = PortalUtil.getPathContext();
168
169 String path = StringUtil.toLowerCase(request.getRequestURI());
170
171 if (!contextPath.equals(StringPool.SLASH) &&
172 path.contains(contextPath)) {
173
174 path = path.substring(contextPath.length());
175 }
176
177 if (PortalInstances.isAutoLoginIgnorePath(path)) {
178 if (_log.isDebugEnabled()) {
179 _log.debug("Ignore path " + path);
180 }
181
182 processFilter(
183 AutoLoginFilter.class, request, response, filterChain);
184
185 return;
186 }
187
188 String remoteUser = request.getRemoteUser();
189 String jUserName = (String)session.getAttribute("j_username");
190
191
192
193
194
195
196
197 if (!PropsValues.AUTH_LOGIN_DISABLED &&
198 (remoteUser == null) && (jUserName == null)) {
199
200 for (AutoLogin autoLogin : _autoLogins) {
201 try {
202 String[] credentials = autoLogin.login(request, response);
203
204 String redirect = (String)request.getAttribute(
205 AutoLogin.AUTO_LOGIN_REDIRECT);
206
207 if (Validator.isNotNull(redirect)) {
208 response.sendRedirect(redirect);
209
210 return;
211 }
212
213 String loginRemoteUser = getLoginRemoteUser(
214 request, response, session, credentials);
215
216 if (loginRemoteUser != null) {
217 request = new ProtectedServletRequest(
218 request, loginRemoteUser);
219
220 if (PropsValues.PORTAL_JAAS_ENABLE) {
221 return;
222 }
223
224 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
225 redirect = Portal.PATH_MAIN;
226 }
227 else {
228 redirect = (String)request.getAttribute(
229 AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE);
230 }
231
232 if (Validator.isNotNull(redirect)) {
233 response.sendRedirect(redirect);
234
235 return;
236 }
237 }
238 }
239 catch (Exception e) {
240 StringBundler sb = new StringBundler(4);
241
242 sb.append("Current URL ");
243
244 String currentURL = PortalUtil.getCurrentURL(request);
245
246 sb.append(currentURL);
247
248 sb.append(" generates exception: ");
249 sb.append(e.getMessage());
250
251 if (currentURL.endsWith(_PATH_CHAT_LATEST)) {
252 if (_log.isWarnEnabled()) {
253 _log.warn(sb.toString());
254 }
255 }
256 else {
257 _log.error(sb.toString());
258 }
259 }
260 }
261 }
262
263 processFilter(AutoLoginFilter.class, request, response, filterChain);
264 }
265
266 private static final String _PATH_CHAT_LATEST = "/-/chat/latest";
267
268 private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
269
270 private static List<AutoLogin> _autoLogins =
271 new CopyOnWriteArrayList<AutoLogin>();
272
273 }