001
014
015 package com.liferay.portal.struts;
016
017 import com.liferay.portal.LayoutPermissionException;
018 import com.liferay.portal.PortletActiveException;
019 import com.liferay.portal.UserActiveException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
023 import com.liferay.portal.kernel.servlet.DynamicServletRequest;
024 import com.liferay.portal.kernel.servlet.HttpMethods;
025 import com.liferay.portal.kernel.servlet.SessionErrors;
026 import com.liferay.portal.kernel.struts.LastPath;
027 import com.liferay.portal.kernel.util.CharPool;
028 import com.liferay.portal.kernel.util.GetterUtil;
029 import com.liferay.portal.kernel.util.HttpUtil;
030 import com.liferay.portal.kernel.util.JavaConstants;
031 import com.liferay.portal.kernel.util.ParamUtil;
032 import com.liferay.portal.kernel.util.PropsKeys;
033 import com.liferay.portal.kernel.util.StringBundler;
034 import com.liferay.portal.kernel.util.StringPool;
035 import com.liferay.portal.kernel.util.StringUtil;
036 import com.liferay.portal.kernel.util.Validator;
037 import com.liferay.portal.liveusers.LiveUsers;
038 import com.liferay.portal.model.Layout;
039 import com.liferay.portal.model.LayoutConstants;
040 import com.liferay.portal.model.PasswordPolicy;
041 import com.liferay.portal.model.Portlet;
042 import com.liferay.portal.model.PortletPreferencesIds;
043 import com.liferay.portal.model.User;
044 import com.liferay.portal.model.UserTracker;
045 import com.liferay.portal.model.UserTrackerPath;
046 import com.liferay.portal.security.auth.InterruptedPortletRequestWhitelistUtil;
047 import com.liferay.portal.security.auth.PrincipalException;
048 import com.liferay.portal.security.permission.ActionKeys;
049 import com.liferay.portal.security.permission.PermissionChecker;
050 import com.liferay.portal.service.LayoutLocalServiceUtil;
051 import com.liferay.portal.service.PortletLocalServiceUtil;
052 import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
053 import com.liferay.portal.service.permission.PortletPermissionUtil;
054 import com.liferay.portal.service.persistence.UserTrackerPathUtil;
055 import com.liferay.portal.theme.ThemeDisplay;
056 import com.liferay.portal.util.PortalUtil;
057 import com.liferay.portal.util.PropsUtil;
058 import com.liferay.portal.util.PropsValues;
059 import com.liferay.portal.util.WebKeys;
060 import com.liferay.portlet.InvokerPortlet;
061 import com.liferay.portlet.PortletConfigFactoryUtil;
062 import com.liferay.portlet.PortletInstanceFactoryUtil;
063 import com.liferay.portlet.PortletPreferencesFactoryUtil;
064 import com.liferay.portlet.PortletURLImpl;
065 import com.liferay.portlet.RenderRequestFactory;
066 import com.liferay.portlet.RenderRequestImpl;
067 import com.liferay.portlet.RenderResponseFactory;
068 import com.liferay.portlet.RenderResponseImpl;
069
070 import java.io.IOException;
071
072 import java.util.Date;
073 import java.util.HashSet;
074 import java.util.LinkedHashMap;
075 import java.util.Map;
076 import java.util.Set;
077 import java.util.regex.Matcher;
078 import java.util.regex.Pattern;
079
080 import javax.portlet.PortletConfig;
081 import javax.portlet.PortletContext;
082 import javax.portlet.PortletMode;
083 import javax.portlet.PortletPreferences;
084 import javax.portlet.PortletRequest;
085 import javax.portlet.WindowState;
086
087 import javax.servlet.ServletContext;
088 import javax.servlet.ServletException;
089 import javax.servlet.http.HttpServletRequest;
090 import javax.servlet.http.HttpServletResponse;
091 import javax.servlet.http.HttpSession;
092 import javax.servlet.jsp.PageContext;
093
094 import org.apache.struts.Globals;
095 import org.apache.struts.action.Action;
096 import org.apache.struts.action.ActionForm;
097 import org.apache.struts.action.ActionMapping;
098 import org.apache.struts.config.ActionConfig;
099 import org.apache.struts.config.ForwardConfig;
100 import org.apache.struts.tiles.TilesRequestProcessor;
101 import org.apache.struts.util.MessageResources;
102
103
109 public class PortalRequestProcessor extends TilesRequestProcessor {
110
111 public PortalRequestProcessor() {
112
113
114
115 _lastPaths = new HashSet<>();
116
117 _lastPaths.add(_PATH_PORTAL_LAYOUT);
118
119 addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
120
121
122
123 _publicPaths = new HashSet<>();
124
125 _publicPaths.add(_PATH_C);
126 _publicPaths.add(_PATH_PORTAL_API_JSONWS);
127 _publicPaths.add(_PATH_PORTAL_FLASH);
128 _publicPaths.add(_PATH_PORTAL_J_LOGIN);
129 _publicPaths.add(_PATH_PORTAL_LAYOUT);
130 _publicPaths.add(_PATH_PORTAL_LICENSE);
131 _publicPaths.add(_PATH_PORTAL_LOGIN);
132 _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
133 _publicPaths.add(_PATH_PORTAL_RESILIENCY);
134 _publicPaths.add(_PATH_PORTAL_TCK);
135 _publicPaths.add(_PATH_PORTAL_UPDATE_LANGUAGE);
136 _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
137 _publicPaths.add(_PATH_PORTAL_VERIFY_EMAIL_ADDRESS);
138 _publicPaths.add(PropsValues.AUTH_LOGIN_DISABLED_PATH);
139
140 _trackerIgnorePaths = new HashSet<>();
141
142 addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
143 }
144
145 @Override
146 public void process(
147 HttpServletRequest request, HttpServletResponse response)
148 throws IOException, ServletException {
149
150 HttpSession session = request.getSession();
151
152 Boolean basicAuthEnabled = (Boolean)session.getAttribute(
153 WebKeys.BASIC_AUTH_ENABLED);
154
155 if (basicAuthEnabled != null) {
156 session.removeAttribute(WebKeys.BASIC_AUTH_ENABLED);
157 }
158
159 String path = super.processPath(request, response);
160
161 ActionMapping actionMapping =
162 (ActionMapping)moduleConfig.findActionConfig(path);
163
164 Action action = StrutsActionRegistryUtil.getAction(path);
165
166 if (((basicAuthEnabled != null) && basicAuthEnabled.booleanValue()) ||
167 ((actionMapping == null) && (action == null))) {
168
169 String lastPath = getLastPath(request);
170
171 if (_log.isDebugEnabled()) {
172 _log.debug("Last path " + lastPath);
173 }
174
175 response.sendRedirect(lastPath);
176
177 return;
178 }
179
180 super.process(request, response);
181
182 try {
183 if (isPortletPath(path)) {
184 cleanUp(request);
185 }
186 }
187 catch (Exception e) {
188 _log.error(e, e);
189 }
190 }
191
192 protected void addPaths(Set<String> paths, String propsKey) {
193 String[] pathsArray = PropsUtil.getArray(propsKey);
194
195 for (String path : pathsArray) {
196 paths.add(path);
197 }
198 }
199
200 protected void callParentDoForward(
201 String uri, HttpServletRequest request,
202 HttpServletResponse response)
203 throws IOException, ServletException {
204
205 super.doForward(uri, request, response);
206 }
207
208 protected HttpServletRequest callParentProcessMultipart(
209 HttpServletRequest request) {
210
211 return super.processMultipart(request);
212 }
213
214 protected String callParentProcessPath(
215 HttpServletRequest request, HttpServletResponse response)
216 throws IOException {
217
218 return super.processPath(request, response);
219 }
220
221 protected boolean callParentProcessRoles(
222 HttpServletRequest request, HttpServletResponse response,
223 ActionMapping actionMapping)
224 throws IOException, ServletException {
225
226 return super.processRoles(request, response, actionMapping);
227 }
228
229 protected void cleanUp(HttpServletRequest request) throws Exception {
230
231
232
233
234 RenderRequestImpl renderRequestImpl =
235 (RenderRequestImpl)request.getAttribute(
236 JavaConstants.JAVAX_PORTLET_REQUEST);
237
238 if (renderRequestImpl != null) {
239 renderRequestImpl.cleanUp();
240 }
241 }
242
243 protected void defineObjects(
244 HttpServletRequest request, HttpServletResponse response,
245 Portlet portlet)
246 throws Exception {
247
248 String portletId = portlet.getPortletId();
249
250 ServletContext servletContext = (ServletContext)request.getAttribute(
251 WebKeys.CTX);
252
253 InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
254 portlet, servletContext);
255
256 PortletPreferencesIds portletPreferencesIds =
257 PortletPreferencesFactoryUtil.getPortletPreferencesIds(
258 request, portletId);
259
260 PortletPreferences portletPreferences =
261 PortletPreferencesLocalServiceUtil.getStrictPreferences(
262 portletPreferencesIds);
263
264 PortletConfig portletConfig = PortletConfigFactoryUtil.create(
265 portlet, servletContext);
266 PortletContext portletContext = portletConfig.getPortletContext();
267
268 RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
269 request, portlet, invokerPortlet, portletContext,
270 WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
271
272 RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
273 renderRequestImpl, response, portletId, portlet.getCompanyId());
274
275 renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
276
277 request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
278 }
279
280 @Override
281 protected void doForward(
282 String uri, HttpServletRequest request,
283 HttpServletResponse response)
284 throws ServletException {
285
286 StrutsUtil.forward(uri, getServletContext(), request, response);
287 }
288
289 @Override
290 protected void doInclude(
291 String uri, HttpServletRequest request,
292 HttpServletResponse response)
293 throws ServletException {
294
295 StrutsUtil.include(uri, getServletContext(), request, response);
296 }
297
298 protected String getFriendlyTrackerPath(
299 String path, ThemeDisplay themeDisplay, HttpServletRequest request)
300 throws Exception {
301
302 if (!path.equals(_PATH_PORTAL_LAYOUT)) {
303 return null;
304 }
305
306 long plid = ParamUtil.getLong(request, "p_l_id");
307
308 if (plid == 0) {
309 return null;
310 }
311
312 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
313
314 String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
315 layout, themeDisplay);
316
317 String portletId = ParamUtil.getString(request, "p_p_id");
318
319 if (Validator.isNull(portletId)) {
320 return layoutFriendlyURL;
321 }
322
323 long companyId = PortalUtil.getCompanyId(request);
324
325 Portlet portlet = PortletLocalServiceUtil.getPortletById(
326 companyId, portletId);
327
328 if (portlet == null) {
329 String strutsPath = path.substring(
330 1, path.lastIndexOf(CharPool.SLASH));
331
332 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
333 companyId, strutsPath);
334 }
335
336 if ((portlet == null) || !portlet.isActive()) {
337 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
338 request.getQueryString());
339 }
340
341 String namespace = PortalUtil.getPortletNamespace(portletId);
342
343 FriendlyURLMapper friendlyURLMapper =
344 portlet.getFriendlyURLMapperInstance();
345
346 if (friendlyURLMapper == null) {
347 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
348 request.getQueryString());
349 }
350
351 PortletURLImpl portletURL = new PortletURLImpl(
352 request, portletId, plid, PortletRequest.RENDER_PHASE);
353
354 Map<String, String[]> parameterMap = request.getParameterMap();
355
356 for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
357 String key = entry.getKey();
358
359 if (key.startsWith(namespace)) {
360 key = key.substring(namespace.length());
361
362 portletURL.setParameter(key, entry.getValue());
363 }
364 }
365
366 String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
367
368 if (portletFriendlyURL != null) {
369 return layoutFriendlyURL.concat(portletFriendlyURL);
370 }
371 else {
372 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
373 request.getQueryString());
374 }
375 }
376
377 protected String getLastPath(HttpServletRequest request) {
378 HttpSession session = request.getSession();
379
380 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
381 WebKeys.THEME_DISPLAY);
382
383 Boolean httpsInitial = (Boolean)session.getAttribute(
384 WebKeys.HTTPS_INITIAL);
385
386 String portalURL = null;
387
388 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
389 !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
390 (httpsInitial != null) && !httpsInitial.booleanValue()) {
391
392 portalURL = PortalUtil.getPortalURL(request, false);
393 }
394 else {
395 portalURL = PortalUtil.getPortalURL(request);
396 }
397
398 StringBundler sb = new StringBundler(7);
399
400 sb.append(portalURL);
401 sb.append(themeDisplay.getPathMain());
402 sb.append(_PATH_PORTAL_LAYOUT);
403
404 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
405 if (request.getRemoteUser() != null) {
406
407
408
409
410
411 sb.append(StringPool.QUESTION);
412 sb.append("p_l_id");
413 sb.append(StringPool.EQUAL);
414 sb.append(LayoutConstants.DEFAULT_PLID);
415 }
416
417 return sb.toString();
418 }
419
420 LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
421
422 if (lastPath == null) {
423 return sb.toString();
424 }
425
426 Map<String, String[]> parameterMap = lastPath.getParameterMap();
427
428
429
430
431 if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
432 ActionMapping actionMapping =
433 (ActionMapping)moduleConfig.findActionConfig(
434 lastPath.getPath());
435
436 if ((actionMapping == null) || (parameterMap == null)) {
437 return sb.toString();
438 }
439 }
440
441 StringBundler lastPathSB = new StringBundler(4);
442
443 lastPathSB.append(portalURL);
444 lastPathSB.append(lastPath.getContextPath());
445 lastPathSB.append(lastPath.getPath());
446 lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
447
448 return lastPathSB.toString();
449 }
450
451 protected boolean isPortletPath(String path) {
452 if ((path != null) && !path.equals(_PATH_C) &&
453 !path.startsWith(_PATH_COMMON) &&
454 !path.contains(_PATH_J_SECURITY_CHECK) &&
455 !path.startsWith(_PATH_PORTAL)) {
456
457 return true;
458 }
459 else {
460 return false;
461 }
462 }
463
464 protected boolean isPublicPath(String path) {
465 if ((path != null) &&
466 (_publicPaths.contains(path) || path.startsWith(_PATH_COMMON) ||
467 AuthPublicPathRegistry.contains(path))) {
468
469 return true;
470 }
471 else {
472 return false;
473 }
474 }
475
476 @Override
477 protected Action processActionCreate(
478 HttpServletRequest request, HttpServletResponse response,
479 ActionMapping actionMapping)
480 throws IOException {
481
482 ActionAdapter actionAdapter =
483 (ActionAdapter)StrutsActionRegistryUtil.getAction(
484 actionMapping.getPath());
485
486 if (actionAdapter != null) {
487 ActionConfig actionConfig = moduleConfig.findActionConfig(
488 actionMapping.getPath());
489
490 if (actionConfig != null) {
491 Action originalAction = super.processActionCreate(
492 request, response, actionMapping);
493
494 actionAdapter.setOriginalAction(originalAction);
495 }
496
497 return actionAdapter;
498 }
499
500 return super.processActionCreate(request, response, actionMapping);
501 }
502
503 @Override
504 protected ActionMapping processMapping(
505 HttpServletRequest request, HttpServletResponse response,
506 String path)
507 throws IOException {
508
509 if (path == null) {
510 return null;
511 }
512
513 Action action = StrutsActionRegistryUtil.getAction(path);
514
515 if (action != null) {
516 ActionMapping actionMapping =
517 (ActionMapping)moduleConfig.findActionConfig(path);
518
519 if (actionMapping == null) {
520 actionMapping = new ActionMapping();
521
522 actionMapping.setModuleConfig(moduleConfig);
523 actionMapping.setPath(path);
524
525 request.setAttribute(Globals.MAPPING_KEY, actionMapping);
526 }
527
528 return actionMapping;
529 }
530
531 ActionMapping actionMapping = super.processMapping(
532 request, response, path);
533
534 if (actionMapping == null) {
535 MessageResources messageResources = getInternal();
536
537 String msg = messageResources.getMessage("processInvalid");
538
539 _log.error("User ID " + request.getRemoteUser());
540 _log.error("Current URL " + PortalUtil.getCurrentURL(request));
541 _log.error("Referer " + request.getHeader("Referer"));
542 _log.error("Remote address " + request.getRemoteAddr());
543
544 _log.error(msg + " " + path);
545 }
546
547 return actionMapping;
548 }
549
550 @Override
551 protected HttpServletRequest processMultipart(HttpServletRequest request) {
552
553
554
555 return request;
556 }
557
558 @Override
559 protected String processPath(
560 HttpServletRequest request, HttpServletResponse response)
561 throws IOException {
562
563 String path = GetterUtil.getString(
564 super.processPath(request, response));
565
566 HttpSession session = request.getSession();
567
568 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
569 WebKeys.THEME_DISPLAY);
570
571
572
573 UserTracker userTracker = LiveUsers.getUserTracker(
574 themeDisplay.getCompanyId(), session.getId());
575
576 if ((userTracker != null) && !path.equals(_PATH_C) &&
577 !path.contains(_PATH_J_SECURITY_CHECK) &&
578 !path.contains(_PATH_PORTAL_PROTECTED) &&
579 !_trackerIgnorePaths.contains(path)) {
580
581 String fullPath = null;
582
583 try {
584 if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
585 fullPath = getFriendlyTrackerPath(
586 path, themeDisplay, request);
587 }
588 }
589 catch (Exception e) {
590 _log.error(e, e);
591 }
592
593 String fullPathWithoutQueryString = fullPath;
594
595 if (Validator.isNull(fullPath)) {
596 String queryString = request.getQueryString();
597
598 fullPathWithoutQueryString = path;
599
600 if (Validator.isNotNull(queryString)) {
601 fullPath = path.concat(StringPool.QUESTION).concat(
602 queryString);
603 }
604 else {
605 fullPath = path;
606 }
607 }
608
609 int pos = fullPathWithoutQueryString.indexOf(StringPool.QUESTION);
610
611 if (pos != -1) {
612 fullPathWithoutQueryString =
613 fullPathWithoutQueryString.substring(0, pos);
614 }
615
616 if (!_trackerIgnorePaths.contains(fullPathWithoutQueryString)) {
617 UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
618
619 userTrackerPath.setUserTrackerId(
620 userTracker.getUserTrackerId());
621 userTrackerPath.setPath(fullPath);
622 userTrackerPath.setPathDate(new Date());
623
624 userTracker.addPath(userTrackerPath);
625 }
626 }
627
628 String remoteUser = request.getRemoteUser();
629
630 User user = null;
631
632 try {
633 user = PortalUtil.getUser(request);
634 }
635 catch (Exception e) {
636 }
637
638
639
640 if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
641 boolean saveLastPath = ParamUtil.getBoolean(
642 request, "saveLastPath", true);
643
644 if (themeDisplay.isLifecycleResource() ||
645 themeDisplay.isStateExclusive() ||
646 themeDisplay.isStatePopUp() ||
647 !StringUtil.equalsIgnoreCase(
648 request.getMethod(), HttpMethods.GET)) {
649
650 saveLastPath = false;
651 }
652
653
654
655 if (saveLastPath) {
656
657
658
659
660 LastPath lastPath = (LastPath)request.getAttribute(
661 WebKeys.LAST_PATH);
662
663 if (lastPath == null) {
664 lastPath = new LastPath(
665 themeDisplay.getPathMain(), path,
666 request.getParameterMap());
667 }
668
669 session.setAttribute(WebKeys.LAST_PATH, lastPath);
670 }
671 }
672
673
674
675 if (PropsValues.SETUP_WIZARD_ENABLED) {
676 if (!path.equals(_PATH_PORTAL_LICENSE) &&
677 !path.equals(_PATH_PORTAL_STATUS)) {
678
679 return _PATH_PORTAL_SETUP_WIZARD;
680 }
681 }
682 else if (path.equals(_PATH_PORTAL_SETUP_WIZARD)) {
683 return _PATH_PORTAL_LAYOUT;
684 }
685
686
687
688 if (((remoteUser != null) || (user != null)) &&
689 path.equals(_PATH_PORTAL_LOGOUT)) {
690
691 return path;
692 }
693
694
695
696 if (((remoteUser != null) || (user != null)) &&
697 (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
698 path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
699
700 return path;
701 }
702
703
704
705 if (((remoteUser != null) || (user != null)) &&
706 path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE)) {
707
708 return path;
709 }
710
711
712
713 if ((remoteUser != null) && (user == null)) {
714 return _PATH_PORTAL_LOGOUT;
715 }
716
717
718
719 if ((user != null) && !user.isActive()) {
720 SessionErrors.add(request, UserActiveException.class.getName());
721
722 return _PATH_PORTAL_ERROR;
723 }
724
725 long companyId = PortalUtil.getCompanyId(request);
726 String portletId = ParamUtil.getString(request, "p_p_id");
727
728 if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
729 !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
730 !ParamUtil.getBoolean(request, "wsrp") &&
731 !themeDisplay.isImpersonated() &&
732 !InterruptedPortletRequestWhitelistUtil.
733 isPortletInvocationWhitelisted(
734 companyId, portletId,
735 PortalUtil.getStrutsAction(request))) {
736
737
738
739 if ((user != null) && !user.isTermsOfUseComplete()) {
740 return _PATH_PORTAL_TERMS_OF_USE;
741 }
742
743
744
745 if ((user != null) && !user.isEmailAddressVerificationComplete()) {
746 if (path.equals(_PATH_PORTAL_UPDATE_EMAIL_ADDRESS)) {
747 return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
748 }
749
750 return _PATH_PORTAL_VERIFY_EMAIL_ADDRESS;
751 }
752
753
754
755 if ((user != null) && user.isPasswordReset()) {
756 try {
757 PasswordPolicy passwordPolicy = user.getPasswordPolicy();
758
759 if ((passwordPolicy == null) ||
760 passwordPolicy.isChangeRequired()) {
761
762 return _PATH_PORTAL_UPDATE_PASSWORD;
763 }
764 }
765 catch (Exception e) {
766 _log.error(e, e);
767
768 return _PATH_PORTAL_UPDATE_PASSWORD;
769 }
770 }
771 else if ((user != null) && !user.isPasswordReset() &&
772 path.equals(_PATH_PORTAL_UPDATE_PASSWORD)) {
773
774 return null;
775 }
776
777
778
779 if ((user != null) && !user.isEmailAddressComplete()) {
780 return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
781 }
782
783
784
785 if ((user != null) && !user.isDefaultUser() &&
786 !user.isReminderQueryComplete()) {
787
788 return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
789 }
790 }
791
792
793
794 if (!isPublicPath(path)) {
795 if (user == null) {
796 SessionErrors.add(request, PrincipalException.class.getName());
797
798 return _PATH_PORTAL_LOGIN;
799 }
800 }
801
802 ActionMapping actionMapping =
803 (ActionMapping)moduleConfig.findActionConfig(path);
804
805 if (actionMapping == null) {
806 Action strutsAction = StrutsActionRegistryUtil.getAction(path);
807
808 if (strutsAction == null) {
809 return null;
810 }
811 }
812 else {
813 path = actionMapping.getPath();
814 }
815
816
817
818 if (isPortletPath(path)) {
819 try {
820 Portlet portlet = null;
821
822 if (Validator.isNotNull(portletId)) {
823 portlet = PortletLocalServiceUtil.getPortletById(
824 companyId, portletId);
825 }
826
827 if (portlet == null) {
828 String strutsPath = path.substring(
829 1, path.lastIndexOf(CharPool.SLASH));
830
831 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
832 companyId, strutsPath);
833 }
834
835 if ((portlet != null) && portlet.isActive()) {
836 defineObjects(request, response, portlet);
837 }
838 }
839 catch (Exception e) {
840 request.setAttribute(PageContext.EXCEPTION, e);
841
842 path = _PATH_COMMON_ERROR;
843 }
844 }
845
846
847
848 if (SessionErrors.contains(
849 request, LayoutPermissionException.class.getName())) {
850
851 return _PATH_PORTAL_ERROR;
852 }
853
854 return path;
855 }
856
857 @Override
858 protected void processPopulate(
859 HttpServletRequest request, HttpServletResponse response,
860 ActionForm actionForm, ActionMapping actionMapping)
861 throws ServletException {
862
863 if (actionForm == null) {
864 return;
865 }
866
867 boolean hasIgnoredParameter = false;
868
869 Map<String, String[]> oldParameterMap = request.getParameterMap();
870
871 Map<String, String[]> newParameterMap = new LinkedHashMap<>(
872 oldParameterMap.size());
873
874 for (Map.Entry<String, String[]> entry : oldParameterMap.entrySet()) {
875 String name = entry.getKey();
876
877 Matcher matcher = _strutsPortletIgnoredParamtersPattern.matcher(
878 name);
879
880 if (matcher.matches()) {
881 hasIgnoredParameter = true;
882 }
883 else {
884 newParameterMap.put(name, entry.getValue());
885 }
886 }
887
888 if (hasIgnoredParameter) {
889 request = new DynamicServletRequest(
890 request, newParameterMap, false);
891 }
892
893 super.processPopulate(request, response, actionForm, actionMapping);
894 }
895
896 @Override
897 protected boolean processRoles(
898 HttpServletRequest request, HttpServletResponse response,
899 ActionMapping actionMapping)
900 throws IOException, ServletException {
901
902 String path = actionMapping.getPath();
903
904 if (isPublicPath(path)) {
905 return true;
906 }
907
908 boolean authorized = true;
909
910 User user = null;
911
912 try {
913 user = PortalUtil.getUser(request);
914 }
915 catch (Exception e) {
916 }
917
918 if ((user != null) && isPortletPath(path)) {
919 try {
920
921
922
923 if (path.equals(_PATH_PORTAL_LOGOUT)) {
924 return true;
925 }
926
927 Portlet portlet = null;
928
929 String portletId = ParamUtil.getString(request, "p_p_id");
930
931 if (Validator.isNotNull(portletId)) {
932 portlet = PortletLocalServiceUtil.getPortletById(
933 user.getCompanyId(), portletId);
934 }
935
936 String strutsPath = path.substring(
937 1, path.lastIndexOf(CharPool.SLASH));
938
939 if (portlet != null) {
940 if (!strutsPath.equals(portlet.getStrutsPath())) {
941 throw new PrincipalException();
942 }
943 }
944 else {
945 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
946 user.getCompanyId(), strutsPath);
947 }
948
949 if ((portlet != null) && portlet.isActive() &&
950 !portlet.isSystem()) {
951
952 ThemeDisplay themeDisplay =
953 (ThemeDisplay)request.getAttribute(
954 WebKeys.THEME_DISPLAY);
955
956 Layout layout = themeDisplay.getLayout();
957 PermissionChecker permissionChecker =
958 themeDisplay.getPermissionChecker();
959
960 if (!PortletPermissionUtil.contains(
961 permissionChecker, layout, portlet,
962 ActionKeys.VIEW)) {
963
964 throw new PrincipalException();
965 }
966 }
967 else if ((portlet != null) && !portlet.isActive()) {
968 SessionErrors.add(
969 request, PortletActiveException.class.getName());
970
971 authorized = false;
972 }
973 }
974 catch (Exception e) {
975 SessionErrors.add(request, PrincipalException.class.getName());
976
977 authorized = false;
978 }
979 }
980
981 if (!authorized) {
982 ForwardConfig forwardConfig = actionMapping.findForward(
983 _PATH_PORTAL_ERROR);
984
985 processForwardConfig(request, response, forwardConfig);
986
987 return false;
988 }
989 else {
990 return true;
991 }
992 }
993
994 private static final String _PATH_C = "/c";
995
996 private static final String _PATH_COMMON = "/common";
997
998 private static final String _PATH_COMMON_ERROR = "/common/error";
999
1000 private static final String _PATH_J_SECURITY_CHECK = "/j_security_check";
1001
1002 private static final String _PATH_PORTAL = "/portal";
1003
1004 private static final String _PATH_PORTAL_API_JSONWS = "/portal/api/jsonws";
1005
1006 private static final String _PATH_PORTAL_ERROR = "/portal/error";
1007
1008 private static final String _PATH_PORTAL_EXPIRE_SESSION =
1009 "/portal/expire_session";
1010
1011 private static final String _PATH_PORTAL_EXTEND_SESSION =
1012 "/portal/extend_session";
1013
1014 private static final String _PATH_PORTAL_FLASH = "/portal/flash";
1015
1016 private static final String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
1017
1018 private static final String _PATH_PORTAL_JSON_SERVICE =
1019 "/portal/json_service";
1020
1021 private static final String _PATH_PORTAL_LAYOUT = "/portal/layout";
1022
1023 private static final String _PATH_PORTAL_LICENSE = "/portal/license";
1024
1025 private static final String _PATH_PORTAL_LOGIN = "/portal/login";
1026
1027 private static final String _PATH_PORTAL_LOGOUT = "/portal/logout";
1028
1029 private static final String _PATH_PORTAL_PROTECTED = "/portal/protected";
1030
1031 private static final String _PATH_PORTAL_RENDER_PORTLET =
1032 "/portal/render_portlet";
1033
1034 private static final String _PATH_PORTAL_RESILIENCY = "/portal/resiliency";
1035
1036 private static final String _PATH_PORTAL_SETUP_WIZARD =
1037 "/portal/setup_wizard";
1038
1039 private static final String _PATH_PORTAL_STATUS = "/portal/status";
1040
1041 private static final String _PATH_PORTAL_TCK = "/portal/tck";
1042
1043 private static final String _PATH_PORTAL_TERMS_OF_USE =
1044 "/portal/terms_of_use";
1045
1046 private static final String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
1047 "/portal/update_email_address";
1048
1049 private static final String _PATH_PORTAL_UPDATE_LANGUAGE =
1050 "/portal/update_language";
1051
1052 private static final String _PATH_PORTAL_UPDATE_PASSWORD =
1053 "/portal/update_password";
1054
1055 private static final String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
1056 "/portal/update_reminder_query";
1057
1058 private static final String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
1059 "/portal/update_terms_of_use";
1060
1061 private static final String _PATH_PORTAL_VERIFY_EMAIL_ADDRESS =
1062 "/portal/verify_email_address";
1063
1064 private static final Log _log = LogFactoryUtil.getLog(
1065 PortalRequestProcessor.class);
1066
1067 private static final Pattern _strutsPortletIgnoredParamtersPattern =
1068 Pattern.compile(PropsValues.STRUTS_PORTLET_IGNORED_PARAMETERS_REGEXP);
1069
1070 private final Set<String> _lastPaths;
1071 private final Set<String> _publicPaths;
1072 private final Set<String> _trackerIgnorePaths;
1073
1074 }