1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.security.auth;
21  
22  import com.liferay.portal.kernel.log.Log;
23  import com.liferay.portal.kernel.log.LogFactoryUtil;
24  import com.liferay.portal.kernel.util.StringPool;
25  import com.liferay.portal.model.User;
26  import com.liferay.portal.security.ldap.PortalLDAPUtil;
27  import com.liferay.portal.util.PortalUtil;
28  import com.liferay.portal.util.WebKeys;
29  
30  import javax.naming.directory.SearchResult;
31  import javax.naming.ldap.LdapContext;
32  
33  import javax.servlet.http.HttpServletRequest;
34  import javax.servlet.http.HttpServletResponse;
35  
36  /**
37   * <a href="NtlmAutoLogin.java.html"><b><i>View Source</i></b></a>
38   *
39   * @author Bruno Farache
40   *
41   */
42  public class NtlmAutoLogin implements AutoLogin {
43  
44      public String[] login(
45          HttpServletRequest request, HttpServletResponse response) {
46  
47          String[] credentials = null;
48  
49          try {
50              long companyId = PortalUtil.getCompanyId(request);
51  
52              if (!PortalLDAPUtil.isNtlmEnabled(companyId)) {
53                  return credentials;
54              }
55  
56              String screenName = (String)request.getAttribute(
57                  WebKeys.NTLM_REMOTE_USER);
58  
59              if (screenName == null) {
60                  return credentials;
61              }
62  
63              request.removeAttribute(WebKeys.NTLM_REMOTE_USER);
64  
65              User user = getUser(companyId, screenName);
66  
67              if (user != null) {
68                  credentials = new String[3];
69  
70                  credentials[0] = String.valueOf(user.getUserId());
71                  credentials[1] = user.getPassword();
72                  credentials[2] = Boolean.TRUE.toString();
73              }
74          }
75          catch (Exception e) {
76              _log.error(e, e);
77          }
78  
79          return credentials;
80      }
81  
82      protected User getUser(long companyId, String screenName) throws Exception {
83          SearchResult result = (SearchResult)PortalLDAPUtil.getUser(
84              companyId, screenName);
85  
86          if (result == null) {
87              if (_log.isWarnEnabled()) {
88                  _log.warn(
89                      "No user was found in LDAP with screenName " + screenName);
90              }
91  
92              return null;
93          }
94  
95          LdapContext ctx = PortalLDAPUtil.getContext(companyId);
96  
97          User user = PortalLDAPUtil.importLDAPUser(
98              companyId, ctx, result.getAttributes(), StringPool.BLANK, false);
99  
100         ctx.close();
101 
102         return user;
103     }
104 
105     private static Log _log = LogFactoryUtil.getLog(NtlmAutoLogin.class);
106 
107 }