001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.struts;
016    
017    import com.liferay.portal.LayoutPermissionException;
018    import com.liferay.portal.PortletActiveException;
019    import com.liferay.portal.UserActiveException;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
023    import com.liferay.portal.kernel.servlet.HttpMethods;
024    import com.liferay.portal.kernel.servlet.SessionErrors;
025    import com.liferay.portal.kernel.struts.LastPath;
026    import com.liferay.portal.kernel.util.CharPool;
027    import com.liferay.portal.kernel.util.GetterUtil;
028    import com.liferay.portal.kernel.util.HttpUtil;
029    import com.liferay.portal.kernel.util.JavaConstants;
030    import com.liferay.portal.kernel.util.ParamUtil;
031    import com.liferay.portal.kernel.util.PropsKeys;
032    import com.liferay.portal.kernel.util.StringBundler;
033    import com.liferay.portal.kernel.util.StringPool;
034    import com.liferay.portal.kernel.util.StringUtil;
035    import com.liferay.portal.kernel.util.Validator;
036    import com.liferay.portal.liveusers.LiveUsers;
037    import com.liferay.portal.model.Layout;
038    import com.liferay.portal.model.LayoutConstants;
039    import com.liferay.portal.model.Portlet;
040    import com.liferay.portal.model.PortletPreferencesIds;
041    import com.liferay.portal.model.User;
042    import com.liferay.portal.model.UserTracker;
043    import com.liferay.portal.model.UserTrackerPath;
044    import com.liferay.portal.security.auth.PrincipalException;
045    import com.liferay.portal.security.permission.ActionKeys;
046    import com.liferay.portal.security.permission.PermissionChecker;
047    import com.liferay.portal.service.LayoutLocalServiceUtil;
048    import com.liferay.portal.service.PortletLocalServiceUtil;
049    import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
050    import com.liferay.portal.service.permission.PortletPermissionUtil;
051    import com.liferay.portal.service.persistence.UserTrackerPathUtil;
052    import com.liferay.portal.setup.SetupWizardUtil;
053    import com.liferay.portal.theme.ThemeDisplay;
054    import com.liferay.portal.util.PortalUtil;
055    import com.liferay.portal.util.PropsUtil;
056    import com.liferay.portal.util.PropsValues;
057    import com.liferay.portal.util.WebKeys;
058    import com.liferay.portlet.InvokerPortlet;
059    import com.liferay.portlet.PortletConfigFactoryUtil;
060    import com.liferay.portlet.PortletInstanceFactoryUtil;
061    import com.liferay.portlet.PortletPreferencesFactoryUtil;
062    import com.liferay.portlet.PortletURLImpl;
063    import com.liferay.portlet.RenderRequestFactory;
064    import com.liferay.portlet.RenderRequestImpl;
065    import com.liferay.portlet.RenderResponseFactory;
066    import com.liferay.portlet.RenderResponseImpl;
067    
068    import java.io.IOException;
069    
070    import java.util.Date;
071    import java.util.HashSet;
072    import java.util.Map;
073    import java.util.Set;
074    
075    import javax.portlet.PortletConfig;
076    import javax.portlet.PortletContext;
077    import javax.portlet.PortletMode;
078    import javax.portlet.PortletPreferences;
079    import javax.portlet.PortletRequest;
080    import javax.portlet.WindowState;
081    
082    import javax.servlet.ServletContext;
083    import javax.servlet.ServletException;
084    import javax.servlet.http.HttpServletRequest;
085    import javax.servlet.http.HttpServletResponse;
086    import javax.servlet.http.HttpSession;
087    import javax.servlet.jsp.PageContext;
088    
089    import org.apache.struts.Globals;
090    import org.apache.struts.action.Action;
091    import org.apache.struts.action.ActionMapping;
092    import org.apache.struts.config.ActionConfig;
093    import org.apache.struts.config.ForwardConfig;
094    import org.apache.struts.tiles.TilesRequestProcessor;
095    import org.apache.struts.util.MessageResources;
096    
097    /**
098     * @author Brian Wing Shun Chan
099     * @author Jorge Ferrer
100     * @author Wesley Gong
101     * @author Mika Koivisto
102     */
103    public class PortalRequestProcessor extends TilesRequestProcessor {
104    
105            public PortalRequestProcessor() {
106    
107                    // auth.forward.last.path.
108    
109                    _lastPaths = new HashSet<String>();
110    
111                    _lastPaths.add(_PATH_PORTAL_LAYOUT);
112    
113                    addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
114    
115                    // auth.public.path.
116    
117                    _publicPaths = new HashSet<String>();
118    
119                    _publicPaths.add(_PATH_C);
120                    _publicPaths.add(_PATH_PORTAL_API_JSONWS);
121                    _publicPaths.add(_PATH_PORTAL_FLASH);
122                    _publicPaths.add(_PATH_PORTAL_J_LOGIN);
123                    _publicPaths.add(_PATH_PORTAL_LAYOUT);
124                    _publicPaths.add(_PATH_PORTAL_LICENSE);
125                    _publicPaths.add(_PATH_PORTAL_LOGIN);
126                    _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
127                    _publicPaths.add(_PATH_PORTAL_RESILIENCY);
128                    _publicPaths.add(_PATH_PORTAL_TCK);
129                    _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
130                    _publicPaths.add(_PATH_PORTAL_VERIFY_EMAIL_ADDRESS);
131                    _publicPaths.add(PropsValues.AUTH_LOGIN_DISABLED_PATH);
132    
133                    _trackerIgnorePaths = new HashSet<String>();
134    
135                    addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
136            }
137    
138            @Override
139            public void process(
140                            HttpServletRequest request, HttpServletResponse response)
141                    throws IOException, ServletException {
142    
143                    HttpSession session = request.getSession();
144    
145                    Boolean basicAuthEnabled = (Boolean)session.getAttribute(
146                            WebKeys.BASIC_AUTH_ENABLED);
147    
148                    if (basicAuthEnabled != null) {
149                            session.removeAttribute(WebKeys.BASIC_AUTH_ENABLED);
150                    }
151    
152                    String path = super.processPath(request, response);
153    
154                    ActionMapping actionMapping =
155                            (ActionMapping)moduleConfig.findActionConfig(path);
156    
157                    Action action = StrutsActionRegistryUtil.getAction(path);
158    
159                    if (((basicAuthEnabled != null) && basicAuthEnabled.booleanValue()) ||
160                            ((actionMapping == null) && (action == null))) {
161    
162                            String lastPath = getLastPath(request);
163    
164                            if (_log.isDebugEnabled()) {
165                                    _log.debug("Last path " + lastPath);
166                            }
167    
168                            response.sendRedirect(lastPath);
169    
170                            return;
171                    }
172    
173                    super.process(request, response);
174    
175                    try {
176                            if (isPortletPath(path)) {
177                                    cleanUp(request);
178                            }
179                    }
180                    catch (Exception e) {
181                            _log.error(e, e);
182                    }
183            }
184    
185            protected void addPaths(Set<String> paths, String propsKey) {
186                    String[] pathsArray = PropsUtil.getArray(propsKey);
187    
188                    for (String path : pathsArray) {
189                            paths.add(path);
190                    }
191            }
192    
193            protected void callParentDoForward(
194                            String uri, HttpServletRequest request,
195                            HttpServletResponse response)
196                    throws IOException, ServletException {
197    
198                    super.doForward(uri, request, response);
199            }
200    
201            protected HttpServletRequest callParentProcessMultipart(
202                    HttpServletRequest request) {
203    
204                    return super.processMultipart(request);
205            }
206    
207            protected String callParentProcessPath(
208                            HttpServletRequest request, HttpServletResponse response)
209                    throws IOException {
210    
211                    return super.processPath(request, response);
212            }
213    
214            protected boolean callParentProcessRoles(
215                            HttpServletRequest request, HttpServletResponse response,
216                            ActionMapping actionMapping)
217                    throws IOException, ServletException {
218    
219                    return super.processRoles(request, response, actionMapping);
220            }
221    
222            protected void cleanUp(HttpServletRequest request) throws Exception {
223    
224                    // Clean up portlet objects that may have been created by defineObjects
225                    // for portlets that are called directly from a Struts path
226    
227                    RenderRequestImpl renderRequestImpl =
228                            (RenderRequestImpl)request.getAttribute(
229                                    JavaConstants.JAVAX_PORTLET_REQUEST);
230    
231                    if (renderRequestImpl != null) {
232                            renderRequestImpl.cleanUp();
233                    }
234            }
235    
236            protected void defineObjects(
237                            HttpServletRequest request, HttpServletResponse response,
238                            Portlet portlet)
239                    throws Exception {
240    
241                    String portletId = portlet.getPortletId();
242    
243                    ServletContext servletContext = (ServletContext)request.getAttribute(
244                            WebKeys.CTX);
245    
246                    InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
247                            portlet, servletContext);
248    
249                    PortletPreferencesIds portletPreferencesIds =
250                            PortletPreferencesFactoryUtil.getPortletPreferencesIds(
251                                    request, portletId);
252    
253                    PortletPreferences portletPreferences =
254                            PortletPreferencesLocalServiceUtil.getStrictPreferences(
255                                    portletPreferencesIds);
256    
257                    PortletConfig portletConfig = PortletConfigFactoryUtil.create(
258                            portlet, servletContext);
259                    PortletContext portletContext = portletConfig.getPortletContext();
260    
261                    RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
262                            request, portlet, invokerPortlet, portletContext,
263                            WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
264    
265                    RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
266                            renderRequestImpl, response, portletId, portlet.getCompanyId());
267    
268                    renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
269    
270                    request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
271            }
272    
273            @Override
274            protected void doForward(
275                            String uri, HttpServletRequest request,
276                            HttpServletResponse response)
277                    throws ServletException {
278    
279                    StrutsUtil.forward(uri, getServletContext(), request, response);
280            }
281    
282            @Override
283            protected void doInclude(
284                            String uri, HttpServletRequest request,
285                            HttpServletResponse response)
286                    throws ServletException {
287    
288                    StrutsUtil.include(uri, getServletContext(), request, response);
289            }
290    
291            protected String getFriendlyTrackerPath(
292                            String path, ThemeDisplay themeDisplay, HttpServletRequest request)
293                    throws Exception {
294    
295                    if (!path.equals(_PATH_PORTAL_LAYOUT)) {
296                            return null;
297                    }
298    
299                    long plid = ParamUtil.getLong(request, "p_l_id");
300    
301                    if (plid == 0) {
302                            return null;
303                    }
304    
305                    Layout layout = LayoutLocalServiceUtil.getLayout(plid);
306    
307                    String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
308                            layout, themeDisplay);
309    
310                    String portletId = ParamUtil.getString(request, "p_p_id");
311    
312                    if (Validator.isNull(portletId)) {
313                            return layoutFriendlyURL;
314                    }
315    
316                    long companyId = PortalUtil.getCompanyId(request);
317    
318                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
319                            companyId, portletId);
320    
321                    if (portlet == null) {
322                            String strutsPath = path.substring(
323                                    1, path.lastIndexOf(CharPool.SLASH));
324    
325                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
326                                    companyId, strutsPath);
327                    }
328    
329                    if ((portlet == null) || !portlet.isActive()) {
330                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
331                                    request.getQueryString());
332                    }
333    
334                    String namespace = PortalUtil.getPortletNamespace(portletId);
335    
336                    FriendlyURLMapper friendlyURLMapper =
337                            portlet.getFriendlyURLMapperInstance();
338    
339                    if (friendlyURLMapper == null) {
340                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
341                                    request.getQueryString());
342                    }
343    
344                    PortletURLImpl portletURL = new PortletURLImpl(
345                            request, portletId, plid, PortletRequest.RENDER_PHASE);
346    
347                    Map<String, String[]> parameterMap = request.getParameterMap();
348    
349                    for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
350                            String key = entry.getKey();
351    
352                            if (key.startsWith(namespace)) {
353                                    key = key.substring(namespace.length());
354    
355                                    portletURL.setParameter(key, entry.getValue());
356                            }
357                    }
358    
359                    String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
360    
361                    if (portletFriendlyURL != null) {
362                            return layoutFriendlyURL.concat(portletFriendlyURL);
363                    }
364                    else {
365                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
366                                    request.getQueryString());
367                    }
368            }
369    
370            protected String getLastPath(HttpServletRequest request) {
371                    HttpSession session = request.getSession();
372    
373                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
374                            WebKeys.THEME_DISPLAY);
375    
376                    Boolean httpsInitial = (Boolean)session.getAttribute(
377                            WebKeys.HTTPS_INITIAL);
378    
379                    String portalURL = null;
380    
381                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
382                            !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
383                            (httpsInitial != null) && !httpsInitial.booleanValue()) {
384    
385                            portalURL = PortalUtil.getPortalURL(request, false);
386                    }
387                    else {
388                            portalURL = PortalUtil.getPortalURL(request);
389                    }
390    
391                    StringBundler sb = new StringBundler();
392    
393                    sb.append(portalURL);
394                    sb.append(themeDisplay.getPathMain());
395                    sb.append(_PATH_PORTAL_LAYOUT);
396    
397                    if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
398                            if (request.getRemoteUser() != null) {
399    
400                                    // If we do not forward by last path and the user is logged in,
401                                    // forward to the user's default layout to prevent a lagging
402                                    // loop
403    
404                                    sb.append(StringPool.QUESTION);
405                                    sb.append("p_l_id");
406                                    sb.append(StringPool.EQUAL);
407                                    sb.append(LayoutConstants.DEFAULT_PLID);
408                            }
409    
410                            return sb.toString();
411                    }
412    
413                    LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
414    
415                    if (lastPath == null) {
416                            return sb.toString();
417                    }
418    
419                    Map<String, String[]> parameterMap = lastPath.getParameterMap();
420    
421                    // Only test for existing mappings for last paths that were set when the
422                    // user accessed a layout directly instead of through its friendly URL
423    
424                    if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
425                            ActionMapping actionMapping =
426                                    (ActionMapping)moduleConfig.findActionConfig(
427                                            lastPath.getPath());
428    
429                            if ((actionMapping == null) || (parameterMap == null)) {
430                                    return sb.toString();
431                            }
432                    }
433    
434                    StringBundler lastPathSB = new StringBundler(4);
435    
436                    lastPathSB.append(portalURL);
437                    lastPathSB.append(lastPath.getContextPath());
438                    lastPathSB.append(lastPath.getPath());
439                    lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
440    
441                    return lastPathSB.toString();
442            }
443    
444            protected boolean isPortletPath(String path) {
445                    if ((path != null) &&
446                            !path.equals(_PATH_C) &&
447                            !path.startsWith(_PATH_COMMON) &&
448                            !path.contains(_PATH_J_SECURITY_CHECK) &&
449                            !path.startsWith(_PATH_PORTAL)) {
450    
451                            return true;
452                    }
453                    else {
454                            return false;
455                    }
456            }
457    
458            protected boolean isPublicPath(String path) {
459                    if ((path != null) &&
460                            (_publicPaths.contains(path) || path.startsWith(_PATH_COMMON) ||
461                             AuthPublicPathRegistry.contains(path))) {
462    
463                            return true;
464                    }
465                    else {
466                            return false;
467                    }
468            }
469    
470            @Override
471            protected Action processActionCreate(
472                            HttpServletRequest request, HttpServletResponse response,
473                            ActionMapping actionMapping)
474                    throws IOException {
475    
476                    ActionAdapter actionAdapter =
477                            (ActionAdapter)StrutsActionRegistryUtil.getAction(
478                                    actionMapping.getPath());
479    
480                    if (actionAdapter != null) {
481                            ActionConfig actionConfig = moduleConfig.findActionConfig(
482                                    actionMapping.getPath());
483    
484                            if (actionConfig != null) {
485                                    Action originalAction = super.processActionCreate(
486                                            request, response, actionMapping);
487    
488                                    actionAdapter.setOriginalAction(originalAction);
489                            }
490    
491                            return actionAdapter;
492                    }
493    
494                    return super.processActionCreate(request, response, actionMapping);
495            }
496    
497            @Override
498            protected ActionMapping processMapping(
499                            HttpServletRequest request, HttpServletResponse response,
500                            String path)
501                    throws IOException {
502    
503                    if (path == null) {
504                            return null;
505                    }
506    
507                    Action action = StrutsActionRegistryUtil.getAction(path);
508    
509                    if (action != null) {
510                            ActionMapping actionMapping =
511                                    (ActionMapping)moduleConfig.findActionConfig(path);
512    
513                            if (actionMapping == null) {
514                                    actionMapping = new ActionMapping();
515    
516                                    actionMapping.setModuleConfig(moduleConfig);
517                                    actionMapping.setPath(path);
518    
519                                    request.setAttribute(Globals.MAPPING_KEY, actionMapping);
520                            }
521    
522                            return actionMapping;
523                    }
524    
525                    ActionMapping actionMapping = super.processMapping(
526                            request, response, path);
527    
528                    if (actionMapping == null) {
529                            MessageResources messageResources = getInternal();
530    
531                            String msg = messageResources.getMessage("processInvalid");
532    
533                            _log.error("User ID " + request.getRemoteUser());
534                            _log.error("Current URL " + PortalUtil.getCurrentURL(request));
535                            _log.error("Referer " + request.getHeader("Referer"));
536                            _log.error("Remote address " + request.getRemoteAddr());
537    
538                            _log.error(msg + " " + path);
539                    }
540    
541                    return actionMapping;
542            }
543    
544            @Override
545            protected HttpServletRequest processMultipart(HttpServletRequest request) {
546    
547                    // Disable Struts from automatically wrapping a multipart request
548    
549                    return request;
550            }
551    
552            @Override
553            protected String processPath(
554                            HttpServletRequest request, HttpServletResponse response)
555                    throws IOException {
556    
557                    String path = GetterUtil.getString(
558                            super.processPath(request, response));
559    
560                    HttpSession session = request.getSession();
561    
562                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
563                            WebKeys.THEME_DISPLAY);
564    
565                    // Current users
566    
567                    UserTracker userTracker = LiveUsers.getUserTracker(
568                            themeDisplay.getCompanyId(), session.getId());
569    
570                    if ((userTracker != null) && !path.equals(_PATH_C) &&
571                            !path.contains(_PATH_J_SECURITY_CHECK) &&
572                            !path.contains(_PATH_PORTAL_PROTECTED) &&
573                            !_trackerIgnorePaths.contains(path)) {
574    
575                            String fullPath = null;
576    
577                            try {
578                                    if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
579                                            fullPath = getFriendlyTrackerPath(
580                                                    path, themeDisplay, request);
581                                    }
582                            }
583                            catch (Exception e) {
584                                    _log.error(e, e);
585                            }
586    
587                            String fullPathWithoutQueryString = fullPath;
588    
589                            if (Validator.isNull(fullPath)) {
590                                    String queryString = request.getQueryString();
591    
592                                    fullPathWithoutQueryString = path;
593    
594                                    if (Validator.isNotNull(queryString)) {
595                                            fullPath = path.concat(StringPool.QUESTION).concat(
596                                                    queryString);
597                                    }
598                                    else {
599                                            fullPath = path;
600                                    }
601                            }
602    
603                            int pos = fullPathWithoutQueryString.indexOf(StringPool.QUESTION);
604    
605                            if (pos != -1) {
606                                    fullPathWithoutQueryString =
607                                            fullPathWithoutQueryString.substring(0, pos);
608                            }
609    
610                            if (!_trackerIgnorePaths.contains(fullPathWithoutQueryString)) {
611                                    UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
612    
613                                    userTrackerPath.setUserTrackerId(
614                                            userTracker.getUserTrackerId());
615                                    userTrackerPath.setPath(fullPath);
616                                    userTrackerPath.setPathDate(new Date());
617    
618                                    userTracker.addPath(userTrackerPath);
619                            }
620                    }
621    
622                    String remoteUser = request.getRemoteUser();
623    
624                    User user = null;
625    
626                    try {
627                            user = PortalUtil.getUser(request);
628                    }
629                    catch (Exception e) {
630                    }
631    
632                    // Last path
633    
634                    if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
635                            boolean saveLastPath = ParamUtil.getBoolean(
636                                    request, "saveLastPath", true);
637    
638                            if (themeDisplay.isLifecycleResource() ||
639                                    themeDisplay.isStateExclusive() ||
640                                    themeDisplay.isStatePopUp() ||
641                                    !StringUtil.equalsIgnoreCase(
642                                            request.getMethod(), HttpMethods.GET)) {
643    
644                                    saveLastPath = false;
645                            }
646    
647                            // Save last path
648    
649                            if (saveLastPath) {
650    
651                                    // Was a last path set by another servlet that dispatched to the
652                                    // MainServlet? If so, use that last path instead.
653    
654                                    LastPath lastPath = (LastPath)request.getAttribute(
655                                            WebKeys.LAST_PATH);
656    
657                                    if (lastPath == null) {
658                                            lastPath = new LastPath(
659                                                    themeDisplay.getPathMain(), path,
660                                                    request.getParameterMap());
661                                    }
662    
663                                    session.setAttribute(WebKeys.LAST_PATH, lastPath);
664                            }
665                    }
666    
667                    // Setup wizard
668    
669                    if (!SetupWizardUtil.isSetupFinished()) {
670                            if (!path.equals(_PATH_PORTAL_LICENSE) &&
671                                    !path.equals(_PATH_PORTAL_STATUS)) {
672    
673                                    return _PATH_PORTAL_SETUP_WIZARD;
674                            }
675                    }
676                    else if (path.equals(_PATH_PORTAL_SETUP_WIZARD)) {
677                            return _PATH_PORTAL_LAYOUT;
678                    }
679    
680                    // Authenticated users can always log out
681    
682                    if (((remoteUser != null) || (user != null)) &&
683                            path.equals(_PATH_PORTAL_LOGOUT)) {
684    
685                            return path;
686                    }
687    
688                    // Authenticated users can always extend or confirm their session
689    
690                    if (((remoteUser != null) || (user != null)) &&
691                            (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
692                             path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
693    
694                            return path;
695                    }
696    
697                    // Authenticated users can always agree to terms of use
698    
699                    if (((remoteUser != null) || (user != null)) &&
700                            path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE)) {
701    
702                            return path;
703                    }
704    
705                    // Authenticated users must still exist in the system
706    
707                    if ((remoteUser != null) && (user == null)) {
708                            return _PATH_PORTAL_LOGOUT;
709                    }
710    
711                    // Authenticated users must be active
712    
713                    if ((user != null) && !user.isActive()) {
714                            SessionErrors.add(request, UserActiveException.class.getName());
715    
716                            return _PATH_PORTAL_ERROR;
717                    }
718    
719                    if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
720                            !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
721                            !ParamUtil.getBoolean(request, "wsrp") &&
722                            !themeDisplay.isImpersonated()) {
723    
724                            // Authenticated users should agree to Terms of Use
725    
726                            if ((user != null) && !user.isTermsOfUseComplete()) {
727                                    return _PATH_PORTAL_TERMS_OF_USE;
728                            }
729    
730                            // Authenticated users should have a verified email address
731    
732                            if ((user != null) && !user.isEmailAddressVerificationComplete()) {
733                                    if (path.equals(_PATH_PORTAL_UPDATE_EMAIL_ADDRESS)) {
734                                            return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
735                                    }
736    
737                                    return _PATH_PORTAL_VERIFY_EMAIL_ADDRESS;
738                            }
739    
740                            // Authenticated users must have a current password
741    
742                            if ((user != null) && user.isPasswordReset()) {
743                                    return _PATH_PORTAL_UPDATE_PASSWORD;
744                            }
745                            else if ((user != null) && !user.isPasswordReset() &&
746                                             path.equals(_PATH_PORTAL_UPDATE_PASSWORD)) {
747    
748                                    return null;
749                            }
750    
751                            // Authenticated users must have an email address
752    
753                            if ((user != null) && !user.isEmailAddressComplete()) {
754                                    return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
755                            }
756    
757                            // Authenticated users should have a reminder query
758    
759                            if ((user != null) && !user.isDefaultUser() &&
760                                    !user.isReminderQueryComplete()) {
761    
762                                    return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
763                            }
764                    }
765    
766                    // Users must sign in
767    
768                    if (!isPublicPath(path)) {
769                            if (user == null) {
770                                    SessionErrors.add(request, PrincipalException.class.getName());
771    
772                                    return _PATH_PORTAL_LOGIN;
773                            }
774                    }
775    
776                    ActionMapping actionMapping =
777                            (ActionMapping)moduleConfig.findActionConfig(path);
778    
779                    if (actionMapping == null) {
780                            Action strutsAction = StrutsActionRegistryUtil.getAction(path);
781    
782                            if (strutsAction == null) {
783                                    return null;
784                            }
785                    }
786                    else {
787                            path = actionMapping.getPath();
788                    }
789    
790                    // Define the portlet objects
791    
792                    if (isPortletPath(path)) {
793                            try {
794                                    Portlet portlet = null;
795    
796                                    long companyId = PortalUtil.getCompanyId(request);
797                                    String portletId = ParamUtil.getString(request, "p_p_id");
798    
799                                    if (Validator.isNotNull(portletId)) {
800                                            portlet = PortletLocalServiceUtil.getPortletById(
801                                                    companyId, portletId);
802                                    }
803    
804                                    if (portlet == null) {
805                                            String strutsPath = path.substring(
806                                                    1, path.lastIndexOf(CharPool.SLASH));
807    
808                                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
809                                                    companyId, strutsPath);
810                                    }
811    
812                                    if ((portlet != null) && portlet.isActive()) {
813                                            defineObjects(request, response, portlet);
814                                    }
815                            }
816                            catch (Exception e) {
817                                    request.setAttribute(PageContext.EXCEPTION, e);
818    
819                                    path = _PATH_COMMON_ERROR;
820                            }
821                    }
822    
823                    // Authenticated users must have access to at least one layout
824    
825                    if (SessionErrors.contains(
826                                    request, LayoutPermissionException.class.getName())) {
827    
828                            return _PATH_PORTAL_ERROR;
829                    }
830    
831                    return path;
832            }
833    
834            @Override
835            protected boolean processRoles(
836                            HttpServletRequest request, HttpServletResponse response,
837                            ActionMapping actionMapping)
838                    throws IOException, ServletException {
839    
840                    String path = actionMapping.getPath();
841    
842                    if (isPublicPath(path)) {
843                            return true;
844                    }
845    
846                    boolean authorized = true;
847    
848                    User user = null;
849    
850                    try {
851                            user = PortalUtil.getUser(request);
852                    }
853                    catch (Exception e) {
854                    }
855    
856                    if ((user != null) && isPortletPath(path)) {
857                            try {
858    
859                                    // Authenticated users can always log out
860    
861                                    if (path.equals(_PATH_PORTAL_LOGOUT)) {
862                                            return true;
863                                    }
864    
865                                    Portlet portlet = null;
866    
867                                    String portletId = ParamUtil.getString(request, "p_p_id");
868    
869                                    if (Validator.isNotNull(portletId)) {
870                                            portlet = PortletLocalServiceUtil.getPortletById(
871                                                    user.getCompanyId(), portletId);
872                                    }
873    
874                                    String strutsPath = path.substring(
875                                            1, path.lastIndexOf(CharPool.SLASH));
876    
877                                    if (portlet != null) {
878                                            if (!strutsPath.equals(portlet.getStrutsPath())) {
879                                                    throw new PrincipalException();
880                                            }
881                                    }
882                                    else {
883                                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
884                                                    user.getCompanyId(), strutsPath);
885                                    }
886    
887                                    if ((portlet != null) && portlet.isActive()) {
888                                            ThemeDisplay themeDisplay =
889                                                    (ThemeDisplay)request.getAttribute(
890                                                            WebKeys.THEME_DISPLAY);
891    
892                                            Layout layout = themeDisplay.getLayout();
893                                            PermissionChecker permissionChecker =
894                                                    themeDisplay.getPermissionChecker();
895    
896                                            if (!PortletPermissionUtil.contains(
897                                                            permissionChecker, layout, portlet,
898                                                            ActionKeys.VIEW)) {
899    
900                                                    throw new PrincipalException();
901                                            }
902                                    }
903                                    else if ((portlet != null) && !portlet.isActive()) {
904                                            SessionErrors.add(
905                                                    request, PortletActiveException.class.getName());
906    
907                                            authorized = false;
908                                    }
909                            }
910                            catch (Exception e) {
911                                    SessionErrors.add(request, PrincipalException.class.getName());
912    
913                                    authorized = false;
914                            }
915                    }
916    
917                    if (!authorized) {
918                            ForwardConfig forwardConfig = actionMapping.findForward(
919                                    _PATH_PORTAL_ERROR);
920    
921                            processForwardConfig(request, response, forwardConfig);
922    
923                            return false;
924                    }
925                    else {
926                            return true;
927                    }
928            }
929    
930            private static final String _PATH_C = "/c";
931    
932            private static final String _PATH_COMMON = "/common";
933    
934            private static final String _PATH_COMMON_ERROR = "/common/error";
935    
936            private static final String _PATH_J_SECURITY_CHECK = "/j_security_check";
937    
938            private static final String _PATH_PORTAL = "/portal";
939    
940            private static final String _PATH_PORTAL_API_JSONWS = "/portal/api/jsonws";
941    
942            private static final String _PATH_PORTAL_ERROR = "/portal/error";
943    
944            private static final String _PATH_PORTAL_EXPIRE_SESSION =
945                    "/portal/expire_session";
946    
947            private static final String _PATH_PORTAL_EXTEND_SESSION =
948                    "/portal/extend_session";
949    
950            private static final String _PATH_PORTAL_FLASH = "/portal/flash";
951    
952            private static final String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
953    
954            private static final String _PATH_PORTAL_JSON_SERVICE =
955                    "/portal/json_service";
956    
957            private static final String _PATH_PORTAL_LAYOUT = "/portal/layout";
958    
959            private static final String _PATH_PORTAL_LICENSE = "/portal/license";
960    
961            private static final String _PATH_PORTAL_LOGIN = "/portal/login";
962    
963            private static final String _PATH_PORTAL_LOGOUT = "/portal/logout";
964    
965            private static final String _PATH_PORTAL_PROTECTED = "/portal/protected";
966    
967            private static final String _PATH_PORTAL_RENDER_PORTLET =
968                    "/portal/render_portlet";
969    
970            private static final String _PATH_PORTAL_RESILIENCY = "/portal/resiliency";
971    
972            private static final String _PATH_PORTAL_SETUP_WIZARD =
973                    "/portal/setup_wizard";
974    
975            private static final String _PATH_PORTAL_STATUS = "/portal/status";
976    
977            private static final String _PATH_PORTAL_TCK = "/portal/tck";
978    
979            private static final String _PATH_PORTAL_TERMS_OF_USE =
980                    "/portal/terms_of_use";
981    
982            private static final String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
983                    "/portal/update_email_address";
984    
985            private static final String _PATH_PORTAL_UPDATE_PASSWORD =
986                    "/portal/update_password";
987    
988            private static final String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
989                    "/portal/update_reminder_query";
990    
991            private static final String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
992                    "/portal/update_terms_of_use";
993    
994            private static final String _PATH_PORTAL_VERIFY_EMAIL_ADDRESS =
995                    "/portal/verify_email_address";
996    
997            private static Log _log = LogFactoryUtil.getLog(
998                    PortalRequestProcessor.class);
999    
1000            private Set<String> _lastPaths;
1001            private Set<String> _publicPaths;
1002            private Set<String> _trackerIgnorePaths;
1003    
1004    }