001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet.filters.autologin;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
020    import com.liferay.portal.kernel.util.GetterUtil;
021    import com.liferay.portal.kernel.util.InstancePool;
022    import com.liferay.portal.kernel.util.StringBundler;
023    import com.liferay.portal.kernel.util.StringPool;
024    import com.liferay.portal.kernel.util.StringUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.model.User;
027    import com.liferay.portal.security.auth.AutoLogin;
028    import com.liferay.portal.security.pwd.PasswordEncryptorUtil;
029    import com.liferay.portal.service.UserLocalServiceUtil;
030    import com.liferay.portal.servlet.filters.BasePortalFilter;
031    import com.liferay.portal.util.Portal;
032    import com.liferay.portal.util.PortalInstances;
033    import com.liferay.portal.util.PortalUtil;
034    import com.liferay.portal.util.PropsValues;
035    import com.liferay.portal.util.WebKeys;
036    import com.liferay.portlet.login.util.LoginUtil;
037    
038    import java.util.List;
039    import java.util.concurrent.CopyOnWriteArrayList;
040    
041    import javax.servlet.FilterChain;
042    import javax.servlet.http.HttpServletRequest;
043    import javax.servlet.http.HttpServletResponse;
044    import javax.servlet.http.HttpSession;
045    
046    /**
047     * @author Brian Wing Shun Chan
048     * @author Raymond Aug??
049     */
050    public class AutoLoginFilter extends BasePortalFilter {
051    
052            public static void registerAutoLogin(AutoLogin autoLogin) {
053                    _autoLogins.add(autoLogin);
054            }
055    
056            public static void unregisterAutoLogin(AutoLogin autoLogin) {
057                    _autoLogins.remove(autoLogin);
058            }
059    
060            public AutoLoginFilter() {
061                    for (String autoLoginClassName : PropsValues.AUTO_LOGIN_HOOKS) {
062                            AutoLogin autoLogin = (AutoLogin)InstancePool.get(
063                                    autoLoginClassName);
064    
065                            _autoLogins.add(autoLogin);
066                    }
067            }
068    
069            protected String getLoginRemoteUser(
070                            HttpServletRequest request, HttpServletResponse response,
071                            HttpSession session, String[] credentials)
072                    throws Exception {
073    
074                    if ((credentials == null) || (credentials.length != 3)) {
075                            return null;
076                    }
077    
078                    String jUsername = credentials[0];
079                    String jPassword = credentials[1];
080                    boolean encPassword = GetterUtil.getBoolean(credentials[2]);
081    
082                    if (Validator.isNull(jUsername) || Validator.isNull(jPassword)) {
083                            return null;
084                    }
085    
086                    long userId = GetterUtil.getLong(jUsername);
087    
088                    if (userId <= 0) {
089                            return null;
090                    }
091    
092                    User user = UserLocalServiceUtil.fetchUserById(userId);
093    
094                    if ((user == null) || user.isLockout()) {
095                            return null;
096                    }
097    
098                    if (!PropsValues.AUTH_SIMULTANEOUS_LOGINS) {
099                            LoginUtil.signOutSimultaneousLogins(userId);
100                    }
101    
102                    if (PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) {
103                            session = LoginUtil.renewSession(request, session);
104                    }
105    
106                    session.setAttribute("j_username", jUsername);
107    
108                    // Not having access to the unencrypted password will not allow you to
109                    // connect to external resources that require it (mail server)
110    
111                    if (encPassword) {
112                            session.setAttribute("j_password", jPassword);
113                    }
114                    else {
115                            session.setAttribute(
116                                    "j_password", PasswordEncryptorUtil.encrypt(jPassword));
117    
118                            if (PropsValues.SESSION_STORE_PASSWORD) {
119                                    session.setAttribute(WebKeys.USER_PASSWORD, jPassword);
120                            }
121                    }
122    
123                    session.setAttribute("j_remoteuser", jUsername);
124    
125                    if (PropsValues.PORTAL_JAAS_ENABLE) {
126                            String redirect = PortalUtil.getPathMain().concat(
127                                    "/portal/protected");
128    
129                            if (PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
130                                    String autoLoginRedirect = (String)request.getAttribute(
131                                            AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE);
132    
133                                    redirect = redirect.concat("?redirect=");
134    
135                                    if (Validator.isNotNull(autoLoginRedirect)) {
136                                            redirect = redirect.concat(autoLoginRedirect);
137                                    }
138                                    else {
139                                            redirect = redirect.concat(
140                                                    PortalUtil.getCurrentCompleteURL(request));
141                                    }
142                            }
143    
144                            response.sendRedirect(redirect);
145                    }
146    
147                    return jUsername;
148            }
149    
150            @Override
151            protected void processFilter(
152                            HttpServletRequest request, HttpServletResponse response,
153                            FilterChain filterChain)
154                    throws Exception {
155    
156                    HttpSession session = request.getSession();
157    
158                    String host = PortalUtil.getHost(request);
159    
160                    if (PortalInstances.isAutoLoginIgnoreHost(host)) {
161                            if (_log.isDebugEnabled()) {
162                                    _log.debug("Ignore host " + host);
163                            }
164    
165                            processFilter(
166                                    AutoLoginFilter.class, request, response, filterChain);
167    
168                            return;
169                    }
170    
171                    String contextPath = PortalUtil.getPathContext();
172    
173                    String path = StringUtil.toLowerCase(request.getRequestURI());
174    
175                    if (!contextPath.equals(StringPool.SLASH) &&
176                            path.contains(contextPath)) {
177    
178                            path = path.substring(contextPath.length());
179                    }
180    
181                    if (PortalInstances.isAutoLoginIgnorePath(path)) {
182                            if (_log.isDebugEnabled()) {
183                                    _log.debug("Ignore path " + path);
184                            }
185    
186                            processFilter(
187                                    AutoLoginFilter.class, request, response, filterChain);
188    
189                            return;
190                    }
191    
192                    String remoteUser = request.getRemoteUser();
193                    String jUserName = (String)session.getAttribute("j_username");
194    
195                    // PLACEHOLDER 01
196                    // PLACEHOLDER 02
197                    // PLACEHOLDER 03
198                    // PLACEHOLDER 04
199                    // PLACEHOLDER 05
200    
201                    if (!PropsValues.AUTH_LOGIN_DISABLED &&
202                            (remoteUser == null) && (jUserName == null)) {
203    
204                            for (AutoLogin autoLogin : _autoLogins) {
205                                    try {
206                                            String[] credentials = autoLogin.login(request, response);
207    
208                                            String redirect = (String)request.getAttribute(
209                                                    AutoLogin.AUTO_LOGIN_REDIRECT);
210    
211                                            if (Validator.isNotNull(redirect)) {
212                                                    response.sendRedirect(redirect);
213    
214                                                    return;
215                                            }
216    
217                                            String loginRemoteUser = getLoginRemoteUser(
218                                                    request, response, session, credentials);
219    
220                                            if (loginRemoteUser != null) {
221                                                    request = new ProtectedServletRequest(
222                                                            request, loginRemoteUser);
223    
224                                                    if (PropsValues.PORTAL_JAAS_ENABLE) {
225                                                            return;
226                                                    }
227    
228                                                    if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
229                                                            redirect = Portal.PATH_MAIN;
230                                                    }
231                                                    else {
232                                                            redirect = (String)request.getAttribute(
233                                                                    AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE);
234                                                    }
235    
236                                                    if (Validator.isNotNull(redirect)) {
237                                                            response.sendRedirect(redirect);
238    
239                                                            return;
240                                                    }
241                                            }
242                                    }
243                                    catch (Exception e) {
244                                            StringBundler sb = new StringBundler(4);
245    
246                                            sb.append("Current URL ");
247    
248                                            String currentURL = PortalUtil.getCurrentURL(request);
249    
250                                            sb.append(currentURL);
251    
252                                            sb.append(" generates exception: ");
253                                            sb.append(e.getMessage());
254    
255                                            if (currentURL.endsWith(_PATH_CHAT_LATEST)) {
256                                                    if (_log.isWarnEnabled()) {
257                                                            _log.warn(sb.toString());
258                                                    }
259                                            }
260                                            else {
261                                                    _log.error(sb.toString());
262                                            }
263                                    }
264                            }
265                    }
266    
267                    processFilter(AutoLoginFilter.class, request, response, filterChain);
268            }
269    
270            private static final String _PATH_CHAT_LATEST = "/-/chat/latest";
271    
272            private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
273    
274            private static List<AutoLogin> _autoLogins =
275                    new CopyOnWriteArrayList<AutoLogin>();
276    
277    }