1
22
23 package com.liferay.portal.servlet.filters.autologin;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.kernel.log.Log;
27 import com.liferay.portal.kernel.log.LogFactoryUtil;
28 import com.liferay.portal.kernel.servlet.BaseFilter;
29 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
30 import com.liferay.portal.kernel.util.GetterUtil;
31 import com.liferay.portal.kernel.util.InstancePool;
32 import com.liferay.portal.kernel.util.StringPool;
33 import com.liferay.portal.kernel.util.Validator;
34 import com.liferay.portal.model.User;
35 import com.liferay.portal.security.auth.AutoLogin;
36 import com.liferay.portal.security.pwd.PwdEncryptor;
37 import com.liferay.portal.service.UserLocalServiceUtil;
38 import com.liferay.portal.util.PortalInstances;
39 import com.liferay.portal.util.PortalUtil;
40 import com.liferay.portal.util.PropsValues;
41 import com.liferay.portal.util.WebKeys;
42
43 import java.io.IOException;
44
45 import javax.servlet.FilterChain;
46 import javax.servlet.ServletException;
47 import javax.servlet.ServletRequest;
48 import javax.servlet.ServletResponse;
49 import javax.servlet.http.HttpServletRequest;
50 import javax.servlet.http.HttpServletResponse;
51 import javax.servlet.http.HttpSession;
52
53
60 public class AutoLoginFilter extends BaseFilter {
61
62 public void doFilter(
63 ServletRequest req, ServletResponse res, FilterChain chain)
64 throws IOException, ServletException {
65
66 HttpServletRequest httpReq = (HttpServletRequest)req;
67 HttpServletResponse httpRes = (HttpServletResponse)res;
68
69 HttpSession ses = httpReq.getSession();
70
71 String host = PortalUtil.getHost(httpReq);
72
73 if (PortalInstances.isAutoLoginIgnoreHost(host)) {
74 if (_log.isDebugEnabled()) {
75 _log.debug("Ignore host " + host);
76 }
77
78 doFilter(AutoLoginFilter.class, req, res, chain);
79
80 return;
81 }
82
83 String contextPath = PortalUtil.getPathContext();
84
85 String path = httpReq.getRequestURI().toLowerCase();
86
87 if ((!contextPath.equals(StringPool.SLASH)) &&
88 (path.indexOf(contextPath) != -1)) {
89
90 path = path.substring(contextPath.length(), path.length());
91 }
92
93 if (PortalInstances.isAutoLoginIgnorePath(path)) {
94 if (_log.isDebugEnabled()) {
95 _log.debug("Ignore path " + path);
96 }
97
98 doFilter(AutoLoginFilter.class, req, res, chain);
99
100 return;
101 }
102
103 String remoteUser = httpReq.getRemoteUser();
104 String jUserName = (String)ses.getAttribute("j_username");
105
106 if ((remoteUser == null) && (jUserName == null)) {
107 for (String autoLoginHook : PropsValues.AUTO_LOGIN_HOOKS) {
108 AutoLogin autoLogin = (AutoLogin)InstancePool.get(
109 autoLoginHook);
110
111 try {
112 String[] credentials = autoLogin.login(httpReq, httpRes);
113
114 String redirect = (String)req.getAttribute(
115 AutoLogin.AUTO_LOGIN_REDIRECT);
116
117 if (redirect != null) {
118 httpRes.sendRedirect(redirect);
119
120 return;
121 }
122
123 String loginRemoteUser = getLoginRemoteUser(
124 httpReq, httpRes, ses, credentials);
125
126 if (loginRemoteUser != null) {
127 req = new ProtectedServletRequest(
128 httpReq, loginRemoteUser);
129
130 if (PropsValues.PORTAL_JAAS_ENABLE) {
131 return;
132 }
133 }
134 }
135 catch (Exception e) {
136 _log.warn(e, e);
137 _log.error(e.getMessage());
138 }
139 }
140 }
141
142 doFilter(AutoLoginFilter.class, req, res, chain);
143 }
144
145 protected String getLoginRemoteUser(
146 HttpServletRequest req, HttpServletResponse res, HttpSession ses,
147 String[] credentials)
148 throws Exception {
149
150 if ((credentials != null) && (credentials.length == 3)) {
151 String jUsername = credentials[0];
152 String jPassword = credentials[1];
153 boolean encPassword = GetterUtil.getBoolean(credentials[2]);
154
155 if (Validator.isNotNull(jUsername) &&
156 Validator.isNotNull(jPassword)) {
157
158 try {
159 long userId = GetterUtil.getLong(jUsername);
160
161 if (userId > 0) {
162 User user = UserLocalServiceUtil.getUserById(userId);
163
164 if (user.isLockout()) {
165 return null;
166 }
167 }
168 else {
169 return null;
170 }
171 }
172 catch (NoSuchUserException nsue) {
173 return null;
174 }
175
176 ses.setAttribute("j_username", jUsername);
177
178
182 if (encPassword) {
183 ses.setAttribute("j_password", jPassword);
184 }
185 else {
186 ses.setAttribute(
187 "j_password", PwdEncryptor.encrypt(jPassword));
188
189 ses.setAttribute(WebKeys.USER_PASSWORD, jPassword);
190 }
191
192 if (PropsValues.PORTAL_JAAS_ENABLE) {
193 res.sendRedirect(
194 PortalUtil.getPathMain() + "/portal/touch_protected");
195 }
196
197 return jUsername;
198 }
199 }
200
201 return null;
202 }
203
204 private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
205
206 }