001
014
015 package com.liferay.portal.action;
016
017 import com.liferay.portal.kernel.portlet.WindowStateFactory;
018 import com.liferay.portal.kernel.security.auth.session.AuthenticatedSessionManagerUtil;
019 import com.liferay.portal.kernel.util.CharPool;
020 import com.liferay.portal.kernel.util.HttpUtil;
021 import com.liferay.portal.kernel.util.ParamUtil;
022 import com.liferay.portal.kernel.util.StringBundler;
023 import com.liferay.portal.kernel.util.StringPool;
024 import com.liferay.portal.kernel.util.StringUtil;
025 import com.liferay.portal.kernel.util.Validator;
026 import com.liferay.portal.kernel.util.WebKeys;
027 import com.liferay.portal.security.sso.SSOUtil;
028 import com.liferay.portal.theme.ThemeDisplay;
029 import com.liferay.portal.util.PortalUtil;
030 import com.liferay.portal.util.PortletKeys;
031 import com.liferay.portal.util.PropsValues;
032 import com.liferay.portlet.PortletURLFactoryUtil;
033
034 import javax.portlet.PortletMode;
035 import javax.portlet.PortletRequest;
036 import javax.portlet.PortletURL;
037 import javax.portlet.WindowState;
038
039 import javax.servlet.http.HttpServletRequest;
040 import javax.servlet.http.HttpServletResponse;
041 import javax.servlet.http.HttpSession;
042
043 import org.apache.struts.action.Action;
044 import org.apache.struts.action.ActionForm;
045 import org.apache.struts.action.ActionForward;
046 import org.apache.struts.action.ActionMapping;
047
048
052 public class LoginAction extends Action {
053
054 @Override
055 public ActionForward execute(
056 ActionMapping actionMapping, ActionForm actionForm,
057 HttpServletRequest request, HttpServletResponse response)
058 throws Exception {
059
060 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
061 WebKeys.THEME_DISPLAY);
062
063 if (PropsValues.AUTH_LOGIN_DISABLED) {
064 response.sendRedirect(
065 themeDisplay.getPathMain() +
066 PropsValues.AUTH_LOGIN_DISABLED_PATH);
067
068 return null;
069 }
070
071 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
072 !request.isSecure()) {
073
074 StringBundler sb = new StringBundler(4);
075
076 sb.append(PortalUtil.getPortalURL(request, true));
077 sb.append(request.getRequestURI());
078 sb.append(StringPool.QUESTION);
079 sb.append(request.getQueryString());
080
081 response.sendRedirect(sb.toString());
082
083 return null;
084 }
085
086 String login = ParamUtil.getString(request, "login");
087 String password = request.getParameter("password");
088 boolean rememberMe = ParamUtil.getBoolean(request, "rememberMe");
089 String authType = ParamUtil.getString(request, "authType");
090
091 if (Validator.isNotNull(login) && Validator.isNotNull(password)) {
092 AuthenticatedSessionManagerUtil.login(
093 request, response, login, password, rememberMe, authType);
094 }
095
096 HttpSession session = request.getSession();
097
098 if ((session.getAttribute("j_username") != null) &&
099 (session.getAttribute("j_password") != null)) {
100
101 if (PropsValues.PORTAL_JAAS_ENABLE) {
102 return actionMapping.findForward("/portal/touch_protected.jsp");
103 }
104
105 String redirect = ParamUtil.getString(request, "redirect");
106
107 redirect = PortalUtil.escapeRedirect(redirect);
108
109 if (Validator.isNull(redirect)) {
110 redirect = themeDisplay.getPathMain();
111 }
112
113 if (redirect.charAt(0) == CharPool.SLASH) {
114 String portalURL = PortalUtil.getPortalURL(
115 request, request.isSecure());
116
117 if (Validator.isNotNull(portalURL)) {
118 redirect = portalURL.concat(redirect);
119 }
120 }
121
122 response.sendRedirect(redirect);
123
124 return null;
125 }
126
127 String redirect = PortalUtil.getSiteLoginURL(themeDisplay);
128
129 if (Validator.isNull(redirect)) {
130 redirect = PropsValues.AUTH_LOGIN_URL;
131 }
132
133 if (Validator.isNull(redirect)) {
134 PortletURL portletURL = PortletURLFactoryUtil.create(
135 request, PortletKeys.LOGIN, themeDisplay.getPlid(),
136 PortletRequest.RENDER_PHASE);
137
138 portletURL.setParameter("saveLastPath", Boolean.FALSE.toString());
139 portletURL.setParameter("mvcRenderCommandName", "/login/login");
140 portletURL.setPortletMode(PortletMode.VIEW);
141 portletURL.setWindowState(getWindowState(request));
142
143 redirect = portletURL.toString();
144 }
145
146 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) {
147 String portalURL = PortalUtil.getPortalURL(request);
148 String portalURLSecure = PortalUtil.getPortalURL(request, true);
149
150 if (!portalURL.equals(portalURLSecure)) {
151 redirect = StringUtil.replaceFirst(
152 redirect, portalURL, portalURLSecure);
153 }
154 }
155
156 String loginRedirect = ParamUtil.getString(request, "redirect");
157
158 loginRedirect = PortalUtil.escapeRedirect(loginRedirect);
159
160 if (Validator.isNotNull(loginRedirect)) {
161 if (SSOUtil.isRedirectRequired(themeDisplay.getCompanyId())) {
162 redirect = loginRedirect;
163 }
164 else {
165 String loginPortletNamespace = PortalUtil.getPortletNamespace(
166 PropsValues.AUTH_LOGIN_PORTLET_NAME);
167
168 String loginRedirectParameter =
169 loginPortletNamespace + "redirect";
170
171 redirect = HttpUtil.setParameter(
172 redirect, "p_p_id", PropsValues.AUTH_LOGIN_PORTLET_NAME);
173 redirect = HttpUtil.setParameter(
174 redirect, "p_p_lifecycle", "0");
175 redirect = HttpUtil.setParameter(
176 redirect, loginRedirectParameter, loginRedirect);
177 }
178 }
179
180 response.sendRedirect(redirect);
181
182 return null;
183 }
184
185 protected WindowState getWindowState(HttpServletRequest request) {
186 WindowState windowState = WindowState.MAXIMIZED;
187
188 String windowStateString = ParamUtil.getString(request, "windowState");
189
190 if (Validator.isNotNull(windowStateString)) {
191 windowState = WindowStateFactory.getWindowState(windowStateString);
192 }
193
194 return windowState;
195 }
196
197 }