1
14
15 package com.liferay.portal.security.auth;
16
17 import com.liferay.portal.kernel.log.Log;
18 import com.liferay.portal.kernel.log.LogFactoryUtil;
19 import com.liferay.portal.kernel.util.GetterUtil;
20 import com.liferay.portal.kernel.util.KeyValuePair;
21 import com.liferay.portal.kernel.util.StringPool;
22 import com.liferay.portal.kernel.util.Validator;
23 import com.liferay.portal.model.Company;
24 import com.liferay.portal.model.User;
25 import com.liferay.portal.service.UserLocalServiceUtil;
26 import com.liferay.portal.util.CookieKeys;
27 import com.liferay.portal.util.PortalUtil;
28
29 import javax.servlet.http.Cookie;
30 import javax.servlet.http.HttpServletRequest;
31 import javax.servlet.http.HttpServletResponse;
32
33
38 public class RememberMeAutoLogin implements AutoLogin {
39
40 public String[] login(
41 HttpServletRequest request, HttpServletResponse response)
42 throws AutoLoginException {
43
44 try {
45 String[] credentials = null;
46
47 String autoUserId = CookieKeys.getCookie(request, CookieKeys.ID);
48 String autoPassword = CookieKeys.getCookie(
49 request, CookieKeys.PASSWORD);
50 String rememberMe = CookieKeys.getCookie(
51 request, CookieKeys.REMEMBER_ME);
52
53
55 if (!PortalUtil.getPathContext().equals(request.getContextPath())) {
56 rememberMe = Boolean.TRUE.toString();
57 }
58
59 if (Validator.isNotNull(autoUserId) &&
60 Validator.isNotNull(autoPassword) &&
61 Validator.isNotNull(rememberMe)) {
62
63 Company company = PortalUtil.getCompany(request);
64
65 KeyValuePair kvp = null;
66
67 if (company.isAutoLogin()) {
68 kvp = UserLocalServiceUtil.decryptUserId(
69 company.getCompanyId(), autoUserId, autoPassword);
70
71 credentials = new String[3];
72
73 credentials[0] = kvp.getKey();
74 credentials[1] = kvp.getValue();
75 credentials[2] = Boolean.FALSE.toString();
76 }
77 }
78
79
81 if (credentials != null) {
82 Company company = PortalUtil.getCompany(request);
83
84 User defaultUser = UserLocalServiceUtil.getDefaultUser(
85 company.getCompanyId());
86
87 long userId = GetterUtil.getLong(credentials[0]);
88
89 if (defaultUser.getUserId() == userId) {
90 credentials = null;
91
92 removeCookies(request, response);
93 }
94 }
95
96 return credentials;
97 }
98 catch (Exception e) {
99 _log.warn(e, e);
100
101 removeCookies(request, response);
102
103 throw new AutoLoginException(e);
104 }
105 }
106
107 protected void removeCookies(
108 HttpServletRequest request, HttpServletResponse response) {
109
110 Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
111
112 cookie.setMaxAge(0);
113 cookie.setPath(StringPool.SLASH);
114
115 CookieKeys.addCookie(request, response, cookie);
116
117 cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
118
119 cookie.setMaxAge(0);
120 cookie.setPath(StringPool.SLASH);
121
122 CookieKeys.addCookie(request, response, cookie);
123 }
124
125 private static Log _log = LogFactoryUtil.getLog(RememberMeAutoLogin.class);
126
127 }