1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.struts;
21  
22  import com.liferay.portal.LayoutPermissionException;
23  import com.liferay.portal.PortletActiveException;
24  import com.liferay.portal.RequiredRoleException;
25  import com.liferay.portal.SystemException;
26  import com.liferay.portal.UserActiveException;
27  import com.liferay.portal.kernel.log.Log;
28  import com.liferay.portal.kernel.log.LogFactoryUtil;
29  import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
30  import com.liferay.portal.kernel.servlet.HttpMethods;
31  import com.liferay.portal.kernel.servlet.SessionErrors;
32  import com.liferay.portal.kernel.util.HttpUtil;
33  import com.liferay.portal.kernel.util.JavaConstants;
34  import com.liferay.portal.kernel.util.ParamUtil;
35  import com.liferay.portal.kernel.util.StringPool;
36  import com.liferay.portal.kernel.util.Validator;
37  import com.liferay.portal.liveusers.LiveUsers;
38  import com.liferay.portal.model.Layout;
39  import com.liferay.portal.model.LayoutConstants;
40  import com.liferay.portal.model.Portlet;
41  import com.liferay.portal.model.PortletPreferencesIds;
42  import com.liferay.portal.model.User;
43  import com.liferay.portal.model.UserTracker;
44  import com.liferay.portal.model.UserTrackerPath;
45  import com.liferay.portal.security.auth.PrincipalException;
46  import com.liferay.portal.security.permission.ActionKeys;
47  import com.liferay.portal.security.permission.PermissionChecker;
48  import com.liferay.portal.service.LayoutLocalServiceUtil;
49  import com.liferay.portal.service.PortletLocalServiceUtil;
50  import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
51  import com.liferay.portal.service.permission.PortletPermissionUtil;
52  import com.liferay.portal.service.persistence.UserTrackerPathUtil;
53  import com.liferay.portal.theme.ThemeDisplay;
54  import com.liferay.portal.util.PortalUtil;
55  import com.liferay.portal.util.PrefsPropsUtil;
56  import com.liferay.portal.util.PropsKeys;
57  import com.liferay.portal.util.PropsUtil;
58  import com.liferay.portal.util.PropsValues;
59  import com.liferay.portal.util.WebKeys;
60  import com.liferay.portlet.InvokerPortlet;
61  import com.liferay.portlet.PortletConfigFactory;
62  import com.liferay.portlet.PortletInstanceFactoryUtil;
63  import com.liferay.portlet.PortletPreferencesFactoryUtil;
64  import com.liferay.portlet.PortletURLImpl;
65  import com.liferay.portlet.RenderRequestFactory;
66  import com.liferay.portlet.RenderRequestImpl;
67  import com.liferay.portlet.RenderResponseFactory;
68  import com.liferay.portlet.RenderResponseImpl;
69  
70  import java.io.IOException;
71  
72  import java.util.Date;
73  import java.util.HashSet;
74  import java.util.Iterator;
75  import java.util.Map.Entry;
76  import java.util.Map;
77  import java.util.Set;
78  
79  import javax.portlet.PortletConfig;
80  import javax.portlet.PortletContext;
81  import javax.portlet.PortletMode;
82  import javax.portlet.PortletPreferences;
83  import javax.portlet.PortletRequest;
84  import javax.portlet.WindowState;
85  
86  import javax.servlet.ServletContext;
87  import javax.servlet.ServletException;
88  import javax.servlet.http.HttpServletRequest;
89  import javax.servlet.http.HttpServletResponse;
90  import javax.servlet.http.HttpSession;
91  import javax.servlet.jsp.PageContext;
92  
93  import org.apache.struts.action.ActionMapping;
94  import org.apache.struts.config.ForwardConfig;
95  import org.apache.struts.tiles.TilesRequestProcessor;
96  
97  /**
98   * <a href="PortalRequestProcessor.java.html"><b><i>View Source</i></b></a>
99   *
100  * @author Brian Wing Shun Chan
101  * @author Jorge Ferrer
102  *
103  */
104 public class PortalRequestProcessor extends TilesRequestProcessor {
105 
106     public PortalRequestProcessor() {
107 
108         // auth.forward.last.path.
109 
110         _lastPaths = new HashSet<String>();
111 
112         _lastPaths.add(_PATH_PORTAL_LAYOUT);
113 
114         addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
115 
116         // auth.public.path.
117 
118         _publicPaths = new HashSet<String>();
119 
120         _publicPaths.add(_PATH_C);
121         _publicPaths.add(_PATH_PORTAL_FLASH);
122         _publicPaths.add(_PATH_PORTAL_J_LOGIN);
123         _publicPaths.add(_PATH_PORTAL_LAYOUT);
124         _publicPaths.add(_PATH_PORTAL_LOGIN);
125         _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
126         _publicPaths.add(_PATH_PORTAL_TCK);
127 
128         addPaths(_publicPaths, PropsKeys.AUTH_PUBLIC_PATHS);
129 
130         _trackerIgnorePaths = new HashSet<String>();
131 
132         addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
133     }
134 
135     public void process(
136             HttpServletRequest request, HttpServletResponse response)
137         throws IOException, ServletException {
138 
139         String path = super.processPath(request, response);
140 
141         ActionMapping mapping = (ActionMapping)moduleConfig.findActionConfig(
142             path);
143 
144         if ((mapping == null) && !path.startsWith(_PATH_WSRP)) {
145             String lastPath = getLastPath(request);
146 
147             if (_log.isDebugEnabled()) {
148                 _log.debug("Last path " + lastPath);
149             }
150 
151             response.sendRedirect(lastPath);
152 
153             return;
154         }
155 
156         super.process(request, response);
157 
158         try {
159             if (isPortletPath(path)) {
160                 cleanUp(request);
161             }
162         }
163         catch (Exception e) {
164             _log.error(e, e);
165         }
166     }
167 
168     protected void addPaths(Set<String> paths, String propsKey) {
169         String[] pathsArray = PropsUtil.getArray(propsKey);
170 
171         for (String path : pathsArray) {
172             paths.add(path);
173         }
174     }
175 
176     protected void callParentDoForward(
177             String uri, HttpServletRequest request,
178             HttpServletResponse response)
179         throws IOException, ServletException {
180 
181         super.doForward(uri, request, response);
182     }
183 
184     protected HttpServletRequest callParentProcessMultipart(
185         HttpServletRequest request) {
186 
187         return super.processMultipart(request);
188     }
189 
190     protected String callParentProcessPath(
191             HttpServletRequest request, HttpServletResponse response)
192         throws IOException {
193 
194         return super.processPath(request, response);
195     }
196 
197     protected boolean callParentProcessRoles(
198             HttpServletRequest request, HttpServletResponse response,
199             ActionMapping mapping)
200         throws IOException, ServletException {
201 
202         return super.processRoles(request, response, mapping);
203     }
204 
205     protected void cleanUp(HttpServletRequest request) throws Exception {
206 
207         // Clean up portlet objects that may have been created by defineObjects
208         // for portlets that are called directly from a Struts path
209 
210         RenderRequestImpl renderRequestImpl =
211             (RenderRequestImpl)request.getAttribute(
212                 JavaConstants.JAVAX_PORTLET_REQUEST);
213 
214         if (renderRequestImpl != null) {
215             renderRequestImpl.cleanUp();
216         }
217     }
218 
219     protected void defineObjects(
220             HttpServletRequest request, HttpServletResponse response,
221             Portlet portlet)
222         throws Exception {
223 
224         String portletId = portlet.getPortletId();
225 
226         ServletContext servletContext = (ServletContext)request.getAttribute(
227             WebKeys.CTX);
228 
229         InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
230             portlet, servletContext);
231 
232         PortletPreferencesIds portletPreferencesIds =
233             PortletPreferencesFactoryUtil.getPortletPreferencesIds(
234                 request, portletId);
235 
236         PortletPreferences portletPreferences =
237             PortletPreferencesLocalServiceUtil.getPreferences(
238                 portletPreferencesIds);
239 
240         PortletConfig portletConfig = PortletConfigFactory.create(
241             portlet, servletContext);
242         PortletContext portletContext = portletConfig.getPortletContext();
243 
244         RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
245             request, portlet, invokerPortlet, portletContext,
246             WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
247 
248         RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
249             renderRequestImpl, response, portletId, portlet.getCompanyId());
250 
251         renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
252 
253         request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
254     }
255 
256     protected void doForward(
257             String uri, HttpServletRequest request,
258             HttpServletResponse response)
259         throws ServletException {
260 
261         StrutsUtil.forward(uri, getServletContext(), request, response);
262     }
263 
264     protected void doInclude(
265             String uri, HttpServletRequest request,
266             HttpServletResponse response)
267         throws ServletException {
268 
269         StrutsUtil.include(uri, getServletContext(), request, response);
270     }
271 
272     protected StringBuilder getFriendlyTrackerPath(
273             String path, ThemeDisplay themeDisplay, HttpServletRequest request)
274         throws Exception {
275 
276         if (!path.equals(_PATH_PORTAL_LAYOUT)) {
277             return null;
278         }
279 
280         long plid = ParamUtil.getLong(request, "p_l_id");
281 
282         if (plid == 0) {
283             return null;
284         }
285 
286         Layout layout = LayoutLocalServiceUtil.getLayout(plid);
287 
288         String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
289             layout, themeDisplay);
290 
291         StringBuilder sb = new StringBuilder();
292 
293         sb.append(layoutFriendlyURL);
294 
295         String portletId = ParamUtil.getString(request, "p_p_id");
296 
297         if (Validator.isNull(portletId)) {
298             return sb;
299         }
300 
301         long companyId = PortalUtil.getCompanyId(request);
302 
303         Portlet portlet = PortletLocalServiceUtil.getPortletById(
304             companyId, portletId);
305 
306         if (portlet == null) {
307             String strutsPath = path.substring(
308                 1, path.lastIndexOf(StringPool.SLASH));
309 
310             portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
311                 companyId, strutsPath);
312         }
313 
314         if ((portlet == null) || !portlet.isActive()) {
315             sb.append(StringPool.QUESTION);
316             sb.append(request.getQueryString());
317 
318             return sb;
319         }
320 
321         String namespace = PortalUtil.getPortletNamespace(portletId);
322 
323         FriendlyURLMapper friendlyURLMapper =
324             portlet.getFriendlyURLMapperInstance();
325 
326         if (friendlyURLMapper == null) {
327             sb.append(StringPool.QUESTION);
328             sb.append(request.getQueryString());
329 
330             return sb;
331         }
332 
333         PortletURLImpl portletURL = new PortletURLImpl(
334             request, portletId, plid, PortletRequest.RENDER_PHASE);
335 
336         Iterator<Map.Entry<String, String[]>> itr =
337             request.getParameterMap().entrySet().iterator();
338 
339         while (itr.hasNext()) {
340             Entry<String, String[]> entry = itr.next();
341 
342             String key = entry.getKey();
343 
344             if (key.startsWith(namespace)) {
345                 key = key.substring(namespace.length());
346 
347                 portletURL.setParameter(key, entry.getValue());
348             }
349         }
350 
351         String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
352 
353         if (portletFriendlyURL != null) {
354             sb.append(portletFriendlyURL);
355         }
356         else {
357             sb.append(StringPool.QUESTION);
358             sb.append(request.getQueryString());
359         }
360 
361         return sb;
362     }
363 
364     protected String getLastPath(HttpServletRequest request) {
365         HttpSession session = request.getSession();
366 
367         ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
368             WebKeys.THEME_DISPLAY);
369 
370         Boolean httpsInitial = (Boolean)session.getAttribute(
371             WebKeys.HTTPS_INITIAL);
372 
373         String portalURL = null;
374 
375         if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
376             (httpsInitial != null) && (!httpsInitial.booleanValue())) {
377 
378             portalURL = PortalUtil.getPortalURL(request, false);
379         }
380         else {
381             portalURL = PortalUtil.getPortalURL(request);
382         }
383 
384         StringBuilder sb = new StringBuilder();
385 
386         sb.append(portalURL);
387         sb.append(themeDisplay.getPathMain());
388         sb.append(_PATH_PORTAL_LAYOUT);
389 
390         if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
391             if (request.getRemoteUser() != null) {
392 
393                 // If we do not forward by last path and the user is logged in,
394                 // forward to the user's default layout to prevent a lagging
395                 // loop
396 
397                 sb.append(StringPool.QUESTION);
398                 sb.append("p_l_id");
399                 sb.append(StringPool.EQUAL);
400                 sb.append(LayoutConstants.DEFAULT_PLID);
401             }
402 
403             return sb.toString();
404         }
405 
406         LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
407 
408         if (lastPath == null) {
409             return sb.toString();
410         }
411 
412         Map<String, String[]> parameterMap = lastPath.getParameterMap();
413 
414         // Only test for existing mappings for last paths that were set when the
415         // user accessed a layout directly instead of through its friendly URL
416 
417         if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
418             ActionMapping mapping =
419                 (ActionMapping)moduleConfig.findActionConfig(
420                     lastPath.getPath());
421 
422             if ((mapping == null) || (parameterMap == null)) {
423                 return sb.toString();
424             }
425         }
426 
427         StringBuilder lastPathSB = new StringBuilder();
428 
429         lastPathSB.append(portalURL);
430         lastPathSB.append(lastPath.getContextPath());
431         lastPathSB.append(lastPath.getPath());
432         lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
433 
434         return lastPathSB.toString();
435     }
436 
437     protected boolean isPortletPath(String path) {
438         if ((path != null) &&
439             (!path.equals(_PATH_C)) &&
440             (!path.startsWith(_PATH_COMMON)) &&
441             (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
442             (!path.startsWith(_PATH_PORTAL)) &&
443             (!path.startsWith(_PATH_WSRP))) {
444 
445             return true;
446         }
447         else {
448             return false;
449         }
450     }
451 
452     protected boolean isPublicPath(String path) {
453         if ((path != null) &&
454             (_publicPaths.contains(path)) ||
455             (path.startsWith(_PATH_COMMON)) ||
456             (path.startsWith(_PATH_WSRP))) {
457 
458             return true;
459         }
460         else {
461             return false;
462         }
463     }
464 
465     protected ActionMapping processMapping(
466             HttpServletRequest request, HttpServletResponse response,
467             String path)
468         throws IOException {
469 
470         if (path == null) {
471             return null;
472         }
473 
474         ActionMapping mapping = super.processMapping(request, response, path);
475 
476         if (mapping == null) {
477             String msg = getInternal().getMessage("processInvalid");
478 
479             _log.error("User ID " + request.getRemoteUser());
480             _log.error("Current URL " + PortalUtil.getCurrentURL(request));
481             _log.error("Referer " + request.getHeader("Referer"));
482             _log.error("Remote address " + request.getRemoteAddr());
483 
484             _log.error(msg + " " + path);
485         }
486 
487         return mapping;
488     }
489 
490     protected HttpServletRequest processMultipart(HttpServletRequest request) {
491 
492         // Disable Struts from automatically wrapping a multipart request
493 
494         return request;
495     }
496 
497     protected String processPath(
498             HttpServletRequest request, HttpServletResponse response)
499         throws IOException {
500 
501         String path = super.processPath(request, response);
502 
503         HttpSession session = request.getSession();
504 
505         ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
506             WebKeys.THEME_DISPLAY);
507 
508         // Current users
509 
510         UserTracker userTracker = LiveUsers.getUserTracker(
511             themeDisplay.getCompanyId(), session.getId());
512 
513         if ((userTracker != null) && (path != null) &&
514             (!path.equals(_PATH_C)) &&
515             (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
516             (path.indexOf(_PATH_PORTAL_PROTECTED) == -1) &&
517             (!_trackerIgnorePaths.contains(path))) {
518 
519             StringBuilder sb = null;
520 
521             try {
522                 if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
523                     sb = getFriendlyTrackerPath(path, themeDisplay, request);
524                 }
525             }
526             catch (Exception e) {
527                 _log.error(e, e);
528             }
529 
530             if (sb == null) {
531                 sb = new StringBuilder();
532 
533                 sb.append(path);
534                 sb.append(StringPool.QUESTION);
535                 sb.append(request.getQueryString());
536             }
537 
538             UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
539 
540             userTrackerPath.setUserTrackerId(userTracker.getUserTrackerId());
541             userTrackerPath.setPath(sb.toString());
542             userTrackerPath.setPathDate(new Date());
543 
544             userTracker.addPath(userTrackerPath);
545         }
546 
547         String remoteUser = request.getRemoteUser();
548 
549         User user = null;
550 
551         try {
552             user = PortalUtil.getUser(request);
553         }
554         catch (Exception e) {
555         }
556 
557         // Last path
558 
559         if ((path != null) && (_lastPaths.contains(path)) &&
560             (!_trackerIgnorePaths.contains(path))) {
561 
562             boolean saveLastPath = ParamUtil.getBoolean(
563                 request, "saveLastPath", true);
564 
565             if (themeDisplay.isLifecycleResource() ||
566                 themeDisplay.isStateExclusive() ||
567                 themeDisplay.isStatePopUp() ||
568                 !request.getMethod().equalsIgnoreCase(HttpMethods.GET)) {
569 
570                 saveLastPath = false;
571             }
572 
573             // Save last path
574 
575             if (saveLastPath) {
576 
577                 // Was a last path set by another servlet that dispatched to
578                 // the MainServlet? If so, use that last path instead.
579 
580                 LastPath lastPath = (LastPath)request.getAttribute(
581                     WebKeys.LAST_PATH);
582 
583                 if (lastPath == null) {
584                     lastPath = new LastPath(
585                         themeDisplay.getPathMain(), path,
586                         request.getParameterMap());
587                 }
588 
589                 session.setAttribute(WebKeys.LAST_PATH, lastPath);
590             }
591         }
592 
593         // Authenticated users can always log out
594 
595         if (((remoteUser != null) || (user != null)) && (path != null) &&
596             (path.equals(_PATH_PORTAL_LOGOUT))) {
597 
598             return path;
599         }
600 
601         // Authenticated users can always extend or confirm their session
602 
603         if (((remoteUser != null) || (user != null)) && (path != null) &&
604             (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
605              path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
606 
607             return path;
608         }
609 
610         // Authenticated users can always agree to terms of use
611 
612         if (((remoteUser != null) || (user != null)) && (path != null) &&
613             (path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE))) {
614 
615             return path;
616         }
617 
618         // Authenticated users must still exist in the system
619 
620         if ((remoteUser != null) && (user == null)) {
621             return _PATH_PORTAL_LOGOUT;
622         }
623 
624         // Authenticated users should agree to Terms of Use
625 
626         if ((user != null) && !user.isAgreedToTermsOfUse()) {
627             boolean termsOfUseRequired = false;
628 
629             try {
630                 termsOfUseRequired = PrefsPropsUtil.getBoolean(
631                     user.getCompanyId(), PropsKeys.TERMS_OF_USE_REQUIRED);
632             }
633             catch (SystemException se) {
634                 termsOfUseRequired = PropsValues.TERMS_OF_USE_REQUIRED;
635             }
636 
637             if (termsOfUseRequired) {
638                 return _PATH_PORTAL_TERMS_OF_USE;
639             }
640         }
641 
642         // Authenticated users must be active
643 
644         if ((user != null) && !user.isActive()) {
645             SessionErrors.add(request, UserActiveException.class.getName());
646 
647             return _PATH_PORTAL_ERROR;
648         }
649 
650         // Authenticated users must have a current password
651 
652         if ((user != null) && user.isPasswordReset()) {
653             return _PATH_PORTAL_UPDATE_PASSWORD;
654         }
655 
656         // Authenticated users must have an email address
657 
658         if ((user != null) && Validator.isNull(user.getEmailAddress())) {
659             return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
660         }
661 
662         // Authenticated users should have a reminder query
663 
664         if ((user != null) &&
665             (Validator.isNull(user.getReminderQueryQuestion()) ||
666              Validator.isNull(user.getReminderQueryAnswer()))) {
667 
668             if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
669                 return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
670             }
671         }
672 
673         // Authenticated users must have at least one personalized page
674 
675         /*if (user != null) {
676             List<Layout> layouts = themeDisplay.getLayouts();
677 
678             if ((layouts == null) || (layouts.size() == 0)) {
679                 SessionErrors.add(
680                     request, RequiredLayoutException.class.getName());
681 
682                 return _PATH_PORTAL_ERROR;
683             }
684         }*/
685 
686         // Users must sign in
687 
688         if (!isPublicPath(path)) {
689             if (user == null) {
690                 SessionErrors.add(request, PrincipalException.class.getName());
691 
692                 return _PATH_PORTAL_LOGIN;
693             }
694         }
695 
696         ActionMapping mapping =
697             (ActionMapping)moduleConfig.findActionConfig(path);
698 
699         if (path.startsWith(_PATH_WSRP)) {
700             path = _PATH_WSRP;
701         }
702         else {
703             path = mapping.getPath();
704         }
705 
706         // Authenticated users must have at least one role
707 
708         if (user != null) {
709             try {
710 
711                 // FIX ME
712 
713                 if (false) {
714                     SessionErrors.add(
715                         request, RequiredRoleException.class.getName());
716 
717                     return _PATH_PORTAL_ERROR;
718                 }
719             }
720             catch (Exception e) {
721                 e.printStackTrace();
722             }
723         }
724 
725         // Define the portlet objects
726 
727         if (isPortletPath(path)) {
728             try {
729                 Portlet portlet = null;
730 
731                 long companyId = PortalUtil.getCompanyId(request);
732                 String portletId = ParamUtil.getString(request, "p_p_id");
733 
734                 if (Validator.isNotNull(portletId)) {
735                     portlet = PortletLocalServiceUtil.getPortletById(
736                         companyId, portletId);
737                 }
738 
739                 if (portlet == null) {
740                     String strutsPath = path.substring(
741                         1, path.lastIndexOf(StringPool.SLASH));
742 
743                     portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
744                         companyId, strutsPath);
745                 }
746 
747                 if ((portlet != null) && portlet.isActive()) {
748                     defineObjects(request, response, portlet);
749                 }
750             }
751             catch (Exception e) {
752                 request.setAttribute(PageContext.EXCEPTION, e);
753 
754                 path = _PATH_COMMON_ERROR;
755             }
756         }
757 
758         // Authenticated users must have access to at least one layout
759 
760         if (SessionErrors.contains(
761                 request, LayoutPermissionException.class.getName())) {
762 
763             return _PATH_PORTAL_ERROR;
764         }
765 
766         return path;
767     }
768 
769     protected boolean processRoles(
770             HttpServletRequest request, HttpServletResponse response,
771             ActionMapping mapping)
772         throws IOException, ServletException {
773 
774         String path = mapping.getPath();
775 
776         if (isPublicPath(path)) {
777             return true;
778         }
779 
780         boolean authorized = true;
781 
782         User user = null;
783 
784         try {
785             user = PortalUtil.getUser(request);
786         }
787         catch (Exception e) {
788         }
789 
790         if ((user != null) && isPortletPath(path)) {
791             try {
792 
793                 // Authenticated users can always log out
794 
795                 if (path.equals(_PATH_PORTAL_LOGOUT)) {
796                     return true;
797                 }
798 
799                 Portlet portlet = null;
800 
801                 String portletId = ParamUtil.getString(request, "p_p_id");
802 
803                 if (Validator.isNotNull(portletId)) {
804                     portlet = PortletLocalServiceUtil.getPortletById(
805                         user.getCompanyId(), portletId);
806                 }
807 
808                 String strutsPath = path.substring(
809                     1, path.lastIndexOf(StringPool.SLASH));
810 
811                 if (portlet != null) {
812                     if (!strutsPath.equals(portlet.getStrutsPath())) {
813                         throw new PrincipalException();
814                     }
815                 }
816                 else {
817                     portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
818                         user.getCompanyId(), strutsPath);
819                 }
820 
821                 if ((portlet != null) && portlet.isActive()) {
822                     ThemeDisplay themeDisplay =
823                         (ThemeDisplay)request.getAttribute(
824                             WebKeys.THEME_DISPLAY);
825 
826                     Layout layout = themeDisplay.getLayout();
827                     PermissionChecker permissionChecker =
828                         themeDisplay.getPermissionChecker();
829 
830                     if (!PortletPermissionUtil.contains(
831                             permissionChecker, layout.getPlid(), portlet,
832                             ActionKeys.VIEW)) {
833 
834                         throw new PrincipalException();
835                     }
836                 }
837                 else if (portlet != null && !portlet.isActive()) {
838                     SessionErrors.add(
839                         request, PortletActiveException.class.getName());
840 
841                     authorized = false;
842                 }
843             }
844             catch (Exception e) {
845                 SessionErrors.add(request, PrincipalException.class.getName());
846 
847                 authorized = false;
848             }
849         }
850 
851         if (!authorized) {
852             ForwardConfig forwardConfig =
853                 mapping.findForward(_PATH_PORTAL_ERROR);
854 
855             processForwardConfig(request, response, forwardConfig);
856 
857             return false;
858         }
859         else {
860             return true;
861         }
862     }
863 
864     private static String _PATH_C = "/c";
865 
866     private static String _PATH_COMMON = "/common";
867 
868     private static String _PATH_COMMON_ERROR = "/common/error";
869 
870     private static String _PATH_J_SECURITY_CHECK = "/j_security_check";
871 
872     private static String _PATH_PORTAL = "/portal";
873 
874     private static String _PATH_PORTAL_ERROR = "/portal/error";
875 
876     private static String _PATH_PORTAL_EXPIRE_SESSION =
877         "/portal/expire_session";
878 
879     private static String _PATH_PORTAL_EXTEND_SESSION =
880         "/portal/extend_session";
881 
882     private static String _PATH_PORTAL_FLASH = "/portal/flash";
883 
884     private static String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
885 
886     private static String _PATH_PORTAL_LAYOUT = "/portal/layout";
887 
888     private static String _PATH_PORTAL_LOGIN = "/portal/login";
889 
890     private static String _PATH_PORTAL_LOGOUT = "/portal/logout";
891 
892     private static String _PATH_PORTAL_PROTECTED = "/portal/protected";
893 
894     private static String _PATH_PORTAL_RENDER_PORTLET =
895         "/portal/render_portlet";
896 
897     private static String _PATH_PORTAL_TCK = "/portal/tck";
898 
899     private static String _PATH_PORTAL_TERMS_OF_USE = "/portal/terms_of_use";
900 
901     private static String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
902         "/portal/update_email_address";
903 
904     private static String _PATH_PORTAL_UPDATE_PASSWORD =
905         "/portal/update_password";
906 
907     private static String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
908         "/portal/update_reminder_query";
909 
910     private static String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
911         "/portal/update_terms_of_use";
912 
913     private static String _PATH_WSRP = "/wsrp";
914 
915     private static Log _log =
916         LogFactoryUtil.getLog(PortalRequestProcessor.class);
917 
918     private Set<String> _lastPaths;
919     private Set<String> _publicPaths;
920     private Set<String> _trackerIgnorePaths;
921 
922 }