1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.security.auth;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.util.ParamUtil;
20  import com.liferay.portal.kernel.util.StringPool;
21  import com.liferay.portal.kernel.util.Validator;
22  import com.liferay.portal.model.User;
23  import com.liferay.portal.security.ldap.PortalLDAPImporter;
24  import com.liferay.portal.security.ldap.PortalLDAPUtil;
25  import com.liferay.portal.util.PortalUtil;
26  import com.liferay.portal.util.WebKeys;
27  
28  import javax.naming.directory.SearchResult;
29  import javax.naming.ldap.LdapContext;
30  
31  import javax.servlet.http.HttpServletRequest;
32  import javax.servlet.http.HttpServletResponse;
33  
34  /**
35   * <a href="NtlmAutoLogin.java.html"><b><i>View Source</i></b></a>
36   *
37   * @author Bruno Farache
38   */
39  public class NtlmAutoLogin implements AutoLogin {
40  
41      public String[] login(
42          HttpServletRequest request, HttpServletResponse response) {
43  
44          String[] credentials = null;
45  
46          try {
47              long companyId = PortalUtil.getCompanyId(request);
48  
49              if (!AuthSettingsUtil.isNtlmEnabled(companyId)) {
50                  return credentials;
51              }
52  
53              String screenName = (String)request.getAttribute(
54                  WebKeys.NTLM_REMOTE_USER);
55  
56              if (screenName == null) {
57                  return credentials;
58              }
59  
60              request.removeAttribute(WebKeys.NTLM_REMOTE_USER);
61  
62              User user = getUser(companyId, screenName);
63  
64              if (user != null) {
65                  String redirect = ParamUtil.getString(request, "redirect");
66  
67                  if (Validator.isNotNull(redirect)) {
68                      request.setAttribute(
69                          AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE, redirect);
70                  }
71  
72                  credentials = new String[3];
73  
74                  credentials[0] = String.valueOf(user.getUserId());
75                  credentials[1] = user.getPassword();
76                  credentials[2] = Boolean.TRUE.toString();
77              }
78          }
79          catch (Exception e) {
80              _log.error(e, e);
81          }
82  
83          return credentials;
84      }
85  
86      protected User getUser(long companyId, String screenName) throws Exception {
87          long ldapServerId = PortalLDAPUtil.getLdapServerId(
88              companyId, screenName);
89  
90          SearchResult result = (SearchResult)PortalLDAPUtil.getUser(
91              ldapServerId, companyId, screenName);
92  
93          if (result == null) {
94              if (_log.isWarnEnabled()) {
95                  _log.warn(
96                      "No user was found in LDAP with screenName " + screenName);
97              }
98  
99              return null;
100         }
101 
102         LdapContext ctx = PortalLDAPUtil.getContext(ldapServerId, companyId);
103 
104         User user = PortalLDAPImporter.importLDAPUser(
105             ldapServerId, companyId, ctx, result.getAttributes(),
106             StringPool.BLANK, false);
107 
108         ctx.close();
109 
110         return user;
111     }
112 
113     private static Log _log = LogFactoryUtil.getLog(NtlmAutoLogin.class);
114 
115 }