001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.CookieKeys;
020 import com.liferay.portal.kernel.util.GetterUtil;
021 import com.liferay.portal.kernel.util.KeyValuePair;
022 import com.liferay.portal.kernel.util.StringPool;
023 import com.liferay.portal.kernel.util.Validator;
024 import com.liferay.portal.model.Company;
025 import com.liferay.portal.model.User;
026 import com.liferay.portal.service.UserLocalServiceUtil;
027 import com.liferay.portal.util.PortalUtil;
028
029 import javax.servlet.http.Cookie;
030 import javax.servlet.http.HttpServletRequest;
031 import javax.servlet.http.HttpServletResponse;
032
033
036 public class RememberMeAutoLogin extends BaseAutoLogin {
037
038 @Override
039 protected String[] doHandleException(
040 HttpServletRequest request, HttpServletResponse response,
041 Exception e)
042 throws AutoLoginException {
043
044 if (_log.isWarnEnabled()) {
045 _log.warn(e, e);
046 }
047
048 removeCookies(request, response);
049
050 throw new AutoLoginException(e);
051 }
052
053 @Override
054 protected String[] doLogin(
055 HttpServletRequest request, HttpServletResponse response)
056 throws Exception {
057
058 String autoUserId = CookieKeys.getCookie(request, CookieKeys.ID, false);
059 String autoPassword = CookieKeys.getCookie(
060 request, CookieKeys.PASSWORD, false);
061 String rememberMe = CookieKeys.getCookie(
062 request, CookieKeys.REMEMBER_ME, false);
063
064
065
066 String proxyPath = PortalUtil.getPathProxy();
067 String contextPath = PortalUtil.getPathContext();
068
069 if (proxyPath.equals(contextPath)) {
070 if (Validator.isNotNull(request.getContextPath())) {
071 rememberMe = Boolean.TRUE.toString();
072 }
073 }
074 else {
075 if (!contextPath.equals(request.getContextPath())) {
076 rememberMe = Boolean.TRUE.toString();
077 }
078 }
079
080 String[] credentials = null;
081
082 if (Validator.isNotNull(autoUserId) &&
083 Validator.isNotNull(autoPassword) &&
084 Validator.isNotNull(rememberMe)) {
085
086 Company company = PortalUtil.getCompany(request);
087
088 KeyValuePair kvp = null;
089
090 if (company.isAutoLogin()) {
091 kvp = UserLocalServiceUtil.decryptUserId(
092 company.getCompanyId(), autoUserId, autoPassword);
093
094 credentials = new String[3];
095
096 credentials[0] = kvp.getKey();
097 credentials[1] = kvp.getValue();
098 credentials[2] = Boolean.FALSE.toString();
099 }
100 }
101
102
103
104 if (credentials != null) {
105 Company company = PortalUtil.getCompany(request);
106
107 User defaultUser = UserLocalServiceUtil.getDefaultUser(
108 company.getCompanyId());
109
110 long userId = GetterUtil.getLong(credentials[0]);
111
112 if (defaultUser.getUserId() == userId) {
113 removeCookies(request, response);
114
115 return null;
116 }
117 }
118
119 return credentials;
120 }
121
122 protected void removeCookies(
123 HttpServletRequest request, HttpServletResponse response) {
124
125 Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
126
127 cookie.setMaxAge(0);
128 cookie.setPath(StringPool.SLASH);
129
130 CookieKeys.addCookie(request, response, cookie);
131
132 cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
133
134 cookie.setMaxAge(0);
135 cookie.setPath(StringPool.SLASH);
136
137 CookieKeys.addCookie(request, response, cookie);
138 }
139
140 private static final Log _log = LogFactoryUtil.getLog(
141 RememberMeAutoLogin.class);
142
143 }