001
014
015 package com.liferay.portal.struts;
016
017 import com.liferay.portal.LayoutPermissionException;
018 import com.liferay.portal.PortletActiveException;
019 import com.liferay.portal.UserActiveException;
020 import com.liferay.portal.kernel.exception.SystemException;
021 import com.liferay.portal.kernel.log.Log;
022 import com.liferay.portal.kernel.log.LogFactoryUtil;
023 import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
024 import com.liferay.portal.kernel.servlet.HttpMethods;
025 import com.liferay.portal.kernel.servlet.SessionErrors;
026 import com.liferay.portal.kernel.struts.LastPath;
027 import com.liferay.portal.kernel.util.CharPool;
028 import com.liferay.portal.kernel.util.GetterUtil;
029 import com.liferay.portal.kernel.util.HttpUtil;
030 import com.liferay.portal.kernel.util.JavaConstants;
031 import com.liferay.portal.kernel.util.ParamUtil;
032 import com.liferay.portal.kernel.util.PropsKeys;
033 import com.liferay.portal.kernel.util.StringBundler;
034 import com.liferay.portal.kernel.util.StringPool;
035 import com.liferay.portal.kernel.util.StringUtil;
036 import com.liferay.portal.kernel.util.Validator;
037 import com.liferay.portal.liveusers.LiveUsers;
038 import com.liferay.portal.model.Company;
039 import com.liferay.portal.model.Layout;
040 import com.liferay.portal.model.LayoutConstants;
041 import com.liferay.portal.model.Portlet;
042 import com.liferay.portal.model.PortletPreferencesIds;
043 import com.liferay.portal.model.User;
044 import com.liferay.portal.model.UserTracker;
045 import com.liferay.portal.model.UserTrackerPath;
046 import com.liferay.portal.security.auth.PrincipalException;
047 import com.liferay.portal.security.permission.ActionKeys;
048 import com.liferay.portal.security.permission.PermissionChecker;
049 import com.liferay.portal.service.LayoutLocalServiceUtil;
050 import com.liferay.portal.service.PortletLocalServiceUtil;
051 import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
052 import com.liferay.portal.service.permission.PortletPermissionUtil;
053 import com.liferay.portal.service.persistence.UserTrackerPathUtil;
054 import com.liferay.portal.setup.SetupWizardUtil;
055 import com.liferay.portal.theme.ThemeDisplay;
056 import com.liferay.portal.util.PortalUtil;
057 import com.liferay.portal.util.PrefsPropsUtil;
058 import com.liferay.portal.util.PropsUtil;
059 import com.liferay.portal.util.PropsValues;
060 import com.liferay.portal.util.WebKeys;
061 import com.liferay.portlet.InvokerPortlet;
062 import com.liferay.portlet.PortletConfigFactoryUtil;
063 import com.liferay.portlet.PortletInstanceFactoryUtil;
064 import com.liferay.portlet.PortletPreferencesFactoryUtil;
065 import com.liferay.portlet.PortletURLImpl;
066 import com.liferay.portlet.RenderRequestFactory;
067 import com.liferay.portlet.RenderRequestImpl;
068 import com.liferay.portlet.RenderResponseFactory;
069 import com.liferay.portlet.RenderResponseImpl;
070
071 import java.io.IOException;
072
073 import java.util.Date;
074 import java.util.HashSet;
075 import java.util.Map;
076 import java.util.Set;
077
078 import javax.portlet.PortletConfig;
079 import javax.portlet.PortletContext;
080 import javax.portlet.PortletMode;
081 import javax.portlet.PortletPreferences;
082 import javax.portlet.PortletRequest;
083 import javax.portlet.WindowState;
084
085 import javax.servlet.ServletContext;
086 import javax.servlet.ServletException;
087 import javax.servlet.http.HttpServletRequest;
088 import javax.servlet.http.HttpServletResponse;
089 import javax.servlet.http.HttpSession;
090 import javax.servlet.jsp.PageContext;
091
092 import org.apache.struts.Globals;
093 import org.apache.struts.action.Action;
094 import org.apache.struts.action.ActionMapping;
095 import org.apache.struts.config.ActionConfig;
096 import org.apache.struts.config.ForwardConfig;
097 import org.apache.struts.tiles.TilesRequestProcessor;
098 import org.apache.struts.util.MessageResources;
099
100
106 public class PortalRequestProcessor extends TilesRequestProcessor {
107
108 public PortalRequestProcessor() {
109
110
111
112 _lastPaths = new HashSet<String>();
113
114 _lastPaths.add(_PATH_PORTAL_LAYOUT);
115
116 addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
117
118
119
120 _publicPaths = new HashSet<String>();
121
122 _publicPaths.add(_PATH_C);
123 _publicPaths.add(_PATH_PORTAL_API_JSONWS);
124 _publicPaths.add(_PATH_PORTAL_FLASH);
125 _publicPaths.add(_PATH_PORTAL_J_LOGIN);
126 _publicPaths.add(_PATH_PORTAL_LAYOUT);
127 _publicPaths.add(_PATH_PORTAL_LICENSE);
128 _publicPaths.add(_PATH_PORTAL_LOGIN);
129 _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
130 _publicPaths.add(_PATH_PORTAL_RESILIENCY);
131 _publicPaths.add(_PATH_PORTAL_TCK);
132 _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
133 _publicPaths.add(_PATH_PORTAL_VERIFY_EMAIL_ADDRESS);
134 _publicPaths.add(PropsValues.AUTH_LOGIN_DISABLED_PATH);
135
136 _trackerIgnorePaths = new HashSet<String>();
137
138 addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
139 }
140
141 @Override
142 public void process(
143 HttpServletRequest request, HttpServletResponse response)
144 throws IOException, ServletException {
145
146 HttpSession session = request.getSession();
147
148 Boolean basicAuthEnabled = (Boolean)session.getAttribute(
149 WebKeys.BASIC_AUTH_ENABLED);
150
151 if (basicAuthEnabled != null) {
152 session.removeAttribute(WebKeys.BASIC_AUTH_ENABLED);
153 }
154
155 String path = super.processPath(request, response);
156
157 ActionMapping actionMapping =
158 (ActionMapping)moduleConfig.findActionConfig(path);
159
160 Action action = StrutsActionRegistryUtil.getAction(path);
161
162 if (((basicAuthEnabled != null) && basicAuthEnabled.booleanValue()) ||
163 ((actionMapping == null) && (action == null))) {
164
165 String lastPath = getLastPath(request);
166
167 if (_log.isDebugEnabled()) {
168 _log.debug("Last path " + lastPath);
169 }
170
171 response.sendRedirect(lastPath);
172
173 return;
174 }
175
176 super.process(request, response);
177
178 try {
179 if (isPortletPath(path)) {
180 cleanUp(request);
181 }
182 }
183 catch (Exception e) {
184 _log.error(e, e);
185 }
186 }
187
188 protected void addPaths(Set<String> paths, String propsKey) {
189 String[] pathsArray = PropsUtil.getArray(propsKey);
190
191 for (String path : pathsArray) {
192 paths.add(path);
193 }
194 }
195
196 protected void callParentDoForward(
197 String uri, HttpServletRequest request,
198 HttpServletResponse response)
199 throws IOException, ServletException {
200
201 super.doForward(uri, request, response);
202 }
203
204 protected HttpServletRequest callParentProcessMultipart(
205 HttpServletRequest request) {
206
207 return super.processMultipart(request);
208 }
209
210 protected String callParentProcessPath(
211 HttpServletRequest request, HttpServletResponse response)
212 throws IOException {
213
214 return super.processPath(request, response);
215 }
216
217 protected boolean callParentProcessRoles(
218 HttpServletRequest request, HttpServletResponse response,
219 ActionMapping actionMapping)
220 throws IOException, ServletException {
221
222 return super.processRoles(request, response, actionMapping);
223 }
224
225 protected void cleanUp(HttpServletRequest request) throws Exception {
226
227
228
229
230 RenderRequestImpl renderRequestImpl =
231 (RenderRequestImpl)request.getAttribute(
232 JavaConstants.JAVAX_PORTLET_REQUEST);
233
234 if (renderRequestImpl != null) {
235 renderRequestImpl.cleanUp();
236 }
237 }
238
239 protected void defineObjects(
240 HttpServletRequest request, HttpServletResponse response,
241 Portlet portlet)
242 throws Exception {
243
244 String portletId = portlet.getPortletId();
245
246 ServletContext servletContext = (ServletContext)request.getAttribute(
247 WebKeys.CTX);
248
249 InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
250 portlet, servletContext);
251
252 PortletPreferencesIds portletPreferencesIds =
253 PortletPreferencesFactoryUtil.getPortletPreferencesIds(
254 request, portletId);
255
256 PortletPreferences portletPreferences =
257 PortletPreferencesLocalServiceUtil.getStrictPreferences(
258 portletPreferencesIds);
259
260 PortletConfig portletConfig = PortletConfigFactoryUtil.create(
261 portlet, servletContext);
262 PortletContext portletContext = portletConfig.getPortletContext();
263
264 RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
265 request, portlet, invokerPortlet, portletContext,
266 WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
267
268 RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
269 renderRequestImpl, response, portletId, portlet.getCompanyId());
270
271 renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
272
273 request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
274 }
275
276 @Override
277 protected void doForward(
278 String uri, HttpServletRequest request,
279 HttpServletResponse response)
280 throws ServletException {
281
282 StrutsUtil.forward(uri, getServletContext(), request, response);
283 }
284
285 @Override
286 protected void doInclude(
287 String uri, HttpServletRequest request,
288 HttpServletResponse response)
289 throws ServletException {
290
291 StrutsUtil.include(uri, getServletContext(), request, response);
292 }
293
294 protected String getFriendlyTrackerPath(
295 String path, ThemeDisplay themeDisplay, HttpServletRequest request)
296 throws Exception {
297
298 if (!path.equals(_PATH_PORTAL_LAYOUT)) {
299 return null;
300 }
301
302 long plid = ParamUtil.getLong(request, "p_l_id");
303
304 if (plid == 0) {
305 return null;
306 }
307
308 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
309
310 String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
311 layout, themeDisplay);
312
313 String portletId = ParamUtil.getString(request, "p_p_id");
314
315 if (Validator.isNull(portletId)) {
316 return layoutFriendlyURL;
317 }
318
319 long companyId = PortalUtil.getCompanyId(request);
320
321 Portlet portlet = PortletLocalServiceUtil.getPortletById(
322 companyId, portletId);
323
324 if (portlet == null) {
325 String strutsPath = path.substring(
326 1, path.lastIndexOf(CharPool.SLASH));
327
328 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
329 companyId, strutsPath);
330 }
331
332 if ((portlet == null) || !portlet.isActive()) {
333 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
334 request.getQueryString());
335 }
336
337 String namespace = PortalUtil.getPortletNamespace(portletId);
338
339 FriendlyURLMapper friendlyURLMapper =
340 portlet.getFriendlyURLMapperInstance();
341
342 if (friendlyURLMapper == null) {
343 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
344 request.getQueryString());
345 }
346
347 PortletURLImpl portletURL = new PortletURLImpl(
348 request, portletId, plid, PortletRequest.RENDER_PHASE);
349
350 Map<String, String[]> parameterMap = request.getParameterMap();
351
352 for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
353 String key = entry.getKey();
354
355 if (key.startsWith(namespace)) {
356 key = key.substring(namespace.length());
357
358 portletURL.setParameter(key, entry.getValue());
359 }
360 }
361
362 String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
363
364 if (portletFriendlyURL != null) {
365 return layoutFriendlyURL.concat(portletFriendlyURL);
366 }
367 else {
368 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
369 request.getQueryString());
370 }
371 }
372
373 protected String getLastPath(HttpServletRequest request) {
374 HttpSession session = request.getSession();
375
376 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
377 WebKeys.THEME_DISPLAY);
378
379 Boolean httpsInitial = (Boolean)session.getAttribute(
380 WebKeys.HTTPS_INITIAL);
381
382 String portalURL = null;
383
384 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
385 !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
386 (httpsInitial != null) && !httpsInitial.booleanValue()) {
387
388 portalURL = PortalUtil.getPortalURL(request, false);
389 }
390 else {
391 portalURL = PortalUtil.getPortalURL(request);
392 }
393
394 StringBundler sb = new StringBundler();
395
396 sb.append(portalURL);
397 sb.append(themeDisplay.getPathMain());
398 sb.append(_PATH_PORTAL_LAYOUT);
399
400 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
401 if (request.getRemoteUser() != null) {
402
403
404
405
406
407 sb.append(StringPool.QUESTION);
408 sb.append("p_l_id");
409 sb.append(StringPool.EQUAL);
410 sb.append(LayoutConstants.DEFAULT_PLID);
411 }
412
413 return sb.toString();
414 }
415
416 LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
417
418 if (lastPath == null) {
419 return sb.toString();
420 }
421
422 Map<String, String[]> parameterMap = lastPath.getParameterMap();
423
424
425
426
427 if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
428 ActionMapping actionMapping =
429 (ActionMapping)moduleConfig.findActionConfig(
430 lastPath.getPath());
431
432 if ((actionMapping == null) || (parameterMap == null)) {
433 return sb.toString();
434 }
435 }
436
437 StringBundler lastPathSB = new StringBundler(4);
438
439 lastPathSB.append(portalURL);
440 lastPathSB.append(lastPath.getContextPath());
441 lastPathSB.append(lastPath.getPath());
442 lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
443
444 return lastPathSB.toString();
445 }
446
447 protected boolean isPortletPath(String path) {
448 if ((path != null) &&
449 !path.equals(_PATH_C) &&
450 !path.startsWith(_PATH_COMMON) &&
451 !path.contains(_PATH_J_SECURITY_CHECK) &&
452 !path.startsWith(_PATH_PORTAL)) {
453
454 return true;
455 }
456 else {
457 return false;
458 }
459 }
460
461 protected boolean isPublicPath(String path) {
462 if ((path != null) &&
463 (_publicPaths.contains(path) || path.startsWith(_PATH_COMMON) ||
464 AuthPublicPathRegistry.contains(path))) {
465
466 return true;
467 }
468 else {
469 return false;
470 }
471 }
472
473 @Override
474 protected Action processActionCreate(
475 HttpServletRequest request, HttpServletResponse response,
476 ActionMapping actionMapping)
477 throws IOException {
478
479 ActionAdapter actionAdapter =
480 (ActionAdapter)StrutsActionRegistryUtil.getAction(
481 actionMapping.getPath());
482
483 if (actionAdapter != null) {
484 ActionConfig actionConfig = moduleConfig.findActionConfig(
485 actionMapping.getPath());
486
487 if (actionConfig != null) {
488 Action originalAction = super.processActionCreate(
489 request, response, actionMapping);
490
491 actionAdapter.setOriginalAction(originalAction);
492 }
493
494 return actionAdapter;
495 }
496
497 return super.processActionCreate(request, response, actionMapping);
498 }
499
500 @Override
501 protected ActionMapping processMapping(
502 HttpServletRequest request, HttpServletResponse response,
503 String path)
504 throws IOException {
505
506 if (path == null) {
507 return null;
508 }
509
510 Action action = StrutsActionRegistryUtil.getAction(path);
511
512 if (action != null) {
513 ActionMapping actionMapping =
514 (ActionMapping)moduleConfig.findActionConfig(path);
515
516 if (actionMapping == null) {
517 actionMapping = new ActionMapping();
518
519 actionMapping.setModuleConfig(moduleConfig);
520 actionMapping.setPath(path);
521
522 request.setAttribute(Globals.MAPPING_KEY, actionMapping);
523 }
524
525 return actionMapping;
526 }
527
528 ActionMapping actionMapping = super.processMapping(
529 request, response, path);
530
531 if (actionMapping == null) {
532 MessageResources messageResources = getInternal();
533
534 String msg = messageResources.getMessage("processInvalid");
535
536 _log.error("User ID " + request.getRemoteUser());
537 _log.error("Current URL " + PortalUtil.getCurrentURL(request));
538 _log.error("Referer " + request.getHeader("Referer"));
539 _log.error("Remote address " + request.getRemoteAddr());
540
541 _log.error(msg + " " + path);
542 }
543
544 return actionMapping;
545 }
546
547 @Override
548 protected HttpServletRequest processMultipart(HttpServletRequest request) {
549
550
551
552 return request;
553 }
554
555 @Override
556 protected String processPath(
557 HttpServletRequest request, HttpServletResponse response)
558 throws IOException {
559
560 String path = GetterUtil.getString(
561 super.processPath(request, response));
562
563 HttpSession session = request.getSession();
564
565 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
566 WebKeys.THEME_DISPLAY);
567
568
569
570 UserTracker userTracker = LiveUsers.getUserTracker(
571 themeDisplay.getCompanyId(), session.getId());
572
573 if ((userTracker != null) && !path.equals(_PATH_C) &&
574 !path.contains(_PATH_J_SECURITY_CHECK) &&
575 !path.contains(_PATH_PORTAL_PROTECTED) &&
576 !_trackerIgnorePaths.contains(path)) {
577
578 String fullPath = null;
579
580 try {
581 if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
582 fullPath = getFriendlyTrackerPath(
583 path, themeDisplay, request);
584 }
585 }
586 catch (Exception e) {
587 _log.error(e, e);
588 }
589
590 String fullPathWithoutQueryString = fullPath;
591
592 if (Validator.isNull(fullPath)) {
593 String queryString = request.getQueryString();
594
595 fullPathWithoutQueryString = path;
596
597 if (Validator.isNotNull(queryString)) {
598 fullPath = path.concat(StringPool.QUESTION).concat(
599 queryString);
600 }
601 else {
602 fullPath = path;
603 }
604 }
605
606 int pos = fullPathWithoutQueryString.indexOf(StringPool.QUESTION);
607
608 if (pos != -1) {
609 fullPathWithoutQueryString =
610 fullPathWithoutQueryString.substring(0, pos);
611 }
612
613 if (!_trackerIgnorePaths.contains(fullPathWithoutQueryString)) {
614 UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
615
616 userTrackerPath.setUserTrackerId(
617 userTracker.getUserTrackerId());
618 userTrackerPath.setPath(fullPath);
619 userTrackerPath.setPathDate(new Date());
620
621 userTracker.addPath(userTrackerPath);
622 }
623 }
624
625 String remoteUser = request.getRemoteUser();
626
627 User user = null;
628
629 try {
630 user = PortalUtil.getUser(request);
631 }
632 catch (Exception e) {
633 }
634
635
636
637 if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
638 boolean saveLastPath = ParamUtil.getBoolean(
639 request, "saveLastPath", true);
640
641 if (themeDisplay.isLifecycleResource() ||
642 themeDisplay.isStateExclusive() ||
643 themeDisplay.isStatePopUp() ||
644 !StringUtil.equalsIgnoreCase(
645 request.getMethod(), HttpMethods.GET)) {
646
647 saveLastPath = false;
648 }
649
650
651
652 if (saveLastPath) {
653
654
655
656
657 LastPath lastPath = (LastPath)request.getAttribute(
658 WebKeys.LAST_PATH);
659
660 if (lastPath == null) {
661 lastPath = new LastPath(
662 themeDisplay.getPathMain(), path,
663 request.getParameterMap());
664 }
665
666 session.setAttribute(WebKeys.LAST_PATH, lastPath);
667 }
668 }
669
670
671
672 if (!SetupWizardUtil.isSetupFinished()) {
673 if (!path.equals(_PATH_PORTAL_LICENSE) &&
674 !path.equals(_PATH_PORTAL_STATUS)) {
675
676 return _PATH_PORTAL_SETUP_WIZARD;
677 }
678 }
679 else if (path.equals(_PATH_PORTAL_SETUP_WIZARD)) {
680 return _PATH_PORTAL_LAYOUT;
681 }
682
683
684
685 if (((remoteUser != null) || (user != null)) &&
686 path.equals(_PATH_PORTAL_LOGOUT)) {
687
688 return path;
689 }
690
691
692
693 if (((remoteUser != null) || (user != null)) &&
694 (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
695 path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
696
697 return path;
698 }
699
700
701
702 if (((remoteUser != null) || (user != null)) &&
703 path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE)) {
704
705 return path;
706 }
707
708
709
710 if ((remoteUser != null) && (user == null)) {
711 return _PATH_PORTAL_LOGOUT;
712 }
713
714
715
716 if ((user != null) && !user.isActive()) {
717 SessionErrors.add(request, UserActiveException.class.getName());
718
719 return _PATH_PORTAL_ERROR;
720 }
721
722 if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
723 !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
724 !ParamUtil.getBoolean(request, "wsrp") &&
725 !themeDisplay.isImpersonated()) {
726
727
728
729 if ((user != null) && !user.isAgreedToTermsOfUse()) {
730 boolean termsOfUseRequired = false;
731
732 try {
733 termsOfUseRequired = PrefsPropsUtil.getBoolean(
734 user.getCompanyId(), PropsKeys.TERMS_OF_USE_REQUIRED);
735 }
736 catch (SystemException se) {
737 termsOfUseRequired = PropsValues.TERMS_OF_USE_REQUIRED;
738 }
739
740 if (termsOfUseRequired) {
741 return _PATH_PORTAL_TERMS_OF_USE;
742 }
743 }
744
745
746
747 boolean emailAddressVerificationRequired = false;
748
749 try {
750 Company company = PortalUtil.getCompany(request);
751
752 emailAddressVerificationRequired = company.isStrangersVerify();
753 }
754 catch (Exception e) {
755 _log.error(e, e);
756 }
757
758 if ((user != null) && !user.isEmailAddressVerified() &&
759 emailAddressVerificationRequired) {
760
761 if (path.equals(_PATH_PORTAL_UPDATE_EMAIL_ADDRESS)) {
762 return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
763 }
764
765 return _PATH_PORTAL_VERIFY_EMAIL_ADDRESS;
766 }
767
768
769
770 if ((user != null) && user.isPasswordReset()) {
771 return _PATH_PORTAL_UPDATE_PASSWORD;
772 }
773 else if ((user != null) && !user.isPasswordReset() &&
774 path.equals(_PATH_PORTAL_UPDATE_PASSWORD)) {
775
776 return null;
777 }
778
779
780
781 if ((user != null) &&
782 (Validator.isNull(user.getEmailAddress()) ||
783 (PropsValues.USERS_EMAIL_ADDRESS_REQUIRED &&
784 Validator.isNull(user.getDisplayEmailAddress())))) {
785
786 return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
787 }
788
789
790
791 if ((user != null) && !user.isDefaultUser() &&
792 (Validator.isNull(user.getReminderQueryQuestion()) ||
793 Validator.isNull(user.getReminderQueryAnswer()))) {
794
795 if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
796 return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
797 }
798 }
799 }
800
801
802
803 if (!isPublicPath(path)) {
804 if (user == null) {
805 SessionErrors.add(request, PrincipalException.class.getName());
806
807 return _PATH_PORTAL_LOGIN;
808 }
809 }
810
811 ActionMapping actionMapping =
812 (ActionMapping)moduleConfig.findActionConfig(path);
813
814 if (actionMapping == null) {
815 Action strutsAction = StrutsActionRegistryUtil.getAction(path);
816
817 if (strutsAction == null) {
818 return null;
819 }
820 }
821 else {
822 path = actionMapping.getPath();
823 }
824
825
826
827 if (isPortletPath(path)) {
828 try {
829 Portlet portlet = null;
830
831 long companyId = PortalUtil.getCompanyId(request);
832 String portletId = ParamUtil.getString(request, "p_p_id");
833
834 if (Validator.isNotNull(portletId)) {
835 portlet = PortletLocalServiceUtil.getPortletById(
836 companyId, portletId);
837 }
838
839 if (portlet == null) {
840 String strutsPath = path.substring(
841 1, path.lastIndexOf(CharPool.SLASH));
842
843 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
844 companyId, strutsPath);
845 }
846
847 if ((portlet != null) && portlet.isActive()) {
848 defineObjects(request, response, portlet);
849 }
850 }
851 catch (Exception e) {
852 request.setAttribute(PageContext.EXCEPTION, e);
853
854 path = _PATH_COMMON_ERROR;
855 }
856 }
857
858
859
860 if (SessionErrors.contains(
861 request, LayoutPermissionException.class.getName())) {
862
863 return _PATH_PORTAL_ERROR;
864 }
865
866 return path;
867 }
868
869 @Override
870 protected boolean processRoles(
871 HttpServletRequest request, HttpServletResponse response,
872 ActionMapping actionMapping)
873 throws IOException, ServletException {
874
875 String path = actionMapping.getPath();
876
877 if (isPublicPath(path)) {
878 return true;
879 }
880
881 boolean authorized = true;
882
883 User user = null;
884
885 try {
886 user = PortalUtil.getUser(request);
887 }
888 catch (Exception e) {
889 }
890
891 if ((user != null) && isPortletPath(path)) {
892 try {
893
894
895
896 if (path.equals(_PATH_PORTAL_LOGOUT)) {
897 return true;
898 }
899
900 Portlet portlet = null;
901
902 String portletId = ParamUtil.getString(request, "p_p_id");
903
904 if (Validator.isNotNull(portletId)) {
905 portlet = PortletLocalServiceUtil.getPortletById(
906 user.getCompanyId(), portletId);
907 }
908
909 String strutsPath = path.substring(
910 1, path.lastIndexOf(CharPool.SLASH));
911
912 if (portlet != null) {
913 if (!strutsPath.equals(portlet.getStrutsPath())) {
914 throw new PrincipalException();
915 }
916 }
917 else {
918 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
919 user.getCompanyId(), strutsPath);
920 }
921
922 if ((portlet != null) && portlet.isActive()) {
923 ThemeDisplay themeDisplay =
924 (ThemeDisplay)request.getAttribute(
925 WebKeys.THEME_DISPLAY);
926
927 Layout layout = themeDisplay.getLayout();
928 PermissionChecker permissionChecker =
929 themeDisplay.getPermissionChecker();
930
931 if (!PortletPermissionUtil.contains(
932 permissionChecker, layout, portlet,
933 ActionKeys.VIEW)) {
934
935 throw new PrincipalException();
936 }
937 }
938 else if ((portlet != null) && !portlet.isActive()) {
939 SessionErrors.add(
940 request, PortletActiveException.class.getName());
941
942 authorized = false;
943 }
944 }
945 catch (Exception e) {
946 SessionErrors.add(request, PrincipalException.class.getName());
947
948 authorized = false;
949 }
950 }
951
952 if (!authorized) {
953 ForwardConfig forwardConfig = actionMapping.findForward(
954 _PATH_PORTAL_ERROR);
955
956 processForwardConfig(request, response, forwardConfig);
957
958 return false;
959 }
960 else {
961 return true;
962 }
963 }
964
965 private static final String _PATH_C = "/c";
966
967 private static final String _PATH_COMMON = "/common";
968
969 private static final String _PATH_COMMON_ERROR = "/common/error";
970
971 private static final String _PATH_J_SECURITY_CHECK = "/j_security_check";
972
973 private static final String _PATH_PORTAL = "/portal";
974
975 private static final String _PATH_PORTAL_API_JSONWS = "/portal/api/jsonws";
976
977 private static final String _PATH_PORTAL_ERROR = "/portal/error";
978
979 private static final String _PATH_PORTAL_EXPIRE_SESSION =
980 "/portal/expire_session";
981
982 private static final String _PATH_PORTAL_EXTEND_SESSION =
983 "/portal/extend_session";
984
985 private static final String _PATH_PORTAL_FLASH = "/portal/flash";
986
987 private static final String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
988
989 private static final String _PATH_PORTAL_JSON_SERVICE =
990 "/portal/json_service";
991
992 private static final String _PATH_PORTAL_LAYOUT = "/portal/layout";
993
994 private static final String _PATH_PORTAL_LICENSE = "/portal/license";
995
996 private static final String _PATH_PORTAL_LOGIN = "/portal/login";
997
998 private static final String _PATH_PORTAL_LOGOUT = "/portal/logout";
999
1000 private static final String _PATH_PORTAL_PROTECTED = "/portal/protected";
1001
1002 private static final String _PATH_PORTAL_RENDER_PORTLET =
1003 "/portal/render_portlet";
1004
1005 private static final String _PATH_PORTAL_RESILIENCY = "/portal/resiliency";
1006
1007 private static final String _PATH_PORTAL_SETUP_WIZARD =
1008 "/portal/setup_wizard";
1009
1010 private static final String _PATH_PORTAL_STATUS = "/portal/status";
1011
1012 private static final String _PATH_PORTAL_TCK = "/portal/tck";
1013
1014 private static final String _PATH_PORTAL_TERMS_OF_USE =
1015 "/portal/terms_of_use";
1016
1017 private static final String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
1018 "/portal/update_email_address";
1019
1020 private static final String _PATH_PORTAL_UPDATE_PASSWORD =
1021 "/portal/update_password";
1022
1023 private static final String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
1024 "/portal/update_reminder_query";
1025
1026 private static final String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
1027 "/portal/update_terms_of_use";
1028
1029 private static final String _PATH_PORTAL_VERIFY_EMAIL_ADDRESS =
1030 "/portal/verify_email_address";
1031
1032 private static Log _log = LogFactoryUtil.getLog(
1033 PortalRequestProcessor.class);
1034
1035 private Set<String> _lastPaths;
1036 private Set<String> _publicPaths;
1037 private Set<String> _trackerIgnorePaths;
1038
1039 }