1   /**
2    * Copyright (c) 2000-2007 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portlet.enterpriseadmin.action;
24  
25  import com.liferay.portal.kernel.util.Constants;
26  import com.liferay.portal.kernel.util.ParamUtil;
27  import com.liferay.portal.kernel.util.Validator;
28  import com.liferay.portal.model.Company;
29  import com.liferay.portal.model.impl.RoleImpl;
30  import com.liferay.portal.security.auth.PrincipalException;
31  import com.liferay.portal.service.CompanyServiceUtil;
32  import com.liferay.portal.service.RoleLocalServiceUtil;
33  import com.liferay.portal.servlet.filters.sso.cas.CASFilter;
34  import com.liferay.portal.struts.PortletAction;
35  import com.liferay.portal.util.PortalUtil;
36  import com.liferay.portal.util.PrefsPropsUtil;
37  import com.liferay.portal.util.PropsUtil;
38  import com.liferay.util.ldap.LDAPUtil;
39  import com.liferay.util.servlet.SessionErrors;
40  
41  import java.io.PrintWriter;
42  import java.io.StringWriter;
43  
44  import java.util.Properties;
45  
46  import javax.naming.Context;
47  import javax.naming.ldap.InitialLdapContext;
48  
49  import javax.portlet.ActionRequest;
50  import javax.portlet.ActionResponse;
51  import javax.portlet.PortletConfig;
52  import javax.portlet.PortletPreferences;
53  
54  import org.apache.commons.logging.Log;
55  import org.apache.commons.logging.LogFactory;
56  import org.apache.struts.action.ActionForm;
57  import org.apache.struts.action.ActionMapping;
58  
59  /**
60   * <a href="EditSettingsAction.java.html"><b><i>View Source</i></b></a>
61   *
62   * @author Brian Wing Shun Chan
63   *
64   */
65  public class EditSettingsAction extends PortletAction {
66  
67      public void processAction(
68              ActionMapping mapping, ActionForm form, PortletConfig config,
69              ActionRequest req, ActionResponse res)
70          throws Exception {
71  
72          long companyId = PortalUtil.getCompanyId(req);
73          long userId = PortalUtil.getUserId(req);
74  
75          if (!RoleLocalServiceUtil.hasUserRole(
76                  userId, companyId, RoleImpl.ADMINISTRATOR, true)) {
77  
78              SessionErrors.add(req, PrincipalException.class.getName());
79  
80              setForward(req, "portlet.enterprise_admin.error");
81  
82              return;
83          }
84  
85          PortletPreferences prefs = PrefsPropsUtil.getPreferences(companyId);
86  
87          String cmd = ParamUtil.getString(req, Constants.CMD);
88  
89          if (cmd.equals("updateCAS")) {
90              updateCAS(req, companyId, prefs);
91          }
92          else if (cmd.equals("updateDefaultGroupsAndRoles")) {
93              updateDefaultGroupsAndRoles(req, prefs);
94          }
95          else if (cmd.equals("updateEmails")) {
96              updateEmails(req, prefs);
97          }
98          else if (cmd.equals("updateLdap")) {
99              updateLdap(req, prefs);
100         }
101         else if (cmd.equals("updateMailHostNames")) {
102             updateMailHostNames(req, prefs);
103         }
104         else if (cmd.equals("updateNtlm")) {
105             updateNtlm(req, companyId, prefs);
106         }
107         else if (cmd.equals("updateOpenId")) {
108             updateOpenId(req, prefs);
109         }
110         else if (cmd.equals("updateOpenSSO")) {
111             updateOpenSSO(req, companyId, prefs);
112         }
113         else if (cmd.equals("updateReservedUsers")) {
114             updateReservedUsers(req, prefs);
115         }
116         else if (cmd.equals("updateSecurity")) {
117             updateSecurity(req);
118         }
119 
120         if (SessionErrors.isEmpty(req)) {
121             if (!cmd.equals("updateLdap") && !cmd.equals("updateSecurity")) {
122                 prefs.store();
123             }
124 
125             sendRedirect(req, res);
126         }
127         else {
128             setForward(req, "portlet.enterprise_admin.view");
129         }
130     }
131 
132     protected void updateCAS(
133             ActionRequest req, long companyId, PortletPreferences prefs)
134         throws Exception {
135 
136         boolean enabled = ParamUtil.getBoolean(req, "enabled");
137         boolean importFromLdap = ParamUtil.getBoolean(req, "importFromLdap");
138         String loginUrl = ParamUtil.getString(req, "loginUrl");
139         String logoutUrl = ParamUtil.getString(req, "logoutUrl");
140         String serverName = ParamUtil.getString(req, "serverName");
141         String serviceUrl = ParamUtil.getString(req, "serviceUrl");
142         String validateUrl = ParamUtil.getString(req, "validateUrl");
143 
144         prefs.setValue(
145             PropsUtil.CAS_AUTH_ENABLED, String.valueOf(enabled));
146         prefs.setValue(
147             PropsUtil.CAS_IMPORT_FROM_LDAP, String.valueOf(importFromLdap));
148         prefs.setValue(PropsUtil.CAS_LOGIN_URL, loginUrl);
149         prefs.setValue(PropsUtil.CAS_LOGOUT_URL, logoutUrl);
150         prefs.setValue(PropsUtil.CAS_SERVER_NAME, serverName);
151         prefs.setValue(PropsUtil.CAS_SERVICE_URL, serviceUrl);
152         prefs.setValue(PropsUtil.CAS_VALIDATE_URL, validateUrl);
153 
154         prefs.store();
155 
156         CASFilter.reload(companyId);
157     }
158 
159     protected void updateDefaultGroupsAndRoles(
160             ActionRequest req, PortletPreferences prefs)
161         throws Exception {
162 
163         String defaultGroupNames = ParamUtil.getString(
164             req, "defaultGroupNames");
165         String defaultRoleNames = ParamUtil.getString(req, "defaultRoleNames");
166         String defaultUserGroupNames = ParamUtil.getString(
167             req, "defaultUserGroupNames");
168 
169         prefs.setValue(PropsUtil.ADMIN_DEFAULT_GROUP_NAMES, defaultGroupNames);
170         prefs.setValue(PropsUtil.ADMIN_DEFAULT_ROLE_NAMES, defaultRoleNames);
171         prefs.setValue(
172             PropsUtil.ADMIN_DEFAULT_USER_GROUP_NAMES, defaultUserGroupNames);
173     }
174 
175     protected void updateEmails(
176             ActionRequest req, PortletPreferences prefs)
177         throws Exception {
178 
179         String tabs3 = ParamUtil.getString(req, "tabs3");
180 
181         if (tabs3.equals("account-created-notification")) {
182             String emailUserAddedEnabled = ParamUtil.getString(
183                 req, "emailUserAddedEnabled");
184             String emailUserAddedSubject = ParamUtil.getString(
185                 req, "emailUserAddedSubject");
186             String emailUserAddedBody = ParamUtil.getString(
187                 req, "emailUserAddedBody");
188 
189             if (Validator.isNull(emailUserAddedSubject)) {
190                 SessionErrors.add(req, "emailUserAddedSubject");
191             }
192             else if (Validator.isNull(emailUserAddedBody)) {
193                 SessionErrors.add(req, "emailUserAddedBody");
194             }
195             else {
196                 prefs.setValue(
197                     PropsUtil.ADMIN_EMAIL_USER_ADDED_ENABLED,
198                     emailUserAddedEnabled);
199                 prefs.setValue(
200                     PropsUtil.ADMIN_EMAIL_USER_ADDED_SUBJECT,
201                     emailUserAddedSubject);
202                 prefs.setValue(
203                     PropsUtil.ADMIN_EMAIL_USER_ADDED_BODY, emailUserAddedBody);
204             }
205         }
206         else if (tabs3.equals("password-changed-notification")) {
207             String emailPasswordSentEnabled = ParamUtil.getString(
208                 req, "emailPasswordSentEnabled");
209             String emailPasswordSentSubject = ParamUtil.getString(
210                 req, "emailPasswordSentSubject");
211             String emailPasswordSentBody = ParamUtil.getString(
212                 req, "emailPasswordSentBody");
213 
214             if (Validator.isNull(emailPasswordSentSubject)) {
215                 SessionErrors.add(req, "emailPasswordSentSubject");
216             }
217             else if (Validator.isNull(emailPasswordSentBody)) {
218                 SessionErrors.add(req, "emailPasswordSentBody");
219             }
220             else {
221                 prefs.setValue(
222                     PropsUtil.ADMIN_EMAIL_PASSWORD_SENT_ENABLED,
223                     emailPasswordSentEnabled);
224                 prefs.setValue(
225                     PropsUtil.ADMIN_EMAIL_PASSWORD_SENT_SUBJECT,
226                     emailPasswordSentSubject);
227                 prefs.setValue(
228                     PropsUtil.ADMIN_EMAIL_PASSWORD_SENT_BODY,
229                     emailPasswordSentBody);
230             }
231         }
232         else {
233             String emailFromName = ParamUtil.getString(req, "emailFromName");
234             String emailFromAddress = ParamUtil.getString(
235                 req, "emailFromAddress");
236 
237             if (Validator.isNull(emailFromName)) {
238                 SessionErrors.add(req, "emailFromName");
239             }
240             else if (!Validator.isEmailAddress(emailFromAddress)) {
241                 SessionErrors.add(req, "emailFromAddress");
242             }
243             else {
244                 prefs.setValue(PropsUtil.ADMIN_EMAIL_FROM_NAME, emailFromName);
245                 prefs.setValue(
246                     PropsUtil.ADMIN_EMAIL_FROM_ADDRESS, emailFromAddress);
247             }
248         }
249     }
250 
251     protected void updateLdap(ActionRequest req, PortletPreferences prefs)
252         throws Exception {
253 
254         boolean enabled = ParamUtil.getBoolean(req, "enabled");
255         boolean required = ParamUtil.getBoolean(req, "required");
256         String baseProviderURL = ParamUtil.getString(req, "baseProviderURL");
257         String baseDN = ParamUtil.getString(req, "baseDN");
258         String principal = ParamUtil.getString(req, "principal");
259         String credentials = ParamUtil.getString(req, "credentials");
260         String searchFilter = ParamUtil.getString(req, "searchFilter");
261         String passwordEncryptionAlgorithm = ParamUtil.getString(
262             req, "passwordEncryptionAlgorithm");
263         String userMappings = ParamUtil.getString(req, "userMappings");
264         boolean importEnabled = ParamUtil.getBoolean(req, "importEnabled");
265         boolean importOnStartup = ParamUtil.getBoolean(req, "importOnStartup");
266         long importInterval = ParamUtil.getLong(req, "importInterval");
267         String importUserSearchFilter = ParamUtil.getString(
268             req, "importUserSearchFilter");
269         String importGroupSearchFilter = ParamUtil.getString(
270             req, "importGroupSearchFilter");
271         boolean exportEnabled = ParamUtil.getBoolean(req, "exportEnabled");
272         String usersDn = ParamUtil.getString(req, "usersDn");
273         String userDefaultObjectClasses = ParamUtil.getString(
274             req, "userDefaultObjectClasses");
275         boolean passwordPolicyEnabled = ParamUtil.getBoolean(
276             req, "passwordPolicyEnabled");
277 
278         try {
279             if (enabled) {
280                 Properties env = new Properties();
281 
282                 env.put(
283                     Context.INITIAL_CONTEXT_FACTORY,
284                     PrefsPropsUtil.getString(PropsUtil.LDAP_FACTORY_INITIAL));
285                 env.put(
286                     Context.PROVIDER_URL,
287                     LDAPUtil.getFullProviderURL(baseProviderURL, baseDN));
288                 env.put(Context.SECURITY_PRINCIPAL, principal);
289                 env.put(Context.SECURITY_CREDENTIALS, credentials);
290 
291                 if (_log.isDebugEnabled()) {
292                     StringWriter sw = new StringWriter();
293 
294                     env.list(new PrintWriter(sw));
295 
296                     _log.debug(sw.getBuffer().toString());
297                 }
298 
299                 new InitialLdapContext(env, null);
300             }
301         }
302         catch (Exception e) {
303             SessionErrors.add(req, "ldapAuthentication");
304 
305             return;
306         }
307 
308         prefs.setValue(PropsUtil.LDAP_AUTH_ENABLED, String.valueOf(enabled));
309         prefs.setValue(PropsUtil.LDAP_AUTH_REQUIRED, String.valueOf(required));
310         prefs.setValue(PropsUtil.LDAP_BASE_PROVIDER_URL, baseProviderURL);
311         prefs.setValue(PropsUtil.LDAP_BASE_DN, baseDN);
312         prefs.setValue(PropsUtil.LDAP_SECURITY_PRINCIPAL, principal);
313         prefs.setValue(PropsUtil.LDAP_SECURITY_CREDENTIALS, credentials);
314         prefs.setValue(PropsUtil.LDAP_AUTH_SEARCH_FILTER, searchFilter);
315         prefs.setValue(
316             PropsUtil.LDAP_AUTH_PASSWORD_ENCRYPTION_ALGORITHM,
317             passwordEncryptionAlgorithm);
318         prefs.setValue(PropsUtil.LDAP_USER_MAPPINGS, userMappings);
319         prefs.setValue(
320             PropsUtil.LDAP_IMPORT_ENABLED, String.valueOf(importEnabled));
321         prefs.setValue(
322             PropsUtil.LDAP_IMPORT_ON_STARTUP, String.valueOf(importOnStartup));
323         prefs.setValue(
324             PropsUtil.LDAP_IMPORT_INTERVAL, String.valueOf(importInterval));
325         prefs.setValue(
326             PropsUtil.LDAP_IMPORT_USER_SEARCH_FILTER, importUserSearchFilter);
327         prefs.setValue(
328             PropsUtil.LDAP_IMPORT_GROUP_SEARCH_FILTER, importGroupSearchFilter);
329         prefs.setValue(
330             PropsUtil.LDAP_EXPORT_ENABLED, String.valueOf(exportEnabled));
331         prefs.setValue(PropsUtil.LDAP_USERS_DN, usersDn);
332         prefs.setValue(
333             PropsUtil.LDAP_USER_DEFAULT_OBJECT_CLASSES,
334             userDefaultObjectClasses);
335         prefs.setValue(
336             PropsUtil.LDAP_PASSWORD_POLICY_ENABLED,
337             String.valueOf(passwordPolicyEnabled));
338 
339         prefs.store();
340     }
341 
342     protected void updateMailHostNames(
343             ActionRequest req, PortletPreferences prefs)
344         throws Exception {
345 
346         String mailHostNames = ParamUtil.getString(req, "mailHostNames");
347 
348         prefs.setValue(PropsUtil.ADMIN_MAIL_HOST_NAMES, mailHostNames);
349     }
350 
351     protected void updateNtlm(
352             ActionRequest req, long companyId, PortletPreferences prefs)
353         throws Exception {
354 
355         boolean enabled = ParamUtil.getBoolean(req, "enabled");
356         String domainController = ParamUtil.getString(req, "domainController");
357         String domain = ParamUtil.getString(req, "domain");
358 
359         prefs.setValue(
360             PropsUtil.NTLM_AUTH_ENABLED, String.valueOf(enabled));
361         prefs.setValue(PropsUtil.NTLM_DOMAIN_CONTROLLER, domainController);
362         prefs.setValue(PropsUtil.NTLM_DOMAIN, domain);
363 
364         prefs.store();
365     }
366 
367     protected void updateOpenId(ActionRequest req, PortletPreferences prefs)
368         throws Exception {
369 
370         boolean enabled = ParamUtil.getBoolean(req, "enabled");
371 
372         prefs.setValue(PropsUtil.OPEN_ID_AUTH_ENABLED, String.valueOf(enabled));
373 
374         prefs.store();
375     }
376 
377     protected void updateOpenSSO(
378             ActionRequest req, long companyId, PortletPreferences prefs)
379         throws Exception {
380 
381         boolean enabled = ParamUtil.getBoolean(req, "enabled");
382         String loginUrl = ParamUtil.getString(req, "loginUrl");
383         String logoutUrl = ParamUtil.getString(req, "logoutUrl");
384         String serviceUrl = ParamUtil.getString(req, "serviceUrl");
385         String subjectCookieName = ParamUtil.getString(
386             req, "subjectCookieName");
387 
388         prefs.setValue(
389             PropsUtil.OPEN_SSO_AUTH_ENABLED, String.valueOf(enabled));
390         prefs.setValue(PropsUtil.OPEN_SSO_LOGIN_URL, loginUrl);
391         prefs.setValue(PropsUtil.OPEN_SSO_LOGOUT_URL, logoutUrl);
392         prefs.setValue(PropsUtil.OPEN_SSO_SERVICE_URL, serviceUrl);
393         prefs.setValue(
394             PropsUtil.OPEN_SSO_SUBJECT_COOKIE_NAME, subjectCookieName);
395 
396         prefs.store();
397     }
398 
399     protected void updateReservedUsers(
400             ActionRequest req, PortletPreferences prefs)
401         throws Exception {
402 
403         String reservedScreenNames = ParamUtil.getString(
404             req, "reservedScreenNames");
405         String reservedEmailAddresses = ParamUtil.getString(
406             req, "reservedEmailAddresses");
407 
408         prefs.setValue(
409             PropsUtil.ADMIN_RESERVED_SCREEN_NAMES, reservedScreenNames);
410         prefs.setValue(
411             PropsUtil.ADMIN_RESERVED_EMAIL_ADDRESSES, reservedEmailAddresses);
412     }
413 
414     protected void updateSecurity(ActionRequest req) throws Exception {
415         Company company = PortalUtil.getCompany(req);
416 
417         String authType = ParamUtil.getString(req, "authType");
418         boolean autoLogin = ParamUtil.getBoolean(req, "autoLogin");
419         boolean sendPassword = ParamUtil.getBoolean(req, "sendPassword");
420         boolean strangers = ParamUtil.getBoolean(req, "strangers");
421         boolean strangersWithMx = ParamUtil.getBoolean(req, "strangersWithMx");
422         boolean strangersVerify = ParamUtil.getBoolean(req, "strangersVerify");
423 
424         CompanyServiceUtil.updateSecurity(
425             company.getCompanyId(), authType, autoLogin, sendPassword,
426             strangers, strangersWithMx, strangersVerify,
427             company.isCommunityLogo());
428     }
429 
430     private static Log _log = LogFactory.getLog(EditSettingsAction.class);
431 
432 }