001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.struts;
016    
017    import com.liferay.portal.LayoutPermissionException;
018    import com.liferay.portal.PortletActiveException;
019    import com.liferay.portal.UserActiveException;
020    import com.liferay.portal.kernel.exception.SystemException;
021    import com.liferay.portal.kernel.log.Log;
022    import com.liferay.portal.kernel.log.LogFactoryUtil;
023    import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
024    import com.liferay.portal.kernel.servlet.HttpMethods;
025    import com.liferay.portal.kernel.servlet.SessionErrors;
026    import com.liferay.portal.kernel.struts.LastPath;
027    import com.liferay.portal.kernel.util.CharPool;
028    import com.liferay.portal.kernel.util.GetterUtil;
029    import com.liferay.portal.kernel.util.HttpUtil;
030    import com.liferay.portal.kernel.util.JavaConstants;
031    import com.liferay.portal.kernel.util.ParamUtil;
032    import com.liferay.portal.kernel.util.PropsKeys;
033    import com.liferay.portal.kernel.util.StringBundler;
034    import com.liferay.portal.kernel.util.StringPool;
035    import com.liferay.portal.kernel.util.Validator;
036    import com.liferay.portal.liveusers.LiveUsers;
037    import com.liferay.portal.model.Layout;
038    import com.liferay.portal.model.LayoutConstants;
039    import com.liferay.portal.model.Portlet;
040    import com.liferay.portal.model.PortletPreferencesIds;
041    import com.liferay.portal.model.User;
042    import com.liferay.portal.model.UserTracker;
043    import com.liferay.portal.model.UserTrackerPath;
044    import com.liferay.portal.security.auth.PrincipalException;
045    import com.liferay.portal.security.permission.ActionKeys;
046    import com.liferay.portal.security.permission.PermissionChecker;
047    import com.liferay.portal.service.LayoutLocalServiceUtil;
048    import com.liferay.portal.service.PortletLocalServiceUtil;
049    import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
050    import com.liferay.portal.service.permission.PortletPermissionUtil;
051    import com.liferay.portal.service.persistence.UserTrackerPathUtil;
052    import com.liferay.portal.theme.ThemeDisplay;
053    import com.liferay.portal.util.PortalUtil;
054    import com.liferay.portal.util.PrefsPropsUtil;
055    import com.liferay.portal.util.PropsUtil;
056    import com.liferay.portal.util.PropsValues;
057    import com.liferay.portal.util.WebKeys;
058    import com.liferay.portlet.InvokerPortlet;
059    import com.liferay.portlet.PortletConfigFactoryUtil;
060    import com.liferay.portlet.PortletInstanceFactoryUtil;
061    import com.liferay.portlet.PortletPreferencesFactoryUtil;
062    import com.liferay.portlet.PortletURLImpl;
063    import com.liferay.portlet.RenderRequestFactory;
064    import com.liferay.portlet.RenderRequestImpl;
065    import com.liferay.portlet.RenderResponseFactory;
066    import com.liferay.portlet.RenderResponseImpl;
067    
068    import java.io.IOException;
069    
070    import java.util.Date;
071    import java.util.HashSet;
072    import java.util.Iterator;
073    import java.util.Map.Entry;
074    import java.util.Map;
075    import java.util.Set;
076    
077    import javax.portlet.PortletConfig;
078    import javax.portlet.PortletContext;
079    import javax.portlet.PortletMode;
080    import javax.portlet.PortletPreferences;
081    import javax.portlet.PortletRequest;
082    import javax.portlet.WindowState;
083    
084    import javax.servlet.ServletContext;
085    import javax.servlet.ServletException;
086    import javax.servlet.http.HttpServletRequest;
087    import javax.servlet.http.HttpServletResponse;
088    import javax.servlet.http.HttpSession;
089    import javax.servlet.jsp.PageContext;
090    
091    import org.apache.struts.action.ActionMapping;
092    import org.apache.struts.config.ForwardConfig;
093    import org.apache.struts.tiles.TilesRequestProcessor;
094    
095    /**
096     * @author Brian Wing Shun Chan
097     * @author Jorge Ferrer
098     * @author Wesley Gong
099     */
100    public class PortalRequestProcessor extends TilesRequestProcessor {
101    
102            public PortalRequestProcessor() {
103    
104                    // auth.forward.last.path.
105    
106                    _lastPaths = new HashSet<String>();
107    
108                    _lastPaths.add(_PATH_PORTAL_LAYOUT);
109    
110                    addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
111    
112                    // auth.public.path.
113    
114                    _publicPaths = new HashSet<String>();
115    
116                    _publicPaths.add(_PATH_C);
117                    _publicPaths.add(_PATH_PORTAL_EE_LICENSE);
118                    _publicPaths.add(_PATH_PORTAL_FLASH);
119                    _publicPaths.add(_PATH_PORTAL_J_LOGIN);
120                    _publicPaths.add(_PATH_PORTAL_LAYOUT);
121                    _publicPaths.add(_PATH_PORTAL_LOGIN);
122                    _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
123                    _publicPaths.add(_PATH_PORTAL_TCK);
124                    _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
125    
126                    addPaths(_publicPaths, PropsKeys.AUTH_PUBLIC_PATHS);
127    
128                    _trackerIgnorePaths = new HashSet<String>();
129    
130                    addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
131            }
132    
133            public void process(
134                            HttpServletRequest request, HttpServletResponse response)
135                    throws IOException, ServletException {
136    
137                    String path = super.processPath(request, response);
138    
139                    ActionMapping mapping = (ActionMapping)moduleConfig.findActionConfig(
140                            path);
141    
142                    if (mapping == null) {
143                            String lastPath = getLastPath(request);
144    
145                            if (_log.isDebugEnabled()) {
146                                    _log.debug("Last path " + lastPath);
147                            }
148    
149                            response.sendRedirect(lastPath);
150    
151                            return;
152                    }
153    
154                    super.process(request, response);
155    
156                    try {
157                            if (isPortletPath(path)) {
158                                    cleanUp(request);
159                            }
160                    }
161                    catch (Exception e) {
162                            _log.error(e, e);
163                    }
164            }
165    
166            protected void addPaths(Set<String> paths, String propsKey) {
167                    String[] pathsArray = PropsUtil.getArray(propsKey);
168    
169                    for (String path : pathsArray) {
170                            paths.add(path);
171                    }
172            }
173    
174            protected void callParentDoForward(
175                            String uri, HttpServletRequest request,
176                            HttpServletResponse response)
177                    throws IOException, ServletException {
178    
179                    super.doForward(uri, request, response);
180            }
181    
182            protected HttpServletRequest callParentProcessMultipart(
183                    HttpServletRequest request) {
184    
185                    return super.processMultipart(request);
186            }
187    
188            protected String callParentProcessPath(
189                            HttpServletRequest request, HttpServletResponse response)
190                    throws IOException {
191    
192                    return super.processPath(request, response);
193            }
194    
195            protected boolean callParentProcessRoles(
196                            HttpServletRequest request, HttpServletResponse response,
197                            ActionMapping mapping)
198                    throws IOException, ServletException {
199    
200                    return super.processRoles(request, response, mapping);
201            }
202    
203            protected void cleanUp(HttpServletRequest request) throws Exception {
204    
205                    // Clean up portlet objects that may have been created by defineObjects
206                    // for portlets that are called directly from a Struts path
207    
208                    RenderRequestImpl renderRequestImpl =
209                            (RenderRequestImpl)request.getAttribute(
210                                    JavaConstants.JAVAX_PORTLET_REQUEST);
211    
212                    if (renderRequestImpl != null) {
213                            renderRequestImpl.cleanUp();
214                    }
215            }
216    
217            protected void defineObjects(
218                            HttpServletRequest request, HttpServletResponse response,
219                            Portlet portlet)
220                    throws Exception {
221    
222                    String portletId = portlet.getPortletId();
223    
224                    ServletContext servletContext = (ServletContext)request.getAttribute(
225                            WebKeys.CTX);
226    
227                    InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
228                            portlet, servletContext);
229    
230                    PortletPreferencesIds portletPreferencesIds =
231                            PortletPreferencesFactoryUtil.getPortletPreferencesIds(
232                                    request, portletId);
233    
234                    PortletPreferences portletPreferences =
235                            PortletPreferencesLocalServiceUtil.getPreferences(
236                                    portletPreferencesIds);
237    
238                    PortletConfig portletConfig = PortletConfigFactoryUtil.create(
239                            portlet, servletContext);
240                    PortletContext portletContext = portletConfig.getPortletContext();
241    
242                    RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
243                            request, portlet, invokerPortlet, portletContext,
244                            WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
245    
246                    RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
247                            renderRequestImpl, response, portletId, portlet.getCompanyId());
248    
249                    renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
250    
251                    request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
252            }
253    
254            protected void doForward(
255                            String uri, HttpServletRequest request,
256                            HttpServletResponse response)
257                    throws ServletException {
258    
259                    StrutsUtil.forward(uri, getServletContext(), request, response);
260            }
261    
262            protected void doInclude(
263                            String uri, HttpServletRequest request,
264                            HttpServletResponse response)
265                    throws ServletException {
266    
267                    StrutsUtil.include(uri, getServletContext(), request, response);
268            }
269    
270            protected String getFriendlyTrackerPath(
271                            String path, ThemeDisplay themeDisplay, HttpServletRequest request)
272                    throws Exception {
273    
274                    if (!path.equals(_PATH_PORTAL_LAYOUT)) {
275                            return null;
276                    }
277    
278                    long plid = ParamUtil.getLong(request, "p_l_id");
279    
280                    if (plid == 0) {
281                            return null;
282                    }
283    
284                    Layout layout = LayoutLocalServiceUtil.getLayout(plid);
285    
286                    String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
287                            layout, themeDisplay);
288    
289                    String portletId = ParamUtil.getString(request, "p_p_id");
290    
291                    if (Validator.isNull(portletId)) {
292                            return layoutFriendlyURL;
293                    }
294    
295                    long companyId = PortalUtil.getCompanyId(request);
296    
297                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
298                            companyId, portletId);
299    
300                    if (portlet == null) {
301                            String strutsPath = path.substring(
302                                    1, path.lastIndexOf(CharPool.SLASH));
303    
304                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
305                                    companyId, strutsPath);
306                    }
307    
308                    if ((portlet == null) || !portlet.isActive()) {
309                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
310                                    request.getQueryString());
311                    }
312    
313                    String namespace = PortalUtil.getPortletNamespace(portletId);
314    
315                    FriendlyURLMapper friendlyURLMapper =
316                            portlet.getFriendlyURLMapperInstance();
317    
318                    if (friendlyURLMapper == null) {
319                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
320                                    request.getQueryString());
321                    }
322    
323                    PortletURLImpl portletURL = new PortletURLImpl(
324                            request, portletId, plid, PortletRequest.RENDER_PHASE);
325    
326                    Iterator<Map.Entry<String, String[]>> itr =
327                            request.getParameterMap().entrySet().iterator();
328    
329                    while (itr.hasNext()) {
330                            Entry<String, String[]> entry = itr.next();
331    
332                            String key = entry.getKey();
333    
334                            if (key.startsWith(namespace)) {
335                                    key = key.substring(namespace.length());
336    
337                                    portletURL.setParameter(key, entry.getValue());
338                            }
339                    }
340    
341                    String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
342    
343                    if (portletFriendlyURL != null) {
344                            return layoutFriendlyURL.concat(portletFriendlyURL);
345                    }
346                    else {
347                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
348                                    request.getQueryString());
349                    }
350            }
351    
352            protected String getLastPath(HttpServletRequest request) {
353                    HttpSession session = request.getSession();
354    
355                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
356                            WebKeys.THEME_DISPLAY);
357    
358                    Boolean httpsInitial = (Boolean)session.getAttribute(
359                            WebKeys.HTTPS_INITIAL);
360    
361                    String portalURL = null;
362    
363                    if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
364                            (!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&
365                            (httpsInitial != null) && (!httpsInitial.booleanValue())) {
366    
367                            portalURL = PortalUtil.getPortalURL(request, false);
368                    }
369                    else {
370                            portalURL = PortalUtil.getPortalURL(request);
371                    }
372    
373                    StringBundler sb = new StringBundler();
374    
375                    sb.append(portalURL);
376                    sb.append(themeDisplay.getPathMain());
377                    sb.append(_PATH_PORTAL_LAYOUT);
378    
379                    if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
380                            if (request.getRemoteUser() != null) {
381    
382                                    // If we do not forward by last path and the user is logged in,
383                                    // forward to the user's default layout to prevent a lagging
384                                    // loop
385    
386                                    sb.append(StringPool.QUESTION);
387                                    sb.append("p_l_id");
388                                    sb.append(StringPool.EQUAL);
389                                    sb.append(LayoutConstants.DEFAULT_PLID);
390                            }
391    
392                            return sb.toString();
393                    }
394    
395                    LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
396    
397                    if (lastPath == null) {
398                            return sb.toString();
399                    }
400    
401                    Map<String, String[]> parameterMap = lastPath.getParameterMap();
402    
403                    // Only test for existing mappings for last paths that were set when the
404                    // user accessed a layout directly instead of through its friendly URL
405    
406                    if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
407                            ActionMapping mapping =
408                                    (ActionMapping)moduleConfig.findActionConfig(
409                                            lastPath.getPath());
410    
411                            if ((mapping == null) || (parameterMap == null)) {
412                                    return sb.toString();
413                            }
414                    }
415    
416                    StringBundler lastPathSB = new StringBundler(4);
417    
418                    lastPathSB.append(portalURL);
419                    lastPathSB.append(lastPath.getContextPath());
420                    lastPathSB.append(lastPath.getPath());
421                    lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
422    
423                    return lastPathSB.toString();
424            }
425    
426            protected boolean isPortletPath(String path) {
427                    if ((path != null) &&
428                            (!path.equals(_PATH_C)) &&
429                            (!path.startsWith(_PATH_COMMON)) &&
430                            (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
431                            (!path.startsWith(_PATH_PORTAL))) {
432    
433                            return true;
434                    }
435                    else {
436                            return false;
437                    }
438            }
439    
440            protected boolean isPublicPath(String path) {
441                    if ((path != null) &&
442                            (_publicPaths.contains(path)) ||
443                            (path.startsWith(_PATH_COMMON))) {
444    
445                            return true;
446                    }
447                    else {
448                            return false;
449                    }
450            }
451    
452            protected ActionMapping processMapping(
453                            HttpServletRequest request, HttpServletResponse response,
454                            String path)
455                    throws IOException {
456    
457                    if (path == null) {
458                            return null;
459                    }
460    
461                    ActionMapping mapping = super.processMapping(request, response, path);
462    
463                    if (mapping == null) {
464                            String msg = getInternal().getMessage("processInvalid");
465    
466                            _log.error("User ID " + request.getRemoteUser());
467                            _log.error("Current URL " + PortalUtil.getCurrentURL(request));
468                            _log.error("Referer " + request.getHeader("Referer"));
469                            _log.error("Remote address " + request.getRemoteAddr());
470    
471                            _log.error(msg + " " + path);
472                    }
473    
474                    return mapping;
475            }
476    
477            protected HttpServletRequest processMultipart(HttpServletRequest request) {
478    
479                    // Disable Struts from automatically wrapping a multipart request
480    
481                    return request;
482            }
483    
484            protected String processPath(
485                            HttpServletRequest request, HttpServletResponse response)
486                    throws IOException {
487    
488                    String path = GetterUtil.getString(
489                            super.processPath(request, response));
490    
491                    HttpSession session = request.getSession();
492    
493                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
494                            WebKeys.THEME_DISPLAY);
495    
496                    // Current users
497    
498                    UserTracker userTracker = LiveUsers.getUserTracker(
499                            themeDisplay.getCompanyId(), session.getId());
500    
501                    if ((userTracker != null) && (!path.equals(_PATH_C)) &&
502                            (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
503                            (path.indexOf(_PATH_PORTAL_PROTECTED) == -1) &&
504                            (!_trackerIgnorePaths.contains(path))) {
505    
506                            String fullPath = null;
507    
508                            try {
509                                    if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
510                                            fullPath = getFriendlyTrackerPath(
511                                                    path, themeDisplay, request);
512                                    }
513                            }
514                            catch (Exception e) {
515                                    _log.error(e, e);
516                            }
517    
518                            String queryString = request.getQueryString();
519    
520                            if (Validator.isNull(fullPath) &&
521                                    Validator.isNotNull(queryString)) {
522    
523                                    fullPath = path.concat(StringPool.QUESTION).concat(queryString);
524                            }
525                            else {
526                                    fullPath = path;
527                            }
528    
529                            UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
530    
531                            userTrackerPath.setUserTrackerId(userTracker.getUserTrackerId());
532                            userTrackerPath.setPath(fullPath);
533                            userTrackerPath.setPathDate(new Date());
534    
535                            userTracker.addPath(userTrackerPath);
536                    }
537    
538                    String remoteUser = request.getRemoteUser();
539    
540                    User user = null;
541    
542                    try {
543                            user = PortalUtil.getUser(request);
544                    }
545                    catch (Exception e) {
546                    }
547    
548                    // Last path
549    
550                    if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
551                            boolean saveLastPath = ParamUtil.getBoolean(
552                                    request, "saveLastPath", true);
553    
554                            if (themeDisplay.isLifecycleResource() ||
555                                    themeDisplay.isStateExclusive() ||
556                                    themeDisplay.isStatePopUp() ||
557                                    !request.getMethod().equalsIgnoreCase(HttpMethods.GET)) {
558    
559                                    saveLastPath = false;
560                            }
561    
562                            // Save last path
563    
564                            if (saveLastPath) {
565    
566                                    // Was a last path set by another servlet that dispatched to
567                                    // the MainServlet? If so, use that last path instead.
568    
569                                    LastPath lastPath = (LastPath)request.getAttribute(
570                                            WebKeys.LAST_PATH);
571    
572                                    if (lastPath == null) {
573                                            lastPath = new LastPath(
574                                                    themeDisplay.getPathMain(), path,
575                                                    request.getParameterMap());
576                                    }
577    
578                                    session.setAttribute(WebKeys.LAST_PATH, lastPath);
579                            }
580                    }
581    
582                    // Authenticated users can always log out
583    
584                    if (((remoteUser != null) || (user != null)) &&
585                            (path.equals(_PATH_PORTAL_LOGOUT))) {
586    
587                            return path;
588                    }
589    
590                    // Authenticated users can always extend or confirm their session
591    
592                    if (((remoteUser != null) || (user != null)) &&
593                            (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
594                             path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
595    
596                            return path;
597                    }
598    
599                    // Authenticated users can always agree to terms of use
600    
601                    if (((remoteUser != null) || (user != null)) &&
602                            (path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE))) {
603    
604                            return path;
605                    }
606    
607                    // Authenticated users must still exist in the system
608    
609                    if ((remoteUser != null) && (user == null)) {
610                            return _PATH_PORTAL_LOGOUT;
611                    }
612    
613                    // Authenticated users must be active
614    
615                    if ((user != null) && !user.isActive()) {
616                            SessionErrors.add(request, UserActiveException.class.getName());
617    
618                            return _PATH_PORTAL_ERROR;
619                    }
620    
621                    if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
622                            !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
623                            !ParamUtil.getBoolean(request, "wsrp")) {
624    
625                            // Authenticated users should agree to Terms of Use
626    
627                            if ((user != null) && !user.isAgreedToTermsOfUse()) {
628                                    boolean termsOfUseRequired = false;
629    
630                                    try {
631                                            termsOfUseRequired = PrefsPropsUtil.getBoolean(
632                                                    user.getCompanyId(), PropsKeys.TERMS_OF_USE_REQUIRED);
633                                    }
634                                    catch (SystemException se) {
635                                            termsOfUseRequired = PropsValues.TERMS_OF_USE_REQUIRED;
636                                    }
637    
638                                    if (termsOfUseRequired) {
639                                            return _PATH_PORTAL_TERMS_OF_USE;
640                                    }
641                            }
642    
643                            // Authenticated users must have a current password
644    
645                            if ((user != null) && user.isPasswordReset()) {
646                                    return _PATH_PORTAL_UPDATE_PASSWORD;
647                            }
648    
649                            // Authenticated users must have an email address
650    
651                            if ((user != null) &&
652                                    Validator.isNull(user.getDisplayEmailAddress())) {
653    
654                                    return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
655                            }
656    
657                            // Authenticated users should have a reminder query
658    
659                            if ((user != null) &&
660                                    (Validator.isNull(user.getReminderQueryQuestion()) ||
661                                     Validator.isNull(user.getReminderQueryAnswer()))) {
662    
663                                    if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
664                                            return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
665                                    }
666                            }
667                    }
668    
669                    // Users must sign in
670    
671                    if (!isPublicPath(path)) {
672                            if (user == null) {
673                                    SessionErrors.add(request, PrincipalException.class.getName());
674    
675                                    return _PATH_PORTAL_LOGIN;
676                            }
677                    }
678    
679                    ActionMapping mapping =
680                            (ActionMapping)moduleConfig.findActionConfig(path);
681    
682                    path = mapping.getPath();
683    
684                    // Define the portlet objects
685    
686                    if (isPortletPath(path)) {
687                            try {
688                                    Portlet portlet = null;
689    
690                                    long companyId = PortalUtil.getCompanyId(request);
691                                    String portletId = ParamUtil.getString(request, "p_p_id");
692    
693                                    if (Validator.isNotNull(portletId)) {
694                                            portlet = PortletLocalServiceUtil.getPortletById(
695                                                    companyId, portletId);
696                                    }
697    
698                                    if (portlet == null) {
699                                            String strutsPath = path.substring(
700                                                    1, path.lastIndexOf(CharPool.SLASH));
701    
702                                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
703                                                    companyId, strutsPath);
704                                    }
705    
706                                    if ((portlet != null) && portlet.isActive()) {
707                                            defineObjects(request, response, portlet);
708                                    }
709                            }
710                            catch (Exception e) {
711                                    request.setAttribute(PageContext.EXCEPTION, e);
712    
713                                    path = _PATH_COMMON_ERROR;
714                            }
715                    }
716    
717                    // Authenticated users must have access to at least one layout
718    
719                    if (SessionErrors.contains(
720                                    request, LayoutPermissionException.class.getName())) {
721    
722                            return _PATH_PORTAL_ERROR;
723                    }
724    
725                    return path;
726            }
727    
728            protected boolean processRoles(
729                            HttpServletRequest request, HttpServletResponse response,
730                            ActionMapping mapping)
731                    throws IOException, ServletException {
732    
733                    String path = mapping.getPath();
734    
735                    if (isPublicPath(path)) {
736                            return true;
737                    }
738    
739                    boolean authorized = true;
740    
741                    User user = null;
742    
743                    try {
744                            user = PortalUtil.getUser(request);
745                    }
746                    catch (Exception e) {
747                    }
748    
749                    if ((user != null) && isPortletPath(path)) {
750                            try {
751    
752                                    // Authenticated users can always log out
753    
754                                    if (path.equals(_PATH_PORTAL_LOGOUT)) {
755                                            return true;
756                                    }
757    
758                                    Portlet portlet = null;
759    
760                                    String portletId = ParamUtil.getString(request, "p_p_id");
761    
762                                    if (Validator.isNotNull(portletId)) {
763                                            portlet = PortletLocalServiceUtil.getPortletById(
764                                                    user.getCompanyId(), portletId);
765                                    }
766    
767                                    String strutsPath = path.substring(
768                                            1, path.lastIndexOf(CharPool.SLASH));
769    
770                                    if (portlet != null) {
771                                            if (!strutsPath.equals(portlet.getStrutsPath())) {
772                                                    throw new PrincipalException();
773                                            }
774                                    }
775                                    else {
776                                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
777                                                    user.getCompanyId(), strutsPath);
778                                    }
779    
780                                    if ((portlet != null) && portlet.isActive()) {
781                                            ThemeDisplay themeDisplay =
782                                                    (ThemeDisplay)request.getAttribute(
783                                                            WebKeys.THEME_DISPLAY);
784    
785                                            Layout layout = themeDisplay.getLayout();
786                                            PermissionChecker permissionChecker =
787                                                    themeDisplay.getPermissionChecker();
788    
789                                            if (!PortletPermissionUtil.contains(
790                                                            permissionChecker, layout.getPlid(), portlet,
791                                                            ActionKeys.VIEW)) {
792    
793                                                    throw new PrincipalException();
794                                            }
795                                    }
796                                    else if (portlet != null && !portlet.isActive()) {
797                                            SessionErrors.add(
798                                                    request, PortletActiveException.class.getName());
799    
800                                            authorized = false;
801                                    }
802                            }
803                            catch (Exception e) {
804                                    SessionErrors.add(request, PrincipalException.class.getName());
805    
806                                    authorized = false;
807                            }
808                    }
809    
810                    if (!authorized) {
811                            ForwardConfig forwardConfig =
812                                    mapping.findForward(_PATH_PORTAL_ERROR);
813    
814                            processForwardConfig(request, response, forwardConfig);
815    
816                            return false;
817                    }
818                    else {
819                            return true;
820                    }
821            }
822    
823            private static String _PATH_C = "/c";
824    
825            private static String _PATH_COMMON = "/common";
826    
827            private static String _PATH_COMMON_ERROR = "/common/error";
828    
829            private static String _PATH_J_SECURITY_CHECK = "/j_security_check";
830    
831            private static String _PATH_PORTAL = "/portal";
832    
833            private static String _PATH_PORTAL_EE_LICENSE = "/portal/ee/license";
834    
835            private static String _PATH_PORTAL_ERROR = "/portal/error";
836    
837            private static String _PATH_PORTAL_EXPIRE_SESSION =
838                    "/portal/expire_session";
839    
840            private static String _PATH_PORTAL_EXTEND_SESSION =
841                    "/portal/extend_session";
842    
843            private static String _PATH_PORTAL_FLASH = "/portal/flash";
844    
845            private static String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
846    
847            private static String _PATH_PORTAL_JSON_SERVICE = "/portal/json_service";
848    
849            private static String _PATH_PORTAL_LAYOUT = "/portal/layout";
850    
851            private static String _PATH_PORTAL_LOGIN = "/portal/login";
852    
853            private static String _PATH_PORTAL_LOGOUT = "/portal/logout";
854    
855            private static String _PATH_PORTAL_PROTECTED = "/portal/protected";
856    
857            private static String _PATH_PORTAL_RENDER_PORTLET =
858                    "/portal/render_portlet";
859    
860            private static String _PATH_PORTAL_TCK = "/portal/tck";
861    
862            private static String _PATH_PORTAL_TERMS_OF_USE = "/portal/terms_of_use";
863    
864            private static String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
865                    "/portal/update_email_address";
866    
867            private static String _PATH_PORTAL_UPDATE_PASSWORD =
868                    "/portal/update_password";
869    
870            private static String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
871                    "/portal/update_reminder_query";
872    
873            private static String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
874                    "/portal/update_terms_of_use";
875    
876            private static Log _log = LogFactoryUtil.getLog(
877                    PortalRequestProcessor.class);
878    
879            private Set<String> _lastPaths;
880            private Set<String> _publicPaths;
881            private Set<String> _trackerIgnorePaths;
882    
883    }