001
014
015 package com.liferay.portal.struts;
016
017 import com.liferay.portal.exception.LayoutPermissionException;
018 import com.liferay.portal.exception.PortletActiveException;
019 import com.liferay.portal.exception.UserActiveException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
023 import com.liferay.portal.kernel.servlet.DynamicServletRequest;
024 import com.liferay.portal.kernel.servlet.HttpMethods;
025 import com.liferay.portal.kernel.servlet.SessionErrors;
026 import com.liferay.portal.kernel.struts.LastPath;
027 import com.liferay.portal.kernel.util.CharPool;
028 import com.liferay.portal.kernel.util.GetterUtil;
029 import com.liferay.portal.kernel.util.HttpUtil;
030 import com.liferay.portal.kernel.util.JavaConstants;
031 import com.liferay.portal.kernel.util.ParamUtil;
032 import com.liferay.portal.kernel.util.PropsKeys;
033 import com.liferay.portal.kernel.util.StringBundler;
034 import com.liferay.portal.kernel.util.StringPool;
035 import com.liferay.portal.kernel.util.StringUtil;
036 import com.liferay.portal.kernel.util.Validator;
037 import com.liferay.portal.kernel.util.WebKeys;
038 import com.liferay.portal.liveusers.LiveUsers;
039 import com.liferay.portal.model.Layout;
040 import com.liferay.portal.model.LayoutConstants;
041 import com.liferay.portal.model.PasswordPolicy;
042 import com.liferay.portal.model.Portlet;
043 import com.liferay.portal.model.PortletPreferencesIds;
044 import com.liferay.portal.model.User;
045 import com.liferay.portal.model.UserTracker;
046 import com.liferay.portal.model.UserTrackerPath;
047 import com.liferay.portal.security.auth.InterruptedPortletRequestWhitelistUtil;
048 import com.liferay.portal.security.auth.PrincipalException;
049 import com.liferay.portal.security.permission.ActionKeys;
050 import com.liferay.portal.security.permission.PermissionChecker;
051 import com.liferay.portal.service.LayoutLocalServiceUtil;
052 import com.liferay.portal.service.PortletLocalServiceUtil;
053 import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
054 import com.liferay.portal.service.permission.PortletPermissionUtil;
055 import com.liferay.portal.service.persistence.UserTrackerPathUtil;
056 import com.liferay.portal.theme.ThemeDisplay;
057 import com.liferay.portal.util.PortalUtil;
058 import com.liferay.portal.util.PropsUtil;
059 import com.liferay.portal.util.PropsValues;
060 import com.liferay.portlet.InvokerPortlet;
061 import com.liferay.portlet.PortletConfigFactoryUtil;
062 import com.liferay.portlet.PortletInstanceFactoryUtil;
063 import com.liferay.portlet.PortletPreferencesFactoryUtil;
064 import com.liferay.portlet.PortletURLImpl;
065 import com.liferay.portlet.RenderRequestFactory;
066 import com.liferay.portlet.RenderRequestImpl;
067 import com.liferay.portlet.RenderResponseFactory;
068 import com.liferay.portlet.RenderResponseImpl;
069
070 import java.io.IOException;
071
072 import java.util.Date;
073 import java.util.HashSet;
074 import java.util.LinkedHashMap;
075 import java.util.Map;
076 import java.util.Set;
077 import java.util.regex.Matcher;
078 import java.util.regex.Pattern;
079
080 import javax.portlet.PortletConfig;
081 import javax.portlet.PortletContext;
082 import javax.portlet.PortletMode;
083 import javax.portlet.PortletPreferences;
084 import javax.portlet.PortletRequest;
085 import javax.portlet.WindowState;
086
087 import javax.servlet.ServletContext;
088 import javax.servlet.ServletException;
089 import javax.servlet.http.HttpServletRequest;
090 import javax.servlet.http.HttpServletResponse;
091 import javax.servlet.http.HttpSession;
092 import javax.servlet.jsp.PageContext;
093
094 import org.apache.struts.Globals;
095 import org.apache.struts.action.Action;
096 import org.apache.struts.action.ActionForm;
097 import org.apache.struts.action.ActionMapping;
098 import org.apache.struts.config.ActionConfig;
099 import org.apache.struts.config.ForwardConfig;
100 import org.apache.struts.tiles.TilesRequestProcessor;
101 import org.apache.struts.util.MessageResources;
102
103
109 public class PortalRequestProcessor extends TilesRequestProcessor {
110
111 public PortalRequestProcessor() {
112
113
114
115 _lastPaths = new HashSet<>();
116
117 _lastPaths.add(_PATH_PORTAL_LAYOUT);
118
119 addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
120
121
122
123 _publicPaths = new HashSet<>();
124
125 _publicPaths.add(_PATH_C);
126 _publicPaths.add(_PATH_PORTAL_API_JSONWS);
127 _publicPaths.add(_PATH_PORTAL_FLASH);
128 _publicPaths.add(_PATH_PORTAL_J_LOGIN);
129 _publicPaths.add(_PATH_PORTAL_LAYOUT);
130 _publicPaths.add(_PATH_PORTAL_LICENSE);
131 _publicPaths.add(_PATH_PORTAL_LOGIN);
132 _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
133 _publicPaths.add(_PATH_PORTAL_RESILIENCY);
134 _publicPaths.add(_PATH_PORTAL_TCK);
135 _publicPaths.add(_PATH_PORTAL_UPDATE_LANGUAGE);
136 _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
137 _publicPaths.add(_PATH_PORTAL_VERIFY_EMAIL_ADDRESS);
138 _publicPaths.add(PropsValues.AUTH_LOGIN_DISABLED_PATH);
139
140 _trackerIgnorePaths = new HashSet<>();
141
142 addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
143 }
144
145 @Override
146 public void process(
147 HttpServletRequest request, HttpServletResponse response)
148 throws IOException, ServletException {
149
150 String path = super.processPath(request, response);
151
152 ActionMapping actionMapping =
153 (ActionMapping)moduleConfig.findActionConfig(path);
154
155 Action action = StrutsActionRegistryUtil.getAction(path);
156
157 if ((actionMapping == null) && (action == null)) {
158 String lastPath = getLastPath(request);
159
160 if (_log.isDebugEnabled()) {
161 _log.debug("Last path " + lastPath);
162 }
163
164 response.sendRedirect(lastPath);
165
166 return;
167 }
168
169 super.process(request, response);
170
171 try {
172 if (isPortletPath(path)) {
173 cleanUp(request);
174 }
175 }
176 catch (Exception e) {
177 _log.error(e, e);
178 }
179 }
180
181 protected void addPaths(Set<String> paths, String propsKey) {
182 String[] pathsArray = PropsUtil.getArray(propsKey);
183
184 for (String path : pathsArray) {
185 paths.add(path);
186 }
187 }
188
189 protected void callParentDoForward(
190 String uri, HttpServletRequest request,
191 HttpServletResponse response)
192 throws IOException, ServletException {
193
194 super.doForward(uri, request, response);
195 }
196
197 protected HttpServletRequest callParentProcessMultipart(
198 HttpServletRequest request) {
199
200 return super.processMultipart(request);
201 }
202
203 protected String callParentProcessPath(
204 HttpServletRequest request, HttpServletResponse response)
205 throws IOException {
206
207 return super.processPath(request, response);
208 }
209
210 protected boolean callParentProcessRoles(
211 HttpServletRequest request, HttpServletResponse response,
212 ActionMapping actionMapping)
213 throws IOException, ServletException {
214
215 return super.processRoles(request, response, actionMapping);
216 }
217
218 protected void cleanUp(HttpServletRequest request) throws Exception {
219
220
221
222
223 RenderRequestImpl renderRequestImpl =
224 (RenderRequestImpl)request.getAttribute(
225 JavaConstants.JAVAX_PORTLET_REQUEST);
226
227 if (renderRequestImpl != null) {
228 renderRequestImpl.cleanUp();
229 }
230 }
231
232 protected void defineObjects(
233 HttpServletRequest request, HttpServletResponse response,
234 Portlet portlet)
235 throws Exception {
236
237 String portletId = portlet.getPortletId();
238
239 ServletContext servletContext = (ServletContext)request.getAttribute(
240 WebKeys.CTX);
241
242 InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
243 portlet, servletContext);
244
245 PortletPreferencesIds portletPreferencesIds =
246 PortletPreferencesFactoryUtil.getPortletPreferencesIds(
247 request, portletId);
248
249 PortletPreferences portletPreferences =
250 PortletPreferencesLocalServiceUtil.getStrictPreferences(
251 portletPreferencesIds);
252
253 PortletConfig portletConfig = PortletConfigFactoryUtil.create(
254 portlet, servletContext);
255 PortletContext portletContext = portletConfig.getPortletContext();
256
257 RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
258 request, portlet, invokerPortlet, portletContext,
259 WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
260
261 RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
262 renderRequestImpl, response, portletId, portlet.getCompanyId());
263
264 renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
265
266 request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
267 }
268
269 @Override
270 protected void doForward(
271 String uri, HttpServletRequest request,
272 HttpServletResponse response)
273 throws ServletException {
274
275 StrutsUtil.forward(uri, getServletContext(), request, response);
276 }
277
278 @Override
279 protected void doInclude(
280 String uri, HttpServletRequest request,
281 HttpServletResponse response)
282 throws ServletException {
283
284 StrutsUtil.include(uri, getServletContext(), request, response);
285 }
286
287 protected String getFriendlyTrackerPath(
288 String path, ThemeDisplay themeDisplay, HttpServletRequest request)
289 throws Exception {
290
291 if (!path.equals(_PATH_PORTAL_LAYOUT)) {
292 return null;
293 }
294
295 long plid = ParamUtil.getLong(request, "p_l_id");
296
297 if (plid == 0) {
298 return null;
299 }
300
301 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
302
303 String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
304 layout, themeDisplay);
305
306 String portletId = ParamUtil.getString(request, "p_p_id");
307
308 if (Validator.isNull(portletId)) {
309 return layoutFriendlyURL;
310 }
311
312 long companyId = PortalUtil.getCompanyId(request);
313
314 Portlet portlet = PortletLocalServiceUtil.getPortletById(
315 companyId, portletId);
316
317 if (portlet == null) {
318 String strutsPath = path.substring(
319 1, path.lastIndexOf(CharPool.SLASH));
320
321 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
322 companyId, strutsPath);
323 }
324
325 if ((portlet == null) || !portlet.isActive()) {
326 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
327 request.getQueryString());
328 }
329
330 String namespace = PortalUtil.getPortletNamespace(portletId);
331
332 FriendlyURLMapper friendlyURLMapper =
333 portlet.getFriendlyURLMapperInstance();
334
335 if (friendlyURLMapper == null) {
336 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
337 request.getQueryString());
338 }
339
340 PortletURLImpl portletURL = new PortletURLImpl(
341 request, portletId, plid, PortletRequest.RENDER_PHASE);
342
343 Map<String, String[]> parameterMap = request.getParameterMap();
344
345 for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
346 String key = entry.getKey();
347
348 if (key.startsWith(namespace)) {
349 key = key.substring(namespace.length());
350
351 portletURL.setParameter(key, entry.getValue());
352 }
353 }
354
355 String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
356
357 if (portletFriendlyURL != null) {
358 return layoutFriendlyURL.concat(portletFriendlyURL);
359 }
360 else {
361 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
362 request.getQueryString());
363 }
364 }
365
366 protected String getLastPath(HttpServletRequest request) {
367 HttpSession session = request.getSession();
368
369 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
370 WebKeys.THEME_DISPLAY);
371
372 Boolean httpsInitial = (Boolean)session.getAttribute(
373 WebKeys.HTTPS_INITIAL);
374
375 String portalURL = null;
376
377 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
378 !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
379 (httpsInitial != null) && !httpsInitial.booleanValue()) {
380
381 portalURL = PortalUtil.getPortalURL(request, false);
382 }
383 else {
384 portalURL = PortalUtil.getPortalURL(request);
385 }
386
387 StringBundler sb = new StringBundler(7);
388
389 sb.append(portalURL);
390 sb.append(themeDisplay.getPathMain());
391 sb.append(_PATH_PORTAL_LAYOUT);
392
393 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
394 if (request.getRemoteUser() != null) {
395
396
397
398
399
400 sb.append(StringPool.QUESTION);
401 sb.append("p_l_id");
402 sb.append(StringPool.EQUAL);
403 sb.append(LayoutConstants.DEFAULT_PLID);
404 }
405
406 return sb.toString();
407 }
408
409 LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
410
411 if (lastPath == null) {
412 return sb.toString();
413 }
414
415 String parameters = lastPath.getParameters();
416
417
418
419
420 if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
421 ActionMapping actionMapping =
422 (ActionMapping)moduleConfig.findActionConfig(
423 lastPath.getPath());
424
425 if ((actionMapping == null) || parameters.isEmpty()) {
426 return sb.toString();
427 }
428 }
429
430 StringBundler lastPathSB = new StringBundler(4);
431
432 lastPathSB.append(portalURL);
433 lastPathSB.append(lastPath.getContextPath());
434 lastPathSB.append(lastPath.getPath());
435 lastPathSB.append(parameters);
436
437 return lastPathSB.toString();
438 }
439
440 protected boolean isPortletPath(String path) {
441 if ((path != null) && !path.equals(_PATH_C) &&
442 !path.startsWith(_PATH_COMMON) &&
443 !path.contains(_PATH_J_SECURITY_CHECK) &&
444 !path.startsWith(_PATH_PORTAL)) {
445
446 return true;
447 }
448 else {
449 return false;
450 }
451 }
452
453 protected boolean isPublicPath(String path) {
454 if ((path != null) &&
455 (_publicPaths.contains(path) || path.startsWith(_PATH_COMMON) ||
456 AuthPublicPathRegistry.contains(path))) {
457
458 return true;
459 }
460 else {
461 return false;
462 }
463 }
464
465 @Override
466 protected Action processActionCreate(
467 HttpServletRequest request, HttpServletResponse response,
468 ActionMapping actionMapping)
469 throws IOException {
470
471 ActionAdapter actionAdapter =
472 (ActionAdapter)StrutsActionRegistryUtil.getAction(
473 actionMapping.getPath());
474
475 if (actionAdapter != null) {
476 ActionConfig actionConfig = moduleConfig.findActionConfig(
477 actionMapping.getPath());
478
479 if (actionConfig != null) {
480 Action originalAction = super.processActionCreate(
481 request, response, actionMapping);
482
483 actionAdapter.setOriginalAction(originalAction);
484 }
485
486 return actionAdapter;
487 }
488
489 return super.processActionCreate(request, response, actionMapping);
490 }
491
492 @Override
493 protected ActionMapping processMapping(
494 HttpServletRequest request, HttpServletResponse response,
495 String path)
496 throws IOException {
497
498 if (path == null) {
499 return null;
500 }
501
502 Action action = StrutsActionRegistryUtil.getAction(path);
503
504 if (action != null) {
505 ActionMapping actionMapping =
506 (ActionMapping)moduleConfig.findActionConfig(path);
507
508 if (actionMapping == null) {
509 actionMapping = new ActionMapping();
510
511 actionMapping.setModuleConfig(moduleConfig);
512 actionMapping.setPath(path);
513
514 request.setAttribute(Globals.MAPPING_KEY, actionMapping);
515 }
516
517 return actionMapping;
518 }
519
520 ActionMapping actionMapping = super.processMapping(
521 request, response, path);
522
523 if (actionMapping == null) {
524 MessageResources messageResources = getInternal();
525
526 String msg = messageResources.getMessage("processInvalid");
527
528 _log.error("User ID " + request.getRemoteUser());
529 _log.error("Current URL " + PortalUtil.getCurrentURL(request));
530 _log.error("Referer " + request.getHeader("Referer"));
531 _log.error("Remote address " + request.getRemoteAddr());
532
533 _log.error(msg + " " + path);
534 }
535
536 return actionMapping;
537 }
538
539 @Override
540 protected HttpServletRequest processMultipart(HttpServletRequest request) {
541
542
543
544 return request;
545 }
546
547 @Override
548 protected String processPath(
549 HttpServletRequest request, HttpServletResponse response)
550 throws IOException {
551
552 String path = GetterUtil.getString(
553 super.processPath(request, response));
554
555 HttpSession session = request.getSession();
556
557 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
558 WebKeys.THEME_DISPLAY);
559
560
561
562 UserTracker userTracker = LiveUsers.getUserTracker(
563 themeDisplay.getCompanyId(), session.getId());
564
565 if ((userTracker != null) && !path.equals(_PATH_C) &&
566 !path.contains(_PATH_J_SECURITY_CHECK) &&
567 !path.contains(_PATH_PORTAL_PROTECTED) &&
568 !_trackerIgnorePaths.contains(path)) {
569
570 String fullPath = null;
571
572 try {
573 if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
574 fullPath = getFriendlyTrackerPath(
575 path, themeDisplay, request);
576 }
577 }
578 catch (Exception e) {
579 _log.error(e, e);
580 }
581
582 String fullPathWithoutQueryString = fullPath;
583
584 if (Validator.isNull(fullPath)) {
585 String queryString = request.getQueryString();
586
587 fullPathWithoutQueryString = path;
588
589 if (Validator.isNotNull(queryString)) {
590 fullPath = path.concat(StringPool.QUESTION).concat(
591 queryString);
592 }
593 else {
594 fullPath = path;
595 }
596 }
597
598 int pos = fullPathWithoutQueryString.indexOf(StringPool.QUESTION);
599
600 if (pos != -1) {
601 fullPathWithoutQueryString =
602 fullPathWithoutQueryString.substring(0, pos);
603 }
604
605 if (!_trackerIgnorePaths.contains(fullPathWithoutQueryString)) {
606 UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
607
608 userTrackerPath.setUserTrackerId(
609 userTracker.getUserTrackerId());
610 userTrackerPath.setPath(fullPath);
611 userTrackerPath.setPathDate(new Date());
612
613 userTracker.addPath(userTrackerPath);
614 }
615 }
616
617 String remoteUser = request.getRemoteUser();
618
619 User user = null;
620
621 try {
622 user = PortalUtil.getUser(request);
623 }
624 catch (Exception e) {
625 }
626
627
628
629 if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
630 boolean saveLastPath = ParamUtil.getBoolean(
631 request, "saveLastPath", true);
632
633 if (themeDisplay.isLifecycleResource() ||
634 themeDisplay.isStateExclusive() ||
635 themeDisplay.isStatePopUp() ||
636 !StringUtil.equalsIgnoreCase(
637 request.getMethod(), HttpMethods.GET)) {
638
639 saveLastPath = false;
640 }
641
642
643
644 if (saveLastPath) {
645
646
647
648
649 LastPath lastPath = (LastPath)request.getAttribute(
650 WebKeys.LAST_PATH);
651
652 if (lastPath == null) {
653 lastPath = new LastPath(
654 themeDisplay.getPathMain(), path,
655 HttpUtil.parameterMapToString(
656 request.getParameterMap()));
657 }
658
659 session.setAttribute(WebKeys.LAST_PATH, lastPath);
660 }
661 }
662
663
664
665 if (PropsValues.SETUP_WIZARD_ENABLED) {
666 if (!path.equals(_PATH_PORTAL_LICENSE) &&
667 !path.equals(_PATH_PORTAL_STATUS)) {
668
669 return _PATH_PORTAL_SETUP_WIZARD;
670 }
671 }
672 else if (path.equals(_PATH_PORTAL_SETUP_WIZARD)) {
673 return _PATH_PORTAL_LAYOUT;
674 }
675
676
677
678 if (((remoteUser != null) || (user != null)) &&
679 path.equals(_PATH_PORTAL_LOGOUT)) {
680
681 return path;
682 }
683
684
685
686 if (((remoteUser != null) || (user != null)) &&
687 (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
688 path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
689
690 return path;
691 }
692
693
694
695 if (((remoteUser != null) || (user != null)) &&
696 path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE)) {
697
698 return path;
699 }
700
701
702
703 if ((remoteUser != null) && (user == null)) {
704 return _PATH_PORTAL_LOGOUT;
705 }
706
707
708
709 if ((user != null) && !user.isActive()) {
710 SessionErrors.add(request, UserActiveException.class.getName());
711
712 return _PATH_PORTAL_ERROR;
713 }
714
715 long companyId = PortalUtil.getCompanyId(request);
716 String portletId = ParamUtil.getString(request, "p_p_id");
717
718 if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
719 !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
720 !ParamUtil.getBoolean(request, "wsrp") &&
721 !themeDisplay.isImpersonated() &&
722 !InterruptedPortletRequestWhitelistUtil.
723 isPortletInvocationWhitelisted(
724 companyId, portletId,
725 PortalUtil.getStrutsAction(request))) {
726
727
728
729 if ((user != null) && !user.isTermsOfUseComplete()) {
730 return _PATH_PORTAL_TERMS_OF_USE;
731 }
732
733
734
735 if ((user != null) && !user.isEmailAddressVerificationComplete()) {
736 if (path.equals(_PATH_PORTAL_UPDATE_EMAIL_ADDRESS)) {
737 return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
738 }
739
740 return _PATH_PORTAL_VERIFY_EMAIL_ADDRESS;
741 }
742
743
744
745 if ((user != null) && user.isPasswordReset()) {
746 try {
747 PasswordPolicy passwordPolicy = user.getPasswordPolicy();
748
749 if ((passwordPolicy == null) ||
750 passwordPolicy.isChangeRequired()) {
751
752 return _PATH_PORTAL_UPDATE_PASSWORD;
753 }
754 }
755 catch (Exception e) {
756 _log.error(e, e);
757
758 return _PATH_PORTAL_UPDATE_PASSWORD;
759 }
760 }
761 else if ((user != null) && !user.isPasswordReset() &&
762 path.equals(_PATH_PORTAL_UPDATE_PASSWORD)) {
763
764 return null;
765 }
766
767
768
769 if ((user != null) && !user.isEmailAddressComplete()) {
770 return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
771 }
772
773
774
775 if ((user != null) && !user.isDefaultUser() &&
776 !user.isReminderQueryComplete()) {
777
778 return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
779 }
780 }
781
782
783
784 if (!isPublicPath(path)) {
785 if (user == null) {
786 SessionErrors.add(request, PrincipalException.class.getName());
787
788 return _PATH_PORTAL_LOGIN;
789 }
790 }
791
792 ActionMapping actionMapping =
793 (ActionMapping)moduleConfig.findActionConfig(path);
794
795 if (actionMapping == null) {
796 Action strutsAction = StrutsActionRegistryUtil.getAction(path);
797
798 if (strutsAction == null) {
799 return null;
800 }
801 }
802 else {
803 path = actionMapping.getPath();
804 }
805
806
807
808 if (isPortletPath(path)) {
809 try {
810 Portlet portlet = null;
811
812 if (Validator.isNotNull(portletId)) {
813 portlet = PortletLocalServiceUtil.getPortletById(
814 companyId, portletId);
815 }
816
817 if (portlet == null) {
818 String strutsPath = path.substring(
819 1, path.lastIndexOf(CharPool.SLASH));
820
821 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
822 companyId, strutsPath);
823 }
824
825 if ((portlet != null) && portlet.isActive()) {
826 defineObjects(request, response, portlet);
827 }
828 }
829 catch (Exception e) {
830 request.setAttribute(PageContext.EXCEPTION, e);
831
832 path = _PATH_COMMON_ERROR;
833 }
834 }
835
836
837
838 if (SessionErrors.contains(
839 request, LayoutPermissionException.class.getName())) {
840
841 return _PATH_PORTAL_ERROR;
842 }
843
844 return path;
845 }
846
847 @Override
848 protected void processPopulate(
849 HttpServletRequest request, HttpServletResponse response,
850 ActionForm actionForm, ActionMapping actionMapping)
851 throws ServletException {
852
853 if (actionForm == null) {
854 return;
855 }
856
857 boolean hasIgnoredParameter = false;
858
859 Map<String, String[]> oldParameterMap = request.getParameterMap();
860
861 Map<String, String[]> newParameterMap = new LinkedHashMap<>(
862 oldParameterMap.size());
863
864 for (Map.Entry<String, String[]> entry : oldParameterMap.entrySet()) {
865 String name = entry.getKey();
866
867 Matcher matcher = _strutsPortletIgnoredParamtersPattern.matcher(
868 name);
869
870 if (matcher.matches()) {
871 hasIgnoredParameter = true;
872 }
873 else {
874 newParameterMap.put(name, entry.getValue());
875 }
876 }
877
878 if (hasIgnoredParameter) {
879 request = new DynamicServletRequest(
880 request, newParameterMap, false);
881 }
882
883 super.processPopulate(request, response, actionForm, actionMapping);
884 }
885
886 @Override
887 protected boolean processRoles(
888 HttpServletRequest request, HttpServletResponse response,
889 ActionMapping actionMapping)
890 throws IOException, ServletException {
891
892 String path = actionMapping.getPath();
893
894 if (isPublicPath(path)) {
895 return true;
896 }
897
898 boolean authorized = true;
899
900 User user = null;
901
902 try {
903 user = PortalUtil.getUser(request);
904 }
905 catch (Exception e) {
906 }
907
908 if ((user != null) && isPortletPath(path)) {
909 try {
910
911
912
913 if (path.equals(_PATH_PORTAL_LOGOUT)) {
914 return true;
915 }
916
917 Portlet portlet = null;
918
919 String portletId = ParamUtil.getString(request, "p_p_id");
920
921 if (Validator.isNotNull(portletId)) {
922 portlet = PortletLocalServiceUtil.getPortletById(
923 user.getCompanyId(), portletId);
924 }
925
926 String strutsPath = path.substring(
927 1, path.lastIndexOf(CharPool.SLASH));
928
929 if (portlet != null) {
930 if (!strutsPath.equals(portlet.getStrutsPath())) {
931 throw new PrincipalException.MustBePortletStrutsPath(
932 strutsPath, portletId);
933 }
934 }
935 else {
936 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
937 user.getCompanyId(), strutsPath);
938 }
939
940 if ((portlet != null) && portlet.isActive() &&
941 !portlet.isSystem()) {
942
943 ThemeDisplay themeDisplay =
944 (ThemeDisplay)request.getAttribute(
945 WebKeys.THEME_DISPLAY);
946
947 Layout layout = themeDisplay.getLayout();
948 PermissionChecker permissionChecker =
949 themeDisplay.getPermissionChecker();
950
951 if (!PortletPermissionUtil.contains(
952 permissionChecker, layout, portlet,
953 ActionKeys.VIEW)) {
954
955 throw new PrincipalException.MustHavePermission(
956 permissionChecker, Portlet.class.getName(),
957 portlet.getPortletId(), ActionKeys.VIEW);
958 }
959 }
960 else if ((portlet != null) && !portlet.isActive()) {
961 SessionErrors.add(
962 request, PortletActiveException.class.getName());
963
964 authorized = false;
965 }
966 }
967 catch (Exception e) {
968 SessionErrors.add(request, PrincipalException.class.getName());
969
970 authorized = false;
971 }
972 }
973
974 if (!authorized) {
975 ForwardConfig forwardConfig = actionMapping.findForward(
976 _PATH_PORTAL_ERROR);
977
978 processForwardConfig(request, response, forwardConfig);
979
980 return false;
981 }
982 else {
983 return true;
984 }
985 }
986
987 private static final String _PATH_C = "/c";
988
989 private static final String _PATH_COMMON = "/common";
990
991 private static final String _PATH_COMMON_ERROR = "/common/error";
992
993 private static final String _PATH_J_SECURITY_CHECK = "/j_security_check";
994
995 private static final String _PATH_PORTAL = "/portal";
996
997 private static final String _PATH_PORTAL_API_JSONWS = "/portal/api/jsonws";
998
999 private static final String _PATH_PORTAL_ERROR = "/portal/error";
1000
1001 private static final String _PATH_PORTAL_EXPIRE_SESSION =
1002 "/portal/expire_session";
1003
1004 private static final String _PATH_PORTAL_EXTEND_SESSION =
1005 "/portal/extend_session";
1006
1007 private static final String _PATH_PORTAL_FLASH = "/portal/flash";
1008
1009 private static final String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
1010
1011 private static final String _PATH_PORTAL_JSON_SERVICE =
1012 "/portal/json_service";
1013
1014 private static final String _PATH_PORTAL_LAYOUT = "/portal/layout";
1015
1016 private static final String _PATH_PORTAL_LICENSE = "/portal/license";
1017
1018 private static final String _PATH_PORTAL_LOGIN = "/portal/login";
1019
1020 private static final String _PATH_PORTAL_LOGOUT = "/portal/logout";
1021
1022 private static final String _PATH_PORTAL_PROTECTED = "/portal/protected";
1023
1024 private static final String _PATH_PORTAL_RENDER_PORTLET =
1025 "/portal/render_portlet";
1026
1027 private static final String _PATH_PORTAL_RESILIENCY = "/portal/resiliency";
1028
1029 private static final String _PATH_PORTAL_SETUP_WIZARD =
1030 "/portal/setup_wizard";
1031
1032 private static final String _PATH_PORTAL_STATUS = "/portal/status";
1033
1034 private static final String _PATH_PORTAL_TCK = "/portal/tck";
1035
1036 private static final String _PATH_PORTAL_TERMS_OF_USE =
1037 "/portal/terms_of_use";
1038
1039 private static final String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
1040 "/portal/update_email_address";
1041
1042 private static final String _PATH_PORTAL_UPDATE_LANGUAGE =
1043 "/portal/update_language";
1044
1045 private static final String _PATH_PORTAL_UPDATE_PASSWORD =
1046 "/portal/update_password";
1047
1048 private static final String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
1049 "/portal/update_reminder_query";
1050
1051 private static final String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
1052 "/portal/update_terms_of_use";
1053
1054 private static final String _PATH_PORTAL_VERIFY_EMAIL_ADDRESS =
1055 "/portal/verify_email_address";
1056
1057 private static final Log _log = LogFactoryUtil.getLog(
1058 PortalRequestProcessor.class);
1059
1060 private static final Pattern _strutsPortletIgnoredParamtersPattern =
1061 Pattern.compile(PropsValues.STRUTS_PORTLET_IGNORED_PARAMETERS_REGEXP);
1062
1063 private final Set<String> _lastPaths;
1064 private final Set<String> _publicPaths;
1065 private final Set<String> _trackerIgnorePaths;
1066
1067 }