001
014
015 package com.liferay.portlet.login.action;
016
017 import com.liferay.portal.CompanyMaxUsersException;
018 import com.liferay.portal.CookieNotSupportedException;
019 import com.liferay.portal.NoSuchUserException;
020 import com.liferay.portal.PasswordExpiredException;
021 import com.liferay.portal.UserEmailAddressException;
022 import com.liferay.portal.UserIdException;
023 import com.liferay.portal.UserLockoutException;
024 import com.liferay.portal.UserPasswordException;
025 import com.liferay.portal.UserScreenNameException;
026 import com.liferay.portal.kernel.log.Log;
027 import com.liferay.portal.kernel.log.LogFactoryUtil;
028 import com.liferay.portal.kernel.servlet.SessionErrors;
029 import com.liferay.portal.kernel.util.Http;
030 import com.liferay.portal.kernel.util.HttpUtil;
031 import com.liferay.portal.kernel.util.ParamUtil;
032 import com.liferay.portal.kernel.util.Validator;
033 import com.liferay.portal.model.Layout;
034 import com.liferay.portal.security.auth.AuthException;
035 import com.liferay.portal.struts.PortletAction;
036 import com.liferay.portal.theme.ThemeDisplay;
037 import com.liferay.portal.util.PortalUtil;
038 import com.liferay.portal.util.PortletKeys;
039 import com.liferay.portal.util.PropsValues;
040 import com.liferay.portal.util.WebKeys;
041 import com.liferay.portlet.PortletPreferencesFactoryUtil;
042 import com.liferay.portlet.PortletURLImpl;
043 import com.liferay.portlet.login.util.LoginUtil;
044
045 import javax.portlet.ActionRequest;
046 import javax.portlet.ActionResponse;
047 import javax.portlet.PortletConfig;
048 import javax.portlet.PortletPreferences;
049 import javax.portlet.PortletRequest;
050 import javax.portlet.PortletURL;
051 import javax.portlet.RenderRequest;
052 import javax.portlet.RenderResponse;
053 import javax.portlet.WindowState;
054
055 import javax.servlet.http.HttpServletRequest;
056 import javax.servlet.http.HttpServletResponse;
057 import javax.servlet.http.HttpSession;
058
059 import org.apache.struts.action.ActionForm;
060 import org.apache.struts.action.ActionForward;
061 import org.apache.struts.action.ActionMapping;
062
063
066 public class LoginAction extends PortletAction {
067
068 @Override
069 public void processAction(
070 ActionMapping actionMapping, ActionForm actionForm,
071 PortletConfig portletConfig, ActionRequest actionRequest,
072 ActionResponse actionResponse)
073 throws Exception {
074
075 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
076 WebKeys.THEME_DISPLAY);
077
078 if (PropsValues.AUTH_LOGIN_DISABLED) {
079 actionResponse.sendRedirect(
080 themeDisplay.getPathMain() +
081 PropsValues.AUTH_LOGIN_DISABLED_PATH);
082
083 return;
084 }
085
086
091
092 try {
093 login(themeDisplay, actionRequest, actionResponse);
094
095 boolean doActionAfterLogin = ParamUtil.getBoolean(
096 actionRequest, "doActionAfterLogin");
097
098 if (doActionAfterLogin) {
099 setForward(actionRequest, "portlet.login.login_redirect");
100 }
101 }
102 catch (Exception e) {
103 if (e instanceof AuthException) {
104 Throwable cause = e.getCause();
105
106 if (cause instanceof PasswordExpiredException ||
107 cause instanceof UserLockoutException) {
108
109 SessionErrors.add(actionRequest, cause.getClass());
110 }
111 else {
112 if (_log.isInfoEnabled()) {
113 _log.info("Authentication failed");
114 }
115
116 SessionErrors.add(actionRequest, e.getClass());
117 }
118 }
119 else if (e instanceof CompanyMaxUsersException ||
120 e instanceof CookieNotSupportedException ||
121 e instanceof NoSuchUserException ||
122 e instanceof PasswordExpiredException ||
123 e instanceof UserEmailAddressException ||
124 e instanceof UserIdException ||
125 e instanceof UserLockoutException ||
126 e instanceof UserPasswordException ||
127 e instanceof UserScreenNameException) {
128
129 SessionErrors.add(actionRequest, e.getClass());
130 }
131 else {
132 _log.error(e, e);
133
134 PortalUtil.sendError(e, actionRequest, actionResponse);
135
136 return;
137 }
138
139 postProcessAuthFailure(actionRequest, actionResponse);
140 }
141 }
142
143 @Override
144 public ActionForward render(
145 ActionMapping actionMapping, ActionForm actionForm,
146 PortletConfig portletConfig, RenderRequest renderRequest,
147 RenderResponse renderResponse)
148 throws Exception {
149
150 return actionMapping.findForward(
151 getForward(renderRequest, "portlet.login.login"));
152 }
153
154 protected String getCompleteRedirectURL(
155 HttpServletRequest request, String redirect) {
156
157 HttpSession session = request.getSession();
158
159 Boolean httpsInitial = (Boolean)session.getAttribute(
160 WebKeys.HTTPS_INITIAL);
161
162 String portalURL = null;
163
164 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
165 !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
166 (httpsInitial != null) && !httpsInitial.booleanValue()) {
167
168 portalURL = PortalUtil.getPortalURL(request, false);
169 }
170 else {
171 portalURL = PortalUtil.getPortalURL(request);
172 }
173
174 return portalURL.concat(redirect);
175 }
176
177 @Override
178 protected boolean isCheckMethodOnProcessAction() {
179 return _CHECK_METHOD_ON_PROCESS_ACTION;
180 }
181
182 protected void login(
183 ThemeDisplay themeDisplay, ActionRequest actionRequest,
184 ActionResponse actionResponse)
185 throws Exception {
186
187 HttpServletRequest request = PortalUtil.getHttpServletRequest(
188 actionRequest);
189 HttpServletResponse response = PortalUtil.getHttpServletResponse(
190 actionResponse);
191
192 String login = ParamUtil.getString(actionRequest, "login");
193 String password = actionRequest.getParameter("password");
194 boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
195
196 if (!themeDisplay.isSignedIn()) {
197 PortletPreferences portletPreferences =
198 PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
199
200 String authType = portletPreferences.getValue("authType", null);
201
202 LoginUtil.login(
203 request, response, login, password, rememberMe, authType);
204 }
205
206 String redirect = ParamUtil.getString(actionRequest, "redirect");
207
208 if (Validator.isNotNull(redirect)) {
209 redirect = PortalUtil.escapeRedirect(redirect);
210
211 if (Validator.isNotNull(redirect) &&
212 !redirect.startsWith(Http.HTTP)) {
213
214 redirect = getCompleteRedirectURL(request, redirect);
215 }
216 }
217
218 String mainPath = themeDisplay.getPathMain();
219
220 if (PropsValues.PORTAL_JAAS_ENABLE) {
221 if (Validator.isNotNull(redirect)) {
222 redirect = mainPath.concat(
223 "/portal/protected?redirect=").concat(
224 HttpUtil.encodeURL(redirect));
225 }
226 else {
227 redirect = mainPath.concat("/portal/protected");
228 }
229
230 actionResponse.sendRedirect(redirect);
231 }
232 else {
233 if (Validator.isNotNull(redirect)) {
234 actionResponse.sendRedirect(redirect);
235 }
236 else {
237 boolean doActionAfterLogin = ParamUtil.getBoolean(
238 actionRequest, "doActionAfterLogin");
239
240 if (doActionAfterLogin) {
241 return;
242 }
243 else {
244 actionResponse.sendRedirect(mainPath);
245 }
246 }
247 }
248 }
249
250 protected void postProcessAuthFailure(
251 ActionRequest actionRequest, ActionResponse actionResponse)
252 throws Exception {
253
254 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
255
256 PortletURL portletURL = new PortletURLImpl(
257 actionRequest, PortletKeys.LOGIN, layout.getPlid(),
258 PortletRequest.RENDER_PHASE);
259
260 portletURL.setParameter("saveLastPath", Boolean.FALSE.toString());
261
262 String redirect = ParamUtil.getString(actionRequest, "redirect");
263
264 if (Validator.isNotNull(redirect)) {
265 portletURL.setParameter("redirect", redirect);
266 }
267
268 String login = ParamUtil.getString(actionRequest, "login");
269
270 if (Validator.isNotNull(login)) {
271 portletURL.setParameter("login", login);
272 }
273
274 portletURL.setWindowState(WindowState.MAXIMIZED);
275
276 actionResponse.sendRedirect(portletURL.toString());
277 }
278
279 private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
280
281 private static final Log _log = LogFactoryUtil.getLog(LoginAction.class);
282
283 }