1
14
15 package com.liferay.portal.security.auth;
16
17 import com.liferay.portal.kernel.log.Log;
18 import com.liferay.portal.kernel.log.LogFactoryUtil;
19 import com.liferay.portal.kernel.util.ParamUtil;
20 import com.liferay.portal.kernel.util.StringPool;
21 import com.liferay.portal.kernel.util.Validator;
22 import com.liferay.portal.model.User;
23 import com.liferay.portal.security.ldap.PortalLDAPImporter;
24 import com.liferay.portal.security.ldap.PortalLDAPUtil;
25 import com.liferay.portal.util.PortalUtil;
26 import com.liferay.portal.util.WebKeys;
27
28 import javax.naming.directory.SearchResult;
29 import javax.naming.ldap.LdapContext;
30
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpServletResponse;
33
34
39 public class NtlmAutoLogin implements AutoLogin {
40
41 public String[] login(
42 HttpServletRequest request, HttpServletResponse response) {
43
44 String[] credentials = null;
45
46 try {
47 long companyId = PortalUtil.getCompanyId(request);
48
49 if (!AuthSettingsUtil.isNtlmEnabled(companyId)) {
50 return credentials;
51 }
52
53 String screenName = (String)request.getAttribute(
54 WebKeys.NTLM_REMOTE_USER);
55
56 if (screenName == null) {
57 return credentials;
58 }
59
60 request.removeAttribute(WebKeys.NTLM_REMOTE_USER);
61
62 User user = getUser(companyId, screenName);
63
64 if (user != null) {
65 String redirect = ParamUtil.getString(request, "redirect");
66
67 if (Validator.isNotNull(redirect)) {
68 request.setAttribute(
69 AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE, redirect);
70 }
71
72 credentials = new String[3];
73
74 credentials[0] = String.valueOf(user.getUserId());
75 credentials[1] = user.getPassword();
76 credentials[2] = Boolean.TRUE.toString();
77 }
78 }
79 catch (Exception e) {
80 _log.error(e, e);
81 }
82
83 return credentials;
84 }
85
86 protected User getUser(long companyId, String screenName) throws Exception {
87 long ldapServerId = PortalLDAPUtil.getLdapServerId(
88 companyId, screenName);
89
90 SearchResult result = (SearchResult)PortalLDAPUtil.getUser(
91 ldapServerId, companyId, screenName);
92
93 if (result == null) {
94 if (_log.isWarnEnabled()) {
95 _log.warn(
96 "No user was found in LDAP with screenName " + screenName);
97 }
98
99 return null;
100 }
101
102 LdapContext ctx = PortalLDAPUtil.getContext(ldapServerId, companyId);
103
104 User user = PortalLDAPImporter.importLDAPUser(
105 ldapServerId, companyId, ctx, result.getAttributes(),
106 StringPool.BLANK, false);
107
108 ctx.close();
109
110 return user;
111 }
112
113 private static Log _log = LogFactoryUtil.getLog(NtlmAutoLogin.class);
114
115 }