001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.CompanyMaxUsersException;
018    import com.liferay.portal.CookieNotSupportedException;
019    import com.liferay.portal.NoSuchUserException;
020    import com.liferay.portal.PasswordExpiredException;
021    import com.liferay.portal.UserEmailAddressException;
022    import com.liferay.portal.UserIdException;
023    import com.liferay.portal.UserLockoutException;
024    import com.liferay.portal.UserPasswordException;
025    import com.liferay.portal.UserScreenNameException;
026    import com.liferay.portal.kernel.log.Log;
027    import com.liferay.portal.kernel.log.LogFactoryUtil;
028    import com.liferay.portal.kernel.servlet.SessionErrors;
029    import com.liferay.portal.kernel.util.Http;
030    import com.liferay.portal.kernel.util.ParamUtil;
031    import com.liferay.portal.kernel.util.Validator;
032    import com.liferay.portal.model.Layout;
033    import com.liferay.portal.security.auth.AuthException;
034    import com.liferay.portal.struts.PortletAction;
035    import com.liferay.portal.theme.ThemeDisplay;
036    import com.liferay.portal.util.PortalUtil;
037    import com.liferay.portal.util.PortletKeys;
038    import com.liferay.portal.util.PropsValues;
039    import com.liferay.portal.util.WebKeys;
040    import com.liferay.portlet.PortletPreferencesFactoryUtil;
041    import com.liferay.portlet.PortletURLImpl;
042    import com.liferay.portlet.login.util.LoginUtil;
043    
044    import javax.portlet.ActionRequest;
045    import javax.portlet.ActionResponse;
046    import javax.portlet.PortletConfig;
047    import javax.portlet.PortletPreferences;
048    import javax.portlet.PortletRequest;
049    import javax.portlet.PortletURL;
050    import javax.portlet.RenderRequest;
051    import javax.portlet.RenderResponse;
052    import javax.portlet.WindowState;
053    
054    import javax.servlet.http.HttpServletRequest;
055    import javax.servlet.http.HttpServletResponse;
056    import javax.servlet.http.HttpSession;
057    
058    import org.apache.struts.action.ActionForm;
059    import org.apache.struts.action.ActionForward;
060    import org.apache.struts.action.ActionMapping;
061    
062    /**
063     * @author Brian Wing Shun Chan
064     */
065    public class LoginAction extends PortletAction {
066    
067            @Override
068            public void processAction(
069                            ActionMapping actionMapping, ActionForm actionForm,
070                            PortletConfig portletConfig, ActionRequest actionRequest,
071                            ActionResponse actionResponse)
072                    throws Exception {
073    
074                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
075                            WebKeys.THEME_DISPLAY);
076    
077                    if (PropsValues.AUTH_LOGIN_DISABLED) {
078                            actionResponse.sendRedirect(
079                                    themeDisplay.getPathMain() +
080                                            PropsValues.AUTH_LOGIN_DISABLED_PATH);
081    
082                            return;
083                    }
084    
085                    /*if (actionRequest.getRemoteUser() != null) {
086                            actionResponse.sendRedirect(themeDisplay.getPathMain());
087    
088                            return;
089                    }*/
090    
091                    try {
092                            login(themeDisplay, actionRequest, actionResponse);
093    
094                            boolean doActionAfterLogin = ParamUtil.getBoolean(
095                                    actionRequest, "doActionAfterLogin");
096    
097                            if (doActionAfterLogin) {
098                                    setForward(actionRequest, "portlet.login.login_redirect");
099                            }
100                    }
101                    catch (Exception e) {
102                            if (e instanceof AuthException) {
103                                    Throwable cause = e.getCause();
104    
105                                    if (cause instanceof PasswordExpiredException ||
106                                            cause instanceof UserLockoutException) {
107    
108                                            SessionErrors.add(actionRequest, cause.getClass());
109                                    }
110                                    else {
111                                            if (_log.isInfoEnabled()) {
112                                                    _log.info("Authentication failed");
113                                            }
114    
115                                            SessionErrors.add(actionRequest, e.getClass());
116                                    }
117                            }
118                            else if (e instanceof CompanyMaxUsersException ||
119                                             e instanceof CookieNotSupportedException ||
120                                             e instanceof NoSuchUserException ||
121                                             e instanceof PasswordExpiredException ||
122                                             e instanceof UserEmailAddressException ||
123                                             e instanceof UserIdException ||
124                                             e instanceof UserLockoutException ||
125                                             e instanceof UserPasswordException ||
126                                             e instanceof UserScreenNameException) {
127    
128                                    SessionErrors.add(actionRequest, e.getClass());
129                            }
130                            else {
131                                    _log.error(e, e);
132    
133                                    PortalUtil.sendError(e, actionRequest, actionResponse);
134    
135                                    return;
136                            }
137    
138                            postProcessAuthFailure(actionRequest, actionResponse);
139                    }
140            }
141    
142            @Override
143            public ActionForward render(
144                            ActionMapping actionMapping, ActionForm actionForm,
145                            PortletConfig portletConfig, RenderRequest renderRequest,
146                            RenderResponse renderResponse)
147                    throws Exception {
148    
149                    return actionMapping.findForward(
150                            getForward(renderRequest, "portlet.login.login"));
151            }
152    
153            protected String getCompleteRedirectURL(
154                    HttpServletRequest request, String redirect) {
155    
156                    HttpSession session = request.getSession();
157    
158                    Boolean httpsInitial = (Boolean)session.getAttribute(
159                            WebKeys.HTTPS_INITIAL);
160    
161                    String portalURL = null;
162    
163                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
164                            !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
165                            (httpsInitial != null) && !httpsInitial.booleanValue()) {
166    
167                            portalURL = PortalUtil.getPortalURL(request, false);
168                    }
169                    else {
170                            portalURL = PortalUtil.getPortalURL(request);
171                    }
172    
173                    return portalURL.concat(redirect);
174            }
175    
176            @Override
177            protected boolean isCheckMethodOnProcessAction() {
178                    return _CHECK_METHOD_ON_PROCESS_ACTION;
179            }
180    
181            protected void login(
182                            ThemeDisplay themeDisplay, ActionRequest actionRequest,
183                            ActionResponse actionResponse)
184                    throws Exception {
185    
186                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
187                            actionRequest);
188                    HttpServletResponse response = PortalUtil.getHttpServletResponse(
189                            actionResponse);
190    
191                    String login = ParamUtil.getString(actionRequest, "login");
192                    String password = actionRequest.getParameter("password");
193                    boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
194    
195                    if (!themeDisplay.isSignedIn()) {
196                            PortletPreferences portletPreferences =
197                                    PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
198    
199                            String authType = portletPreferences.getValue("authType", null);
200    
201                            LoginUtil.login(
202                                    request, response, login, password, rememberMe, authType);
203                    }
204    
205                    String redirect = ParamUtil.getString(actionRequest, "redirect");
206    
207                    if (Validator.isNotNull(redirect)) {
208                            redirect = PortalUtil.escapeRedirect(redirect);
209    
210                            if (!redirect.startsWith(Http.HTTP)) {
211                                    redirect = getCompleteRedirectURL(request, redirect);
212                            }
213                    }
214    
215                    String mainPath = themeDisplay.getPathMain();
216    
217                    if (PropsValues.PORTAL_JAAS_ENABLE) {
218                            if (Validator.isNotNull(redirect)) {
219                                    redirect = mainPath.concat(
220                                            "/portal/protected?redirect=").concat(redirect);
221                            }
222                            else {
223                                    redirect = mainPath.concat("/portal/protected");
224                            }
225    
226                            actionResponse.sendRedirect(redirect);
227                    }
228                    else {
229                            if (Validator.isNotNull(redirect)) {
230                                    actionResponse.sendRedirect(redirect);
231                            }
232                            else {
233                                    boolean doActionAfterLogin = ParamUtil.getBoolean(
234                                            actionRequest, "doActionAfterLogin");
235    
236                                    if (doActionAfterLogin) {
237                                            return;
238                                    }
239                                    else {
240                                            actionResponse.sendRedirect(mainPath);
241                                    }
242                            }
243                    }
244            }
245    
246            protected void postProcessAuthFailure(
247                            ActionRequest actionRequest, ActionResponse actionResponse)
248                    throws Exception {
249    
250                    Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
251    
252                    PortletURL portletURL = new PortletURLImpl(
253                            actionRequest, PortletKeys.LOGIN, layout.getPlid(),
254                            PortletRequest.RENDER_PHASE);
255    
256                    portletURL.setParameter("saveLastPath", Boolean.FALSE.toString());
257    
258                    portletURL.setWindowState(WindowState.MAXIMIZED);
259    
260                    actionResponse.sendRedirect(portletURL.toString());
261            }
262    
263            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
264    
265            private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
266    
267    }