1
22
23 package com.liferay.portal.servlet.filters.autologin;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.kernel.util.GetterUtil;
27 import com.liferay.portal.kernel.util.InstancePool;
28 import com.liferay.portal.kernel.util.Validator;
29 import com.liferay.portal.model.User;
30 import com.liferay.portal.security.auth.AutoLogin;
31 import com.liferay.portal.security.pwd.PwdEncryptor;
32 import com.liferay.portal.service.UserLocalServiceUtil;
33 import com.liferay.portal.util.PortalUtil;
34 import com.liferay.portal.util.PropsUtil;
35 import com.liferay.portal.util.WebKeys;
36 import com.liferay.util.servlet.ProtectedServletRequest;
37
38 import java.io.IOException;
39
40 import javax.servlet.Filter;
41 import javax.servlet.FilterChain;
42 import javax.servlet.FilterConfig;
43 import javax.servlet.ServletException;
44 import javax.servlet.ServletRequest;
45 import javax.servlet.ServletResponse;
46 import javax.servlet.http.HttpServletRequest;
47 import javax.servlet.http.HttpServletResponse;
48 import javax.servlet.http.HttpSession;
49
50 import org.apache.commons.logging.Log;
51 import org.apache.commons.logging.LogFactory;
52
53
59 public class AutoLoginFilter implements Filter {
60
61 public void init(FilterConfig config) throws ServletException {
62 }
63
64 public void doFilter(
65 ServletRequest req, ServletResponse res, FilterChain chain)
66 throws IOException, ServletException {
67
68 HttpServletRequest httpReq = (HttpServletRequest)req;
69 HttpServletResponse httpRes = (HttpServletResponse)res;
70
71 HttpSession ses = httpReq.getSession();
72
73 String remoteUser = httpReq.getRemoteUser();
74 String jUserName = (String)ses.getAttribute("j_username");
75
76 if ((remoteUser == null) && (jUserName == null)) {
77 String[] autoLogins = PropsUtil.getArray(
78 PropsUtil.AUTO_LOGIN_HOOKS);
79
80 for (int i = 0; i < autoLogins.length; i++) {
81 AutoLogin autoLogin =
82 (AutoLogin)InstancePool.get(autoLogins[i]);
83
84 try {
85 String[] credentials = autoLogin.login(httpReq, httpRes);
86
87 String redirect = (String)req.getAttribute(
88 AutoLogin.AUTO_LOGIN_REDIRECT);
89
90 if (redirect != null) {
91 httpRes.sendRedirect(redirect);
92
93 return;
94 }
95
96 String loginRemoteUser = getLoginRemoteUser(
97 httpReq, httpRes, ses, credentials);
98
99 if (loginRemoteUser != null) {
100 req = new ProtectedServletRequest(
101 httpReq, loginRemoteUser);
102
103 if (GetterUtil.getBoolean(
104 PropsUtil.get(PropsUtil.PORTAL_JAAS_ENABLE))) {
105
106 return;
107 }
108 }
109 }
110 catch (Exception e) {
111 _log.warn(e, e);
112 _log.error(e.getMessage());
113 }
114 }
115 }
116
117 chain.doFilter(req, res);
118 }
119
120 public void destroy() {
121 }
122
123 protected String getLoginRemoteUser(
124 HttpServletRequest req, HttpServletResponse res, HttpSession ses,
125 String[] credentials)
126 throws Exception {
127
128 if ((credentials != null) && (credentials.length == 3)) {
129 String jUsername = credentials[0];
130 String jPassword = credentials[1];
131 boolean encPwd = GetterUtil.getBoolean(credentials[2]);
132
133 if (Validator.isNotNull(jUsername) &&
134 Validator.isNotNull(jPassword)) {
135
136 try {
137 long userId = GetterUtil.getLong(jUsername);
138
139 if (userId > 0) {
140 User user = UserLocalServiceUtil.getUserById(userId);
141
142 if (user.isLockout()) {
143 return null;
144 }
145 }
146 else {
147 return null;
148 }
149 }
150 catch (NoSuchUserException nsue) {
151 return null;
152 }
153
154 ses.setAttribute("j_username", jUsername);
155
156
160 if (encPwd) {
161 ses.setAttribute("j_password", jPassword);
162 }
163 else {
164 ses.setAttribute(
165 "j_password", PwdEncryptor.encrypt(jPassword));
166
167 ses.setAttribute(WebKeys.USER_PASSWORD, jPassword);
168 }
169
170 if (GetterUtil.getBoolean(
171 PropsUtil.get(PropsUtil.PORTAL_JAAS_ENABLE))) {
172
173 res.sendRedirect(
174 PortalUtil.getPathMain() + "/portal/touch_protected");
175 }
176
177 return jUsername;
178 }
179 }
180
181 return null;
182 }
183
184 private static Log _log = LogFactory.getLog(AutoLoginFilter.class);
185
186 }