001
014
015 package com.liferay.portlet.login.action;
016
017 import com.liferay.portal.CompanyMaxUsersException;
018 import com.liferay.portal.CookieNotSupportedException;
019 import com.liferay.portal.NoSuchUserException;
020 import com.liferay.portal.PasswordExpiredException;
021 import com.liferay.portal.UserEmailAddressException;
022 import com.liferay.portal.UserIdException;
023 import com.liferay.portal.UserLockoutException;
024 import com.liferay.portal.UserPasswordException;
025 import com.liferay.portal.UserScreenNameException;
026 import com.liferay.portal.kernel.log.Log;
027 import com.liferay.portal.kernel.log.LogFactoryUtil;
028 import com.liferay.portal.kernel.servlet.SessionErrors;
029 import com.liferay.portal.kernel.util.Http;
030 import com.liferay.portal.kernel.util.ParamUtil;
031 import com.liferay.portal.kernel.util.Validator;
032 import com.liferay.portal.model.Layout;
033 import com.liferay.portal.security.auth.AuthException;
034 import com.liferay.portal.struts.PortletAction;
035 import com.liferay.portal.theme.ThemeDisplay;
036 import com.liferay.portal.util.PortalUtil;
037 import com.liferay.portal.util.PortletKeys;
038 import com.liferay.portal.util.PropsValues;
039 import com.liferay.portal.util.WebKeys;
040 import com.liferay.portlet.PortletPreferencesFactoryUtil;
041 import com.liferay.portlet.PortletURLImpl;
042 import com.liferay.portlet.login.util.LoginUtil;
043
044 import javax.portlet.ActionRequest;
045 import javax.portlet.ActionResponse;
046 import javax.portlet.PortletConfig;
047 import javax.portlet.PortletPreferences;
048 import javax.portlet.PortletRequest;
049 import javax.portlet.PortletURL;
050 import javax.portlet.RenderRequest;
051 import javax.portlet.RenderResponse;
052 import javax.portlet.WindowState;
053
054 import javax.servlet.http.HttpServletRequest;
055 import javax.servlet.http.HttpServletResponse;
056 import javax.servlet.http.HttpSession;
057
058 import org.apache.struts.action.ActionForm;
059 import org.apache.struts.action.ActionForward;
060 import org.apache.struts.action.ActionMapping;
061
062
065 public class LoginAction extends PortletAction {
066
067 @Override
068 public void processAction(
069 ActionMapping actionMapping, ActionForm actionForm,
070 PortletConfig portletConfig, ActionRequest actionRequest,
071 ActionResponse actionResponse)
072 throws Exception {
073
074 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
075 WebKeys.THEME_DISPLAY);
076
077 if (PropsValues.AUTH_LOGIN_DISABLED) {
078 actionResponse.sendRedirect(
079 themeDisplay.getPathMain() +
080 PropsValues.AUTH_LOGIN_DISABLED_PATH);
081
082 return;
083 }
084
085
090
091 try {
092 login(themeDisplay, actionRequest, actionResponse);
093
094 boolean doActionAfterLogin = ParamUtil.getBoolean(
095 actionRequest, "doActionAfterLogin");
096
097 if (doActionAfterLogin) {
098 setForward(actionRequest, "portlet.login.login_redirect");
099 }
100 }
101 catch (Exception e) {
102 if (e instanceof AuthException) {
103 Throwable cause = e.getCause();
104
105 if (cause instanceof PasswordExpiredException ||
106 cause instanceof UserLockoutException) {
107
108 SessionErrors.add(actionRequest, cause.getClass());
109 }
110 else {
111 if (_log.isInfoEnabled()) {
112 _log.info("Authentication failed");
113 }
114
115 SessionErrors.add(actionRequest, e.getClass());
116 }
117 }
118 else if (e instanceof CompanyMaxUsersException ||
119 e instanceof CookieNotSupportedException ||
120 e instanceof NoSuchUserException ||
121 e instanceof PasswordExpiredException ||
122 e instanceof UserEmailAddressException ||
123 e instanceof UserIdException ||
124 e instanceof UserLockoutException ||
125 e instanceof UserPasswordException ||
126 e instanceof UserScreenNameException) {
127
128 SessionErrors.add(actionRequest, e.getClass());
129 }
130 else {
131 _log.error(e, e);
132
133 PortalUtil.sendError(e, actionRequest, actionResponse);
134
135 return;
136 }
137
138 postProcessAuthFailure(actionRequest, actionResponse);
139 }
140 }
141
142 @Override
143 public ActionForward render(
144 ActionMapping actionMapping, ActionForm actionForm,
145 PortletConfig portletConfig, RenderRequest renderRequest,
146 RenderResponse renderResponse)
147 throws Exception {
148
149 return actionMapping.findForward(
150 getForward(renderRequest, "portlet.login.login"));
151 }
152
153 protected String getCompleteRedirectURL(
154 HttpServletRequest request, String redirect) {
155
156 HttpSession session = request.getSession();
157
158 Boolean httpsInitial = (Boolean)session.getAttribute(
159 WebKeys.HTTPS_INITIAL);
160
161 String portalURL = null;
162
163 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
164 !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
165 (httpsInitial != null) && !httpsInitial.booleanValue()) {
166
167 portalURL = PortalUtil.getPortalURL(request, false);
168 }
169 else {
170 portalURL = PortalUtil.getPortalURL(request);
171 }
172
173 return portalURL.concat(redirect);
174 }
175
176 @Override
177 protected boolean isCheckMethodOnProcessAction() {
178 return _CHECK_METHOD_ON_PROCESS_ACTION;
179 }
180
181 protected void login(
182 ThemeDisplay themeDisplay, ActionRequest actionRequest,
183 ActionResponse actionResponse)
184 throws Exception {
185
186 HttpServletRequest request = PortalUtil.getHttpServletRequest(
187 actionRequest);
188 HttpServletResponse response = PortalUtil.getHttpServletResponse(
189 actionResponse);
190
191 String login = ParamUtil.getString(actionRequest, "login");
192 String password = actionRequest.getParameter("password");
193 boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
194
195 if (!themeDisplay.isSignedIn()) {
196 PortletPreferences portletPreferences =
197 PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
198
199 String authType = portletPreferences.getValue("authType", null);
200
201 LoginUtil.login(
202 request, response, login, password, rememberMe, authType);
203 }
204
205 String redirect = ParamUtil.getString(actionRequest, "redirect");
206
207 if (Validator.isNotNull(redirect)) {
208 redirect = PortalUtil.escapeRedirect(redirect);
209
210 if (!redirect.startsWith(Http.HTTP)) {
211 redirect = getCompleteRedirectURL(request, redirect);
212 }
213 }
214
215 String mainPath = themeDisplay.getPathMain();
216
217 if (PropsValues.PORTAL_JAAS_ENABLE) {
218 if (Validator.isNotNull(redirect)) {
219 redirect = mainPath.concat(
220 "/portal/protected?redirect=").concat(redirect);
221 }
222 else {
223 redirect = mainPath.concat("/portal/protected");
224 }
225
226 actionResponse.sendRedirect(redirect);
227 }
228 else {
229 if (Validator.isNotNull(redirect)) {
230 actionResponse.sendRedirect(redirect);
231 }
232 else {
233 boolean doActionAfterLogin = ParamUtil.getBoolean(
234 actionRequest, "doActionAfterLogin");
235
236 if (doActionAfterLogin) {
237 return;
238 }
239 else {
240 actionResponse.sendRedirect(mainPath);
241 }
242 }
243 }
244 }
245
246 protected void postProcessAuthFailure(
247 ActionRequest actionRequest, ActionResponse actionResponse)
248 throws Exception {
249
250 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
251
252 PortletURL portletURL = new PortletURLImpl(
253 actionRequest, PortletKeys.LOGIN, layout.getPlid(),
254 PortletRequest.RENDER_PHASE);
255
256 portletURL.setParameter("saveLastPath", Boolean.FALSE.toString());
257
258 portletURL.setWindowState(WindowState.MAXIMIZED);
259
260 actionResponse.sendRedirect(portletURL.toString());
261 }
262
263 private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
264
265 private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
266
267 }