1
19
20 package com.liferay.portal.servlet.filters.autologin;
21
22 import com.liferay.portal.NoSuchUserException;
23 import com.liferay.portal.kernel.log.Log;
24 import com.liferay.portal.kernel.log.LogFactoryUtil;
25 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
26 import com.liferay.portal.kernel.util.GetterUtil;
27 import com.liferay.portal.kernel.util.InstancePool;
28 import com.liferay.portal.kernel.util.ListUtil;
29 import com.liferay.portal.kernel.util.StringPool;
30 import com.liferay.portal.kernel.util.Validator;
31 import com.liferay.portal.model.User;
32 import com.liferay.portal.security.auth.AutoLogin;
33 import com.liferay.portal.security.pwd.PwdEncryptor;
34 import com.liferay.portal.service.UserLocalServiceUtil;
35 import com.liferay.portal.servlet.filters.BasePortalFilter;
36 import com.liferay.portal.util.PortalInstances;
37 import com.liferay.portal.util.PortalUtil;
38 import com.liferay.portal.util.PropsValues;
39 import com.liferay.portal.util.WebKeys;
40
41 import java.io.IOException;
42
43 import java.util.ArrayList;
44 import java.util.List;
45
46 import javax.servlet.FilterChain;
47 import javax.servlet.ServletException;
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50 import javax.servlet.http.HttpSession;
51
52
59 public class AutoLoginFilter extends BasePortalFilter {
60
61 public static void registerAutoLogin(AutoLogin autoLogin) {
62 if (_autoLogins == null) {
63 _log.error("AutoLoginFilter is not initialized yet");
64
65 return;
66 }
67
68 List<AutoLogin> autoLogins = ListUtil.fromArray(_autoLogins);
69
70 autoLogins.add(autoLogin);
71
72 _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
73 }
74
75 public static void unregisterAutoLogin(AutoLogin autoLogin) {
76 if (_autoLogins == null) {
77 _log.error("AutoLoginFilter is not initialized yet");
78
79 return;
80 }
81
82 List<AutoLogin> autoLogins = ListUtil.fromArray(_autoLogins);
83
84 if (autoLogins.remove(autoLogin)) {
85 _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
86 }
87 }
88
89 public AutoLoginFilter() {
90 List<AutoLogin> autoLogins = new ArrayList<AutoLogin>();
91
92 for (String autoLoginHook : PropsValues.AUTO_LOGIN_HOOKS) {
93 AutoLogin autoLogin = (AutoLogin)InstancePool.get(
94 autoLoginHook);
95
96 autoLogins.add(autoLogin);
97 }
98
99 _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
100 }
101
102 protected String getLoginRemoteUser(
103 HttpServletRequest request, HttpServletResponse response,
104 HttpSession session, String[] credentials)
105 throws Exception {
106
107 if ((credentials != null) && (credentials.length == 3)) {
108 String jUsername = credentials[0];
109 String jPassword = credentials[1];
110 boolean encPassword = GetterUtil.getBoolean(credentials[2]);
111
112 if (Validator.isNotNull(jUsername) &&
113 Validator.isNotNull(jPassword)) {
114
115 try {
116 long userId = GetterUtil.getLong(jUsername);
117
118 if (userId > 0) {
119 User user = UserLocalServiceUtil.getUserById(userId);
120
121 if (user.isLockout()) {
122 return null;
123 }
124 }
125 else {
126 return null;
127 }
128 }
129 catch (NoSuchUserException nsue) {
130 return null;
131 }
132
133 session.setAttribute("j_username", jUsername);
134
135
139 if (encPassword) {
140 session.setAttribute("j_password", jPassword);
141 }
142 else {
143 session.setAttribute(
144 "j_password", PwdEncryptor.encrypt(jPassword));
145
146 session.setAttribute(WebKeys.USER_PASSWORD, jPassword);
147 }
148
149 if (PropsValues.PORTAL_JAAS_ENABLE) {
150 response.sendRedirect(
151 PortalUtil.getPathMain() + "/portal/touch_protected");
152 }
153
154 return jUsername;
155 }
156 }
157
158 return null;
159 }
160
161 protected void processFilter(
162 HttpServletRequest request, HttpServletResponse response,
163 FilterChain filterChain)
164 throws IOException, ServletException {
165
166 HttpSession session = request.getSession();
167
168 String host = PortalUtil.getHost(request);
169
170 if (PortalInstances.isAutoLoginIgnoreHost(host)) {
171 if (_log.isDebugEnabled()) {
172 _log.debug("Ignore host " + host);
173 }
174
175 processFilter(
176 AutoLoginFilter.class, request, response, filterChain);
177
178 return;
179 }
180
181 String contextPath = PortalUtil.getPathContext();
182
183 String path = request.getRequestURI().toLowerCase();
184
185 if ((!contextPath.equals(StringPool.SLASH)) &&
186 (path.indexOf(contextPath) != -1)) {
187
188 path = path.substring(contextPath.length(), path.length());
189 }
190
191 if (PortalInstances.isAutoLoginIgnorePath(path)) {
192 if (_log.isDebugEnabled()) {
193 _log.debug("Ignore path " + path);
194 }
195
196 processFilter(
197 AutoLoginFilter.class, request, response, filterChain);
198
199 return;
200 }
201
202 String remoteUser = request.getRemoteUser();
203 String jUserName = (String)session.getAttribute("j_username");
204
205 if ((remoteUser == null) && (jUserName == null)) {
206 for (AutoLogin autoLogin : _autoLogins) {
207 try {
208 String[] credentials = autoLogin.login(request, response);
209
210 String redirect = (String)request.getAttribute(
211 AutoLogin.AUTO_LOGIN_REDIRECT);
212
213 if (redirect != null) {
214 response.sendRedirect(redirect);
215
216 return;
217 }
218
219 String loginRemoteUser = getLoginRemoteUser(
220 request, response, session, credentials);
221
222 if (loginRemoteUser != null) {
223 request = new ProtectedServletRequest(
224 request, loginRemoteUser);
225
226 if (PropsValues.PORTAL_JAAS_ENABLE) {
227 return;
228 }
229 }
230 }
231 catch (Exception e) {
232 if (_log.isWarnEnabled()) {
233 _log.warn(e, e);
234 }
235
236 String currentURL = PortalUtil.getCurrentURL(request);
237
238 if (currentURL.endsWith(_PATH_CHAT_LATEST)) {
239 if (_log.isWarnEnabled()) {
240 _log.warn(
241 "Current URL " + currentURL +
242 " generates exception: " + e.getMessage());
243 }
244 }
245 else {
246 _log.error(
247 "Current URL " + currentURL +
248 " generates exception: " + e.getMessage());
249 }
250 }
251 }
252 }
253
254 processFilter(AutoLoginFilter.class, request, response, filterChain);
255 }
256
257 private static final String _PATH_CHAT_LATEST = "/-/chat/latest";
258
259 private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
260
261 private static AutoLogin[] _autoLogins;
262
263 }