001
014
015 package com.liferay.portal.struts;
016
017 import com.liferay.portal.LayoutPermissionException;
018 import com.liferay.portal.PortletActiveException;
019 import com.liferay.portal.UserActiveException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
023 import com.liferay.portal.kernel.servlet.HttpMethods;
024 import com.liferay.portal.kernel.servlet.SessionErrors;
025 import com.liferay.portal.kernel.struts.LastPath;
026 import com.liferay.portal.kernel.util.CharPool;
027 import com.liferay.portal.kernel.util.GetterUtil;
028 import com.liferay.portal.kernel.util.HttpUtil;
029 import com.liferay.portal.kernel.util.JavaConstants;
030 import com.liferay.portal.kernel.util.ParamUtil;
031 import com.liferay.portal.kernel.util.PropsKeys;
032 import com.liferay.portal.kernel.util.StringBundler;
033 import com.liferay.portal.kernel.util.StringPool;
034 import com.liferay.portal.kernel.util.StringUtil;
035 import com.liferay.portal.kernel.util.Validator;
036 import com.liferay.portal.liveusers.LiveUsers;
037 import com.liferay.portal.model.Layout;
038 import com.liferay.portal.model.LayoutConstants;
039 import com.liferay.portal.model.Portlet;
040 import com.liferay.portal.model.PortletPreferencesIds;
041 import com.liferay.portal.model.User;
042 import com.liferay.portal.model.UserTracker;
043 import com.liferay.portal.model.UserTrackerPath;
044 import com.liferay.portal.security.auth.PrincipalException;
045 import com.liferay.portal.security.permission.ActionKeys;
046 import com.liferay.portal.security.permission.PermissionChecker;
047 import com.liferay.portal.service.LayoutLocalServiceUtil;
048 import com.liferay.portal.service.PortletLocalServiceUtil;
049 import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
050 import com.liferay.portal.service.permission.PortletPermissionUtil;
051 import com.liferay.portal.service.persistence.UserTrackerPathUtil;
052 import com.liferay.portal.setup.SetupWizardUtil;
053 import com.liferay.portal.theme.ThemeDisplay;
054 import com.liferay.portal.util.PortalUtil;
055 import com.liferay.portal.util.PropsUtil;
056 import com.liferay.portal.util.PropsValues;
057 import com.liferay.portal.util.WebKeys;
058 import com.liferay.portlet.InvokerPortlet;
059 import com.liferay.portlet.PortletConfigFactoryUtil;
060 import com.liferay.portlet.PortletInstanceFactoryUtil;
061 import com.liferay.portlet.PortletPreferencesFactoryUtil;
062 import com.liferay.portlet.PortletURLImpl;
063 import com.liferay.portlet.RenderRequestFactory;
064 import com.liferay.portlet.RenderRequestImpl;
065 import com.liferay.portlet.RenderResponseFactory;
066 import com.liferay.portlet.RenderResponseImpl;
067
068 import java.io.IOException;
069
070 import java.util.Date;
071 import java.util.HashSet;
072 import java.util.Map;
073 import java.util.Set;
074
075 import javax.portlet.PortletConfig;
076 import javax.portlet.PortletContext;
077 import javax.portlet.PortletMode;
078 import javax.portlet.PortletPreferences;
079 import javax.portlet.PortletRequest;
080 import javax.portlet.WindowState;
081
082 import javax.servlet.ServletContext;
083 import javax.servlet.ServletException;
084 import javax.servlet.http.HttpServletRequest;
085 import javax.servlet.http.HttpServletResponse;
086 import javax.servlet.http.HttpSession;
087 import javax.servlet.jsp.PageContext;
088
089 import org.apache.struts.Globals;
090 import org.apache.struts.action.Action;
091 import org.apache.struts.action.ActionMapping;
092 import org.apache.struts.config.ActionConfig;
093 import org.apache.struts.config.ForwardConfig;
094 import org.apache.struts.tiles.TilesRequestProcessor;
095 import org.apache.struts.util.MessageResources;
096
097
103 public class PortalRequestProcessor extends TilesRequestProcessor {
104
105 public PortalRequestProcessor() {
106
107
108
109 _lastPaths = new HashSet<String>();
110
111 _lastPaths.add(_PATH_PORTAL_LAYOUT);
112
113 addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
114
115
116
117 _publicPaths = new HashSet<String>();
118
119 _publicPaths.add(_PATH_C);
120 _publicPaths.add(_PATH_PORTAL_API_JSONWS);
121 _publicPaths.add(_PATH_PORTAL_FLASH);
122 _publicPaths.add(_PATH_PORTAL_J_LOGIN);
123 _publicPaths.add(_PATH_PORTAL_LAYOUT);
124 _publicPaths.add(_PATH_PORTAL_LICENSE);
125 _publicPaths.add(_PATH_PORTAL_LOGIN);
126 _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
127 _publicPaths.add(_PATH_PORTAL_RESILIENCY);
128 _publicPaths.add(_PATH_PORTAL_TCK);
129 _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
130 _publicPaths.add(_PATH_PORTAL_VERIFY_EMAIL_ADDRESS);
131 _publicPaths.add(PropsValues.AUTH_LOGIN_DISABLED_PATH);
132
133 _trackerIgnorePaths = new HashSet<String>();
134
135 addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
136 }
137
138 @Override
139 public void process(
140 HttpServletRequest request, HttpServletResponse response)
141 throws IOException, ServletException {
142
143 HttpSession session = request.getSession();
144
145 Boolean basicAuthEnabled = (Boolean)session.getAttribute(
146 WebKeys.BASIC_AUTH_ENABLED);
147
148 if (basicAuthEnabled != null) {
149 session.removeAttribute(WebKeys.BASIC_AUTH_ENABLED);
150 }
151
152 String path = super.processPath(request, response);
153
154 ActionMapping actionMapping =
155 (ActionMapping)moduleConfig.findActionConfig(path);
156
157 Action action = StrutsActionRegistryUtil.getAction(path);
158
159 if (((basicAuthEnabled != null) && basicAuthEnabled.booleanValue()) ||
160 ((actionMapping == null) && (action == null))) {
161
162 String lastPath = getLastPath(request);
163
164 if (_log.isDebugEnabled()) {
165 _log.debug("Last path " + lastPath);
166 }
167
168 response.sendRedirect(lastPath);
169
170 return;
171 }
172
173 super.process(request, response);
174
175 try {
176 if (isPortletPath(path)) {
177 cleanUp(request);
178 }
179 }
180 catch (Exception e) {
181 _log.error(e, e);
182 }
183 }
184
185 protected void addPaths(Set<String> paths, String propsKey) {
186 String[] pathsArray = PropsUtil.getArray(propsKey);
187
188 for (String path : pathsArray) {
189 paths.add(path);
190 }
191 }
192
193 protected void callParentDoForward(
194 String uri, HttpServletRequest request,
195 HttpServletResponse response)
196 throws IOException, ServletException {
197
198 super.doForward(uri, request, response);
199 }
200
201 protected HttpServletRequest callParentProcessMultipart(
202 HttpServletRequest request) {
203
204 return super.processMultipart(request);
205 }
206
207 protected String callParentProcessPath(
208 HttpServletRequest request, HttpServletResponse response)
209 throws IOException {
210
211 return super.processPath(request, response);
212 }
213
214 protected boolean callParentProcessRoles(
215 HttpServletRequest request, HttpServletResponse response,
216 ActionMapping actionMapping)
217 throws IOException, ServletException {
218
219 return super.processRoles(request, response, actionMapping);
220 }
221
222 protected void cleanUp(HttpServletRequest request) throws Exception {
223
224
225
226
227 RenderRequestImpl renderRequestImpl =
228 (RenderRequestImpl)request.getAttribute(
229 JavaConstants.JAVAX_PORTLET_REQUEST);
230
231 if (renderRequestImpl != null) {
232 renderRequestImpl.cleanUp();
233 }
234 }
235
236 protected void defineObjects(
237 HttpServletRequest request, HttpServletResponse response,
238 Portlet portlet)
239 throws Exception {
240
241 String portletId = portlet.getPortletId();
242
243 ServletContext servletContext = (ServletContext)request.getAttribute(
244 WebKeys.CTX);
245
246 InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
247 portlet, servletContext);
248
249 PortletPreferencesIds portletPreferencesIds =
250 PortletPreferencesFactoryUtil.getPortletPreferencesIds(
251 request, portletId);
252
253 PortletPreferences portletPreferences =
254 PortletPreferencesLocalServiceUtil.getStrictPreferences(
255 portletPreferencesIds);
256
257 PortletConfig portletConfig = PortletConfigFactoryUtil.create(
258 portlet, servletContext);
259 PortletContext portletContext = portletConfig.getPortletContext();
260
261 RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
262 request, portlet, invokerPortlet, portletContext,
263 WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
264
265 RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
266 renderRequestImpl, response, portletId, portlet.getCompanyId());
267
268 renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
269
270 request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
271 }
272
273 @Override
274 protected void doForward(
275 String uri, HttpServletRequest request,
276 HttpServletResponse response)
277 throws ServletException {
278
279 StrutsUtil.forward(uri, getServletContext(), request, response);
280 }
281
282 @Override
283 protected void doInclude(
284 String uri, HttpServletRequest request,
285 HttpServletResponse response)
286 throws ServletException {
287
288 StrutsUtil.include(uri, getServletContext(), request, response);
289 }
290
291 protected String getFriendlyTrackerPath(
292 String path, ThemeDisplay themeDisplay, HttpServletRequest request)
293 throws Exception {
294
295 if (!path.equals(_PATH_PORTAL_LAYOUT)) {
296 return null;
297 }
298
299 long plid = ParamUtil.getLong(request, "p_l_id");
300
301 if (plid == 0) {
302 return null;
303 }
304
305 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
306
307 String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
308 layout, themeDisplay);
309
310 String portletId = ParamUtil.getString(request, "p_p_id");
311
312 if (Validator.isNull(portletId)) {
313 return layoutFriendlyURL;
314 }
315
316 long companyId = PortalUtil.getCompanyId(request);
317
318 Portlet portlet = PortletLocalServiceUtil.getPortletById(
319 companyId, portletId);
320
321 if (portlet == null) {
322 String strutsPath = path.substring(
323 1, path.lastIndexOf(CharPool.SLASH));
324
325 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
326 companyId, strutsPath);
327 }
328
329 if ((portlet == null) || !portlet.isActive()) {
330 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
331 request.getQueryString());
332 }
333
334 String namespace = PortalUtil.getPortletNamespace(portletId);
335
336 FriendlyURLMapper friendlyURLMapper =
337 portlet.getFriendlyURLMapperInstance();
338
339 if (friendlyURLMapper == null) {
340 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
341 request.getQueryString());
342 }
343
344 PortletURLImpl portletURL = new PortletURLImpl(
345 request, portletId, plid, PortletRequest.RENDER_PHASE);
346
347 Map<String, String[]> parameterMap = request.getParameterMap();
348
349 for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
350 String key = entry.getKey();
351
352 if (key.startsWith(namespace)) {
353 key = key.substring(namespace.length());
354
355 portletURL.setParameter(key, entry.getValue());
356 }
357 }
358
359 String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
360
361 if (portletFriendlyURL != null) {
362 return layoutFriendlyURL.concat(portletFriendlyURL);
363 }
364 else {
365 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
366 request.getQueryString());
367 }
368 }
369
370 protected String getLastPath(HttpServletRequest request) {
371 HttpSession session = request.getSession();
372
373 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
374 WebKeys.THEME_DISPLAY);
375
376 Boolean httpsInitial = (Boolean)session.getAttribute(
377 WebKeys.HTTPS_INITIAL);
378
379 String portalURL = null;
380
381 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
382 !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
383 (httpsInitial != null) && !httpsInitial.booleanValue()) {
384
385 portalURL = PortalUtil.getPortalURL(request, false);
386 }
387 else {
388 portalURL = PortalUtil.getPortalURL(request);
389 }
390
391 StringBundler sb = new StringBundler();
392
393 sb.append(portalURL);
394 sb.append(themeDisplay.getPathMain());
395 sb.append(_PATH_PORTAL_LAYOUT);
396
397 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
398 if (request.getRemoteUser() != null) {
399
400
401
402
403
404 sb.append(StringPool.QUESTION);
405 sb.append("p_l_id");
406 sb.append(StringPool.EQUAL);
407 sb.append(LayoutConstants.DEFAULT_PLID);
408 }
409
410 return sb.toString();
411 }
412
413 LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
414
415 if (lastPath == null) {
416 return sb.toString();
417 }
418
419 Map<String, String[]> parameterMap = lastPath.getParameterMap();
420
421
422
423
424 if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
425 ActionMapping actionMapping =
426 (ActionMapping)moduleConfig.findActionConfig(
427 lastPath.getPath());
428
429 if ((actionMapping == null) || (parameterMap == null)) {
430 return sb.toString();
431 }
432 }
433
434 StringBundler lastPathSB = new StringBundler(4);
435
436 lastPathSB.append(portalURL);
437 lastPathSB.append(lastPath.getContextPath());
438 lastPathSB.append(lastPath.getPath());
439 lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
440
441 return lastPathSB.toString();
442 }
443
444 protected boolean isPortletPath(String path) {
445 if ((path != null) &&
446 !path.equals(_PATH_C) &&
447 !path.startsWith(_PATH_COMMON) &&
448 !path.contains(_PATH_J_SECURITY_CHECK) &&
449 !path.startsWith(_PATH_PORTAL)) {
450
451 return true;
452 }
453 else {
454 return false;
455 }
456 }
457
458 protected boolean isPublicPath(String path) {
459 if ((path != null) &&
460 (_publicPaths.contains(path) || path.startsWith(_PATH_COMMON) ||
461 AuthPublicPathRegistry.contains(path))) {
462
463 return true;
464 }
465 else {
466 return false;
467 }
468 }
469
470 @Override
471 protected Action processActionCreate(
472 HttpServletRequest request, HttpServletResponse response,
473 ActionMapping actionMapping)
474 throws IOException {
475
476 ActionAdapter actionAdapter =
477 (ActionAdapter)StrutsActionRegistryUtil.getAction(
478 actionMapping.getPath());
479
480 if (actionAdapter != null) {
481 ActionConfig actionConfig = moduleConfig.findActionConfig(
482 actionMapping.getPath());
483
484 if (actionConfig != null) {
485 Action originalAction = super.processActionCreate(
486 request, response, actionMapping);
487
488 actionAdapter.setOriginalAction(originalAction);
489 }
490
491 return actionAdapter;
492 }
493
494 return super.processActionCreate(request, response, actionMapping);
495 }
496
497 @Override
498 protected ActionMapping processMapping(
499 HttpServletRequest request, HttpServletResponse response,
500 String path)
501 throws IOException {
502
503 if (path == null) {
504 return null;
505 }
506
507 Action action = StrutsActionRegistryUtil.getAction(path);
508
509 if (action != null) {
510 ActionMapping actionMapping =
511 (ActionMapping)moduleConfig.findActionConfig(path);
512
513 if (actionMapping == null) {
514 actionMapping = new ActionMapping();
515
516 actionMapping.setModuleConfig(moduleConfig);
517 actionMapping.setPath(path);
518
519 request.setAttribute(Globals.MAPPING_KEY, actionMapping);
520 }
521
522 return actionMapping;
523 }
524
525 ActionMapping actionMapping = super.processMapping(
526 request, response, path);
527
528 if (actionMapping == null) {
529 MessageResources messageResources = getInternal();
530
531 String msg = messageResources.getMessage("processInvalid");
532
533 _log.error("User ID " + request.getRemoteUser());
534 _log.error("Current URL " + PortalUtil.getCurrentURL(request));
535 _log.error("Referer " + request.getHeader("Referer"));
536 _log.error("Remote address " + request.getRemoteAddr());
537
538 _log.error(msg + " " + path);
539 }
540
541 return actionMapping;
542 }
543
544 @Override
545 protected HttpServletRequest processMultipart(HttpServletRequest request) {
546
547
548
549 return request;
550 }
551
552 @Override
553 protected String processPath(
554 HttpServletRequest request, HttpServletResponse response)
555 throws IOException {
556
557 String path = GetterUtil.getString(
558 super.processPath(request, response));
559
560 HttpSession session = request.getSession();
561
562 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
563 WebKeys.THEME_DISPLAY);
564
565
566
567 UserTracker userTracker = LiveUsers.getUserTracker(
568 themeDisplay.getCompanyId(), session.getId());
569
570 if ((userTracker != null) && !path.equals(_PATH_C) &&
571 !path.contains(_PATH_J_SECURITY_CHECK) &&
572 !path.contains(_PATH_PORTAL_PROTECTED) &&
573 !_trackerIgnorePaths.contains(path)) {
574
575 String fullPath = null;
576
577 try {
578 if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
579 fullPath = getFriendlyTrackerPath(
580 path, themeDisplay, request);
581 }
582 }
583 catch (Exception e) {
584 _log.error(e, e);
585 }
586
587 String fullPathWithoutQueryString = fullPath;
588
589 if (Validator.isNull(fullPath)) {
590 String queryString = request.getQueryString();
591
592 fullPathWithoutQueryString = path;
593
594 if (Validator.isNotNull(queryString)) {
595 fullPath = path.concat(StringPool.QUESTION).concat(
596 queryString);
597 }
598 else {
599 fullPath = path;
600 }
601 }
602
603 int pos = fullPathWithoutQueryString.indexOf(StringPool.QUESTION);
604
605 if (pos != -1) {
606 fullPathWithoutQueryString =
607 fullPathWithoutQueryString.substring(0, pos);
608 }
609
610 if (!_trackerIgnorePaths.contains(fullPathWithoutQueryString)) {
611 UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
612
613 userTrackerPath.setUserTrackerId(
614 userTracker.getUserTrackerId());
615 userTrackerPath.setPath(fullPath);
616 userTrackerPath.setPathDate(new Date());
617
618 userTracker.addPath(userTrackerPath);
619 }
620 }
621
622 String remoteUser = request.getRemoteUser();
623
624 User user = null;
625
626 try {
627 user = PortalUtil.getUser(request);
628 }
629 catch (Exception e) {
630 }
631
632
633
634 if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
635 boolean saveLastPath = ParamUtil.getBoolean(
636 request, "saveLastPath", true);
637
638 if (themeDisplay.isLifecycleResource() ||
639 themeDisplay.isStateExclusive() ||
640 themeDisplay.isStatePopUp() ||
641 !StringUtil.equalsIgnoreCase(
642 request.getMethod(), HttpMethods.GET)) {
643
644 saveLastPath = false;
645 }
646
647
648
649 if (saveLastPath) {
650
651
652
653
654 LastPath lastPath = (LastPath)request.getAttribute(
655 WebKeys.LAST_PATH);
656
657 if (lastPath == null) {
658 lastPath = new LastPath(
659 themeDisplay.getPathMain(), path,
660 request.getParameterMap());
661 }
662
663 session.setAttribute(WebKeys.LAST_PATH, lastPath);
664 }
665 }
666
667
668
669 if (!SetupWizardUtil.isSetupFinished()) {
670 if (!path.equals(_PATH_PORTAL_LICENSE) &&
671 !path.equals(_PATH_PORTAL_STATUS)) {
672
673 return _PATH_PORTAL_SETUP_WIZARD;
674 }
675 }
676 else if (path.equals(_PATH_PORTAL_SETUP_WIZARD)) {
677 return _PATH_PORTAL_LAYOUT;
678 }
679
680
681
682 if (((remoteUser != null) || (user != null)) &&
683 path.equals(_PATH_PORTAL_LOGOUT)) {
684
685 return path;
686 }
687
688
689
690 if (((remoteUser != null) || (user != null)) &&
691 (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
692 path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
693
694 return path;
695 }
696
697
698
699 if (((remoteUser != null) || (user != null)) &&
700 path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE)) {
701
702 return path;
703 }
704
705
706
707 if ((remoteUser != null) && (user == null)) {
708 return _PATH_PORTAL_LOGOUT;
709 }
710
711
712
713 if ((user != null) && !user.isActive()) {
714 SessionErrors.add(request, UserActiveException.class.getName());
715
716 return _PATH_PORTAL_ERROR;
717 }
718
719 if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
720 !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
721 !ParamUtil.getBoolean(request, "wsrp") &&
722 !themeDisplay.isImpersonated()) {
723
724
725
726 if ((user != null) && !user.isTermsOfUseComplete()) {
727 return _PATH_PORTAL_TERMS_OF_USE;
728 }
729
730
731
732 if ((user != null) && !user.isEmailAddressVerificationComplete()) {
733 if (path.equals(_PATH_PORTAL_UPDATE_EMAIL_ADDRESS)) {
734 return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
735 }
736
737 return _PATH_PORTAL_VERIFY_EMAIL_ADDRESS;
738 }
739
740
741
742 if ((user != null) && user.isPasswordReset()) {
743 return _PATH_PORTAL_UPDATE_PASSWORD;
744 }
745 else if ((user != null) && !user.isPasswordReset() &&
746 path.equals(_PATH_PORTAL_UPDATE_PASSWORD)) {
747
748 return null;
749 }
750
751
752
753 if ((user != null) && !user.isEmailAddressComplete()) {
754 return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
755 }
756
757
758
759 if ((user != null) && !user.isDefaultUser() &&
760 !user.isReminderQueryComplete()) {
761
762 return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
763 }
764 }
765
766
767
768 if (!isPublicPath(path)) {
769 if (user == null) {
770 SessionErrors.add(request, PrincipalException.class.getName());
771
772 return _PATH_PORTAL_LOGIN;
773 }
774 }
775
776 ActionMapping actionMapping =
777 (ActionMapping)moduleConfig.findActionConfig(path);
778
779 if (actionMapping == null) {
780 Action strutsAction = StrutsActionRegistryUtil.getAction(path);
781
782 if (strutsAction == null) {
783 return null;
784 }
785 }
786 else {
787 path = actionMapping.getPath();
788 }
789
790
791
792 if (isPortletPath(path)) {
793 try {
794 Portlet portlet = null;
795
796 long companyId = PortalUtil.getCompanyId(request);
797 String portletId = ParamUtil.getString(request, "p_p_id");
798
799 if (Validator.isNotNull(portletId)) {
800 portlet = PortletLocalServiceUtil.getPortletById(
801 companyId, portletId);
802 }
803
804 if (portlet == null) {
805 String strutsPath = path.substring(
806 1, path.lastIndexOf(CharPool.SLASH));
807
808 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
809 companyId, strutsPath);
810 }
811
812 if ((portlet != null) && portlet.isActive()) {
813 defineObjects(request, response, portlet);
814 }
815 }
816 catch (Exception e) {
817 request.setAttribute(PageContext.EXCEPTION, e);
818
819 path = _PATH_COMMON_ERROR;
820 }
821 }
822
823
824
825 if (SessionErrors.contains(
826 request, LayoutPermissionException.class.getName())) {
827
828 return _PATH_PORTAL_ERROR;
829 }
830
831 return path;
832 }
833
834 @Override
835 protected boolean processRoles(
836 HttpServletRequest request, HttpServletResponse response,
837 ActionMapping actionMapping)
838 throws IOException, ServletException {
839
840 String path = actionMapping.getPath();
841
842 if (isPublicPath(path)) {
843 return true;
844 }
845
846 boolean authorized = true;
847
848 User user = null;
849
850 try {
851 user = PortalUtil.getUser(request);
852 }
853 catch (Exception e) {
854 }
855
856 if ((user != null) && isPortletPath(path)) {
857 try {
858
859
860
861 if (path.equals(_PATH_PORTAL_LOGOUT)) {
862 return true;
863 }
864
865 Portlet portlet = null;
866
867 String portletId = ParamUtil.getString(request, "p_p_id");
868
869 if (Validator.isNotNull(portletId)) {
870 portlet = PortletLocalServiceUtil.getPortletById(
871 user.getCompanyId(), portletId);
872 }
873
874 String strutsPath = path.substring(
875 1, path.lastIndexOf(CharPool.SLASH));
876
877 if (portlet != null) {
878 if (!strutsPath.equals(portlet.getStrutsPath())) {
879 throw new PrincipalException();
880 }
881 }
882 else {
883 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
884 user.getCompanyId(), strutsPath);
885 }
886
887 if ((portlet != null) && portlet.isActive()) {
888 ThemeDisplay themeDisplay =
889 (ThemeDisplay)request.getAttribute(
890 WebKeys.THEME_DISPLAY);
891
892 Layout layout = themeDisplay.getLayout();
893 PermissionChecker permissionChecker =
894 themeDisplay.getPermissionChecker();
895
896 if (!PortletPermissionUtil.contains(
897 permissionChecker, layout, portlet,
898 ActionKeys.VIEW)) {
899
900 throw new PrincipalException();
901 }
902 }
903 else if ((portlet != null) && !portlet.isActive()) {
904 SessionErrors.add(
905 request, PortletActiveException.class.getName());
906
907 authorized = false;
908 }
909 }
910 catch (Exception e) {
911 SessionErrors.add(request, PrincipalException.class.getName());
912
913 authorized = false;
914 }
915 }
916
917 if (!authorized) {
918 ForwardConfig forwardConfig = actionMapping.findForward(
919 _PATH_PORTAL_ERROR);
920
921 processForwardConfig(request, response, forwardConfig);
922
923 return false;
924 }
925 else {
926 return true;
927 }
928 }
929
930 private static final String _PATH_C = "/c";
931
932 private static final String _PATH_COMMON = "/common";
933
934 private static final String _PATH_COMMON_ERROR = "/common/error";
935
936 private static final String _PATH_J_SECURITY_CHECK = "/j_security_check";
937
938 private static final String _PATH_PORTAL = "/portal";
939
940 private static final String _PATH_PORTAL_API_JSONWS = "/portal/api/jsonws";
941
942 private static final String _PATH_PORTAL_ERROR = "/portal/error";
943
944 private static final String _PATH_PORTAL_EXPIRE_SESSION =
945 "/portal/expire_session";
946
947 private static final String _PATH_PORTAL_EXTEND_SESSION =
948 "/portal/extend_session";
949
950 private static final String _PATH_PORTAL_FLASH = "/portal/flash";
951
952 private static final String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
953
954 private static final String _PATH_PORTAL_JSON_SERVICE =
955 "/portal/json_service";
956
957 private static final String _PATH_PORTAL_LAYOUT = "/portal/layout";
958
959 private static final String _PATH_PORTAL_LICENSE = "/portal/license";
960
961 private static final String _PATH_PORTAL_LOGIN = "/portal/login";
962
963 private static final String _PATH_PORTAL_LOGOUT = "/portal/logout";
964
965 private static final String _PATH_PORTAL_PROTECTED = "/portal/protected";
966
967 private static final String _PATH_PORTAL_RENDER_PORTLET =
968 "/portal/render_portlet";
969
970 private static final String _PATH_PORTAL_RESILIENCY = "/portal/resiliency";
971
972 private static final String _PATH_PORTAL_SETUP_WIZARD =
973 "/portal/setup_wizard";
974
975 private static final String _PATH_PORTAL_STATUS = "/portal/status";
976
977 private static final String _PATH_PORTAL_TCK = "/portal/tck";
978
979 private static final String _PATH_PORTAL_TERMS_OF_USE =
980 "/portal/terms_of_use";
981
982 private static final String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
983 "/portal/update_email_address";
984
985 private static final String _PATH_PORTAL_UPDATE_PASSWORD =
986 "/portal/update_password";
987
988 private static final String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
989 "/portal/update_reminder_query";
990
991 private static final String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
992 "/portal/update_terms_of_use";
993
994 private static final String _PATH_PORTAL_VERIFY_EMAIL_ADDRESS =
995 "/portal/verify_email_address";
996
997 private static Log _log = LogFactoryUtil.getLog(
998 PortalRequestProcessor.class);
999
1000 private Set<String> _lastPaths;
1001 private Set<String> _publicPaths;
1002 private Set<String> _trackerIgnorePaths;
1003
1004 }