001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.action;
016    
017    import com.liferay.portal.kernel.portlet.WindowStateFactory;
018    import com.liferay.portal.kernel.security.auth.session.AuthenticatedSessionManagerUtil;
019    import com.liferay.portal.kernel.util.CharPool;
020    import com.liferay.portal.kernel.util.HttpUtil;
021    import com.liferay.portal.kernel.util.ParamUtil;
022    import com.liferay.portal.kernel.util.StringBundler;
023    import com.liferay.portal.kernel.util.StringPool;
024    import com.liferay.portal.kernel.util.StringUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.kernel.util.WebKeys;
027    import com.liferay.portal.security.sso.SSOUtil;
028    import com.liferay.portal.theme.ThemeDisplay;
029    import com.liferay.portal.util.PortalUtil;
030    import com.liferay.portal.util.PortletKeys;
031    import com.liferay.portal.util.PropsValues;
032    import com.liferay.portlet.PortletURLFactoryUtil;
033    
034    import javax.portlet.PortletMode;
035    import javax.portlet.PortletRequest;
036    import javax.portlet.PortletURL;
037    import javax.portlet.WindowState;
038    
039    import javax.servlet.http.HttpServletRequest;
040    import javax.servlet.http.HttpServletResponse;
041    import javax.servlet.http.HttpSession;
042    
043    import org.apache.struts.action.Action;
044    import org.apache.struts.action.ActionForm;
045    import org.apache.struts.action.ActionForward;
046    import org.apache.struts.action.ActionMapping;
047    
048    /**
049     * @author Brian Wing Shun Chan
050     * @author Scott Lee
051     */
052    public class LoginAction extends Action {
053    
054            @Override
055            public ActionForward execute(
056                            ActionMapping actionMapping, ActionForm actionForm,
057                            HttpServletRequest request, HttpServletResponse response)
058                    throws Exception {
059    
060                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
061                            WebKeys.THEME_DISPLAY);
062    
063                    if (PropsValues.AUTH_LOGIN_DISABLED) {
064                            response.sendRedirect(
065                                    themeDisplay.getPathMain() +
066                                            PropsValues.AUTH_LOGIN_DISABLED_PATH);
067    
068                            return null;
069                    }
070    
071                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
072                            !request.isSecure()) {
073    
074                            StringBundler sb = new StringBundler(4);
075    
076                            sb.append(PortalUtil.getPortalURL(request, true));
077                            sb.append(request.getRequestURI());
078                            sb.append(StringPool.QUESTION);
079                            sb.append(request.getQueryString());
080    
081                            response.sendRedirect(sb.toString());
082    
083                            return null;
084                    }
085    
086                    String login = ParamUtil.getString(request, "login");
087                    String password = request.getParameter("password");
088                    boolean rememberMe = ParamUtil.getBoolean(request, "rememberMe");
089                    String authType = ParamUtil.getString(request, "authType");
090    
091                    if (Validator.isNotNull(login) && Validator.isNotNull(password)) {
092                            AuthenticatedSessionManagerUtil.login(
093                                    request, response, login, password, rememberMe, authType);
094                    }
095    
096                    HttpSession session = request.getSession();
097    
098                    if ((session.getAttribute("j_username") != null) &&
099                            (session.getAttribute("j_password") != null)) {
100    
101                            if (PropsValues.PORTAL_JAAS_ENABLE) {
102                                    return actionMapping.findForward("/portal/touch_protected.jsp");
103                            }
104    
105                            String redirect = ParamUtil.getString(request, "redirect");
106    
107                            redirect = PortalUtil.escapeRedirect(redirect);
108    
109                            if (Validator.isNull(redirect)) {
110                                    redirect = themeDisplay.getPathMain();
111                            }
112    
113                            if (redirect.charAt(0) == CharPool.SLASH) {
114                                    String portalURL = PortalUtil.getPortalURL(
115                                            request, request.isSecure());
116    
117                                    if (Validator.isNotNull(portalURL)) {
118                                            redirect = portalURL.concat(redirect);
119                                    }
120                            }
121    
122                            response.sendRedirect(redirect);
123    
124                            return null;
125                    }
126    
127                    String redirect = PortalUtil.getSiteLoginURL(themeDisplay);
128    
129                    if (Validator.isNull(redirect)) {
130                            redirect = PropsValues.AUTH_LOGIN_URL;
131                    }
132    
133                    if (Validator.isNull(redirect)) {
134                            PortletURL portletURL = PortletURLFactoryUtil.create(
135                                    request, PortletKeys.LOGIN, themeDisplay.getPlid(),
136                                    PortletRequest.RENDER_PHASE);
137    
138                            portletURL.setParameter("saveLastPath", Boolean.FALSE.toString());
139                            portletURL.setParameter("mvcRenderCommandName", "/login/login");
140                            portletURL.setPortletMode(PortletMode.VIEW);
141                            portletURL.setWindowState(getWindowState(request));
142    
143                            redirect = portletURL.toString();
144                    }
145    
146                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) {
147                            String portalURL = PortalUtil.getPortalURL(request);
148                            String portalURLSecure = PortalUtil.getPortalURL(request, true);
149    
150                            if (!portalURL.equals(portalURLSecure)) {
151                                    redirect = StringUtil.replaceFirst(
152                                            redirect, portalURL, portalURLSecure);
153                            }
154                    }
155    
156                    String loginRedirect = ParamUtil.getString(request, "redirect");
157    
158                    loginRedirect = PortalUtil.escapeRedirect(loginRedirect);
159    
160                    if (Validator.isNotNull(loginRedirect)) {
161                            if (SSOUtil.isRedirectRequired(themeDisplay.getCompanyId())) {
162                                    redirect = loginRedirect;
163                            }
164                            else {
165                                    String loginPortletNamespace = PortalUtil.getPortletNamespace(
166                                            PropsValues.AUTH_LOGIN_PORTLET_NAME);
167    
168                                    String loginRedirectParameter =
169                                            loginPortletNamespace + "redirect";
170    
171                                    redirect = HttpUtil.setParameter(
172                                            redirect, "p_p_id", PropsValues.AUTH_LOGIN_PORTLET_NAME);
173                                    redirect = HttpUtil.setParameter(
174                                            redirect, "p_p_lifecycle", "0");
175                                    redirect = HttpUtil.setParameter(
176                                            redirect, loginRedirectParameter, loginRedirect);
177                            }
178                    }
179    
180                    response.sendRedirect(redirect);
181    
182                    return null;
183            }
184    
185            protected WindowState getWindowState(HttpServletRequest request) {
186                    WindowState windowState = WindowState.MAXIMIZED;
187    
188                    String windowStateString = ParamUtil.getString(request, "windowState");
189    
190                    if (Validator.isNotNull(windowStateString)) {
191                            windowState = WindowStateFactory.getWindowState(windowStateString);
192                    }
193    
194                    return windowState;
195            }
196    
197    }