1   /**
2    * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.struts;
24  
25  import com.liferay.portal.LayoutPermissionException;
26  import com.liferay.portal.PortletActiveException;
27  import com.liferay.portal.RequiredLayoutException;
28  import com.liferay.portal.RequiredRoleException;
29  import com.liferay.portal.UserActiveException;
30  import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
31  import com.liferay.portal.kernel.servlet.HttpMethods;
32  import com.liferay.portal.kernel.servlet.SessionErrors;
33  import com.liferay.portal.kernel.util.HttpUtil;
34  import com.liferay.portal.kernel.util.JavaConstants;
35  import com.liferay.portal.kernel.util.ParamUtil;
36  import com.liferay.portal.kernel.util.StringPool;
37  import com.liferay.portal.kernel.util.Validator;
38  import com.liferay.portal.liveusers.LiveUsers;
39  import com.liferay.portal.model.Layout;
40  import com.liferay.portal.model.LayoutConstants;
41  import com.liferay.portal.model.Portlet;
42  import com.liferay.portal.model.PortletPreferencesIds;
43  import com.liferay.portal.model.User;
44  import com.liferay.portal.model.UserTracker;
45  import com.liferay.portal.model.UserTrackerPath;
46  import com.liferay.portal.security.auth.PrincipalException;
47  import com.liferay.portal.security.permission.ActionKeys;
48  import com.liferay.portal.security.permission.PermissionChecker;
49  import com.liferay.portal.service.LayoutLocalServiceUtil;
50  import com.liferay.portal.service.PortletLocalServiceUtil;
51  import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
52  import com.liferay.portal.service.permission.PortletPermissionUtil;
53  import com.liferay.portal.service.persistence.UserTrackerPathUtil;
54  import com.liferay.portal.theme.ThemeDisplay;
55  import com.liferay.portal.util.PortalUtil;
56  import com.liferay.portal.util.PropsKeys;
57  import com.liferay.portal.util.PropsUtil;
58  import com.liferay.portal.util.PropsValues;
59  import com.liferay.portal.util.WebKeys;
60  import com.liferay.portlet.InvokerPortlet;
61  import com.liferay.portlet.PortletConfigFactory;
62  import com.liferay.portlet.PortletInstanceFactory;
63  import com.liferay.portlet.PortletPreferencesFactoryUtil;
64  import com.liferay.portlet.PortletURLImpl;
65  import com.liferay.portlet.RenderRequestFactory;
66  import com.liferay.portlet.RenderRequestImpl;
67  import com.liferay.portlet.RenderResponseFactory;
68  import com.liferay.portlet.RenderResponseImpl;
69  
70  import java.io.IOException;
71  
72  import java.util.Date;
73  import java.util.HashSet;
74  import java.util.Iterator;
75  import java.util.List;
76  import java.util.Map.Entry;
77  import java.util.Map;
78  import java.util.Set;
79  
80  import javax.portlet.PortletConfig;
81  import javax.portlet.PortletContext;
82  import javax.portlet.PortletMode;
83  import javax.portlet.PortletPreferences;
84  import javax.portlet.PortletRequest;
85  import javax.portlet.WindowState;
86  
87  import javax.servlet.ServletContext;
88  import javax.servlet.ServletException;
89  import javax.servlet.http.HttpServletRequest;
90  import javax.servlet.http.HttpServletResponse;
91  import javax.servlet.http.HttpSession;
92  import javax.servlet.jsp.PageContext;
93  
94  import org.apache.commons.logging.Log;
95  import org.apache.commons.logging.LogFactory;
96  import org.apache.struts.action.ActionMapping;
97  import org.apache.struts.config.ForwardConfig;
98  import org.apache.struts.tiles.TilesRequestProcessor;
99  
100 /**
101  * <a href="PortalRequestProcessor.java.html"><b><i>View Source</i></b></a>
102  *
103  * @author Brian Wing Shun Chan
104  * @author Jorge Ferrer
105  *
106  */
107 public class PortalRequestProcessor extends TilesRequestProcessor {
108 
109     public PortalRequestProcessor() {
110 
111         // auth.forward.last.path.
112 
113         _lastPaths = new HashSet<String>();
114 
115         _lastPaths.add(_PATH_PORTAL_LAYOUT);
116 
117         addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
118 
119         // auth.public.path.
120 
121         _publicPaths = new HashSet<String>();
122 
123         _publicPaths.add(_PATH_C);
124         _publicPaths.add(_PATH_PORTAL_CSS);
125         _publicPaths.add(_PATH_PORTAL_CSS_CACHED);
126         _publicPaths.add(_PATH_PORTAL_FLASH);
127         _publicPaths.add(_PATH_PORTAL_J_LOGIN);
128         _publicPaths.add(_PATH_PORTAL_JAVASCRIPT);
129         _publicPaths.add(_PATH_PORTAL_JAVASCRIPT_CACHED);
130         _publicPaths.add(_PATH_PORTAL_LAYOUT);
131         _publicPaths.add(_PATH_PORTAL_LOGIN);
132         _publicPaths.add(_PATH_PORTAL_LOGIN_CAPTCHA);
133         _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
134         _publicPaths.add(_PATH_PORTAL_TCK);
135 
136         addPaths(_publicPaths, PropsKeys.AUTH_PUBLIC_PATHS);
137 
138         _trackerIgnorePaths = new HashSet<String>();
139 
140         addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
141     }
142 
143     public void process(
144             HttpServletRequest request, HttpServletResponse response)
145         throws IOException, ServletException {
146 
147         String path = super.processPath(request, response);
148 
149         ActionMapping mapping = (ActionMapping)moduleConfig.findActionConfig(
150             path);
151 
152         if (mapping == null) {
153             String lastPath = getLastPath(request);
154 
155             if (_log.isDebugEnabled()) {
156                 _log.debug("Last path " + lastPath);
157             }
158 
159             response.sendRedirect(lastPath);
160 
161             return;
162         }
163 
164         super.process(request, response);
165 
166         try {
167             if (isPortletPath(path)) {
168                 cleanUp(request);
169             }
170         }
171         catch (Exception e) {
172             _log.error(e, e);
173         }
174     }
175 
176     protected void addPaths(Set<String> paths, String propsKey) {
177         String[] pathsArray = PropsUtil.getArray(propsKey);
178 
179         for (String path : pathsArray) {
180             paths.add(path);
181         }
182     }
183 
184     protected void callParentDoForward(
185             String uri, HttpServletRequest request,
186             HttpServletResponse response)
187         throws IOException, ServletException {
188 
189         super.doForward(uri, request, response);
190     }
191 
192     protected HttpServletRequest callParentProcessMultipart(
193         HttpServletRequest request) {
194 
195         return super.processMultipart(request);
196     }
197 
198     protected String callParentProcessPath(
199             HttpServletRequest request, HttpServletResponse response)
200         throws IOException {
201 
202         return super.processPath(request, response);
203     }
204 
205     protected boolean callParentProcessRoles(
206             HttpServletRequest request, HttpServletResponse response,
207             ActionMapping mapping)
208         throws IOException, ServletException {
209 
210         return super.processRoles(request, response, mapping);
211     }
212 
213     protected void cleanUp(HttpServletRequest request) throws Exception {
214 
215         // Clean up portlet objects that may have been created by defineObjects
216         // for portlets that are called directly from a Struts path
217 
218         RenderRequestImpl renderRequestImpl =
219             (RenderRequestImpl)request.getAttribute(
220                 JavaConstants.JAVAX_PORTLET_REQUEST);
221 
222         if (renderRequestImpl != null) {
223             RenderRequestFactory.recycle(renderRequestImpl);
224         }
225 
226         RenderResponseImpl renderResponseImpl =
227             (RenderResponseImpl)request.getAttribute(
228                 JavaConstants.JAVAX_PORTLET_RESPONSE);
229 
230         if (renderResponseImpl != null) {
231             RenderResponseFactory.recycle(renderResponseImpl);
232         }
233     }
234 
235     protected void defineObjects(
236             HttpServletRequest request, HttpServletResponse response,
237             Portlet portlet)
238         throws Exception {
239 
240         String portletId = portlet.getPortletId();
241 
242         ServletContext servletContext = (ServletContext)request.getAttribute(
243             WebKeys.CTX);
244 
245         InvokerPortlet invokerPortlet = PortletInstanceFactory.create(
246             portlet, servletContext);
247 
248         PortletPreferencesIds portletPreferencesIds =
249             PortletPreferencesFactoryUtil.getPortletPreferencesIds(
250                 request, portletId);
251 
252         PortletPreferences portletPreferences =
253             PortletPreferencesLocalServiceUtil.getPreferences(
254                 portletPreferencesIds);
255 
256         PortletConfig portletConfig = PortletConfigFactory.create(
257             portlet, servletContext);
258         PortletContext portletContext = portletConfig.getPortletContext();
259 
260         RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
261             request, portlet, invokerPortlet, portletContext,
262             WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
263 
264         RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
265             renderRequestImpl, response, portletId, portlet.getCompanyId());
266 
267         renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
268 
269         request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
270     }
271 
272     protected void doForward(
273             String uri, HttpServletRequest request,
274             HttpServletResponse response)
275         throws ServletException {
276 
277         StrutsUtil.forward(uri, getServletContext(), request, response);
278     }
279 
280     protected void doInclude(
281             String uri, HttpServletRequest request,
282             HttpServletResponse response)
283         throws ServletException {
284 
285         StrutsUtil.include(uri, getServletContext(), request, response);
286     }
287 
288     protected StringBuilder getFriendlyTrackerPath(
289             String path, ThemeDisplay themeDisplay, HttpServletRequest request)
290         throws Exception {
291 
292         if (!path.equals(_PATH_PORTAL_LAYOUT)) {
293             return null;
294         }
295 
296         long plid = ParamUtil.getLong(request, "p_l_id");
297 
298         if (plid == 0) {
299             return null;
300         }
301 
302         Layout layout = LayoutLocalServiceUtil.getLayout(plid);
303 
304         String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
305             layout, themeDisplay);
306 
307         StringBuilder sb = new StringBuilder();
308 
309         sb.append(layoutFriendlyURL);
310 
311         String portletId = ParamUtil.getString(request, "p_p_id");
312 
313         if (Validator.isNull(portletId)) {
314             return sb;
315         }
316 
317         long companyId = PortalUtil.getCompanyId(request);
318 
319         Portlet portlet = PortletLocalServiceUtil.getPortletById(
320             companyId, portletId);
321 
322         if (portlet == null) {
323             String strutsPath = path.substring(
324                 1, path.lastIndexOf(StringPool.SLASH));
325 
326             portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
327                 companyId, strutsPath);
328         }
329 
330         if ((portlet == null) || !portlet.isActive()) {
331             sb.append(StringPool.QUESTION);
332             sb.append(request.getQueryString());
333 
334             return sb;
335         }
336 
337         String namespace = PortalUtil.getPortletNamespace(portletId);
338 
339         FriendlyURLMapper friendlyURLMapper =
340             portlet.getFriendlyURLMapperInstance();
341 
342         if (friendlyURLMapper == null) {
343             sb.append(StringPool.QUESTION);
344             sb.append(request.getQueryString());
345 
346             return sb;
347         }
348 
349         PortletURLImpl portletURL = new PortletURLImpl(
350             request, portletId, plid, PortletRequest.RENDER_PHASE);
351 
352         Iterator<Map.Entry<String, String[]>> itr =
353             request.getParameterMap().entrySet().iterator();
354 
355         while (itr.hasNext()) {
356             Entry<String, String[]> entry = itr.next();
357 
358             String key = entry.getKey();
359 
360             if (key.startsWith(namespace)) {
361                 key = key.substring(namespace.length());
362 
363                 portletURL.setParameter(key, entry.getValue());
364             }
365         }
366 
367         String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
368 
369         if (portletFriendlyURL != null) {
370             sb.append(portletFriendlyURL);
371         }
372         else {
373             sb.append(StringPool.QUESTION);
374             sb.append(request.getQueryString());
375         }
376 
377         return sb;
378     }
379 
380     protected String getLastPath(HttpServletRequest request) {
381         HttpSession session = request.getSession();
382 
383         ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
384             WebKeys.THEME_DISPLAY);
385 
386         Boolean httpsInitial = (Boolean)session.getAttribute(
387             WebKeys.HTTPS_INITIAL);
388 
389         String portalURL = null;
390 
391         if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
392             (httpsInitial != null) && (!httpsInitial.booleanValue())) {
393 
394             portalURL = PortalUtil.getPortalURL(request, false);
395         }
396         else {
397             portalURL = PortalUtil.getPortalURL(request);
398         }
399 
400         StringBuilder sb = new StringBuilder();
401 
402         sb.append(portalURL);
403         sb.append(themeDisplay.getPathMain());
404         sb.append(_PATH_PORTAL_LAYOUT);
405 
406         if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
407             if (request.getRemoteUser() != null) {
408 
409                 // If we do not forward by last path and the user is logged in,
410                 // forward to the user's default layout to prevent a lagging
411                 // loop
412 
413                 sb.append(StringPool.QUESTION);
414                 sb.append("p_l_id");
415                 sb.append(StringPool.EQUAL);
416                 sb.append(LayoutConstants.DEFAULT_PLID);
417             }
418 
419             return sb.toString();
420         }
421 
422         LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
423 
424         if (lastPath == null) {
425             return sb.toString();
426         }
427 
428         Map<String, String[]> parameterMap = lastPath.getParameterMap();
429 
430         // Only test for existing mappings for last paths that were set when the
431         // user accessed a layout directly instead of through its friendly URL
432 
433         if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
434             ActionMapping mapping =
435                 (ActionMapping)moduleConfig.findActionConfig(
436                     lastPath.getPath());
437 
438             if ((mapping == null) || (parameterMap == null)) {
439                 return sb.toString();
440             }
441         }
442 
443         StringBuilder lastPathSB = new StringBuilder();
444 
445         lastPathSB.append(portalURL);
446         lastPathSB.append(lastPath.getContextPath());
447         lastPathSB.append(lastPath.getPath());
448         lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
449 
450         return lastPathSB.toString();
451     }
452 
453     protected boolean isPortletPath(String path) {
454         if ((path != null) &&
455             (!path.equals(_PATH_C)) &&
456             (!path.startsWith(_PATH_COMMON)) &&
457             (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
458             (!path.startsWith(_PATH_PORTAL))) {
459 
460             return true;
461         }
462         else {
463             return false;
464         }
465     }
466 
467     protected boolean isPublicPath(String path) {
468         if ((path != null) &&
469             (_publicPaths.contains(path)) ||
470             (path.startsWith(_PATH_COMMON))) {
471 
472             return true;
473         }
474         else {
475             return false;
476         }
477     }
478 
479     protected ActionMapping processMapping(
480             HttpServletRequest request, HttpServletResponse response,
481             String path)
482         throws IOException {
483 
484         if (path == null) {
485             return null;
486         }
487 
488         ActionMapping mapping = super.processMapping(request, response, path);
489 
490         if (mapping == null) {
491             String msg = getInternal().getMessage("processInvalid");
492 
493             _log.error("User ID " + request.getRemoteUser());
494             _log.error("Current URL " + PortalUtil.getCurrentURL(request));
495             _log.error("Referer " + request.getHeader("Referer"));
496             _log.error("Remote address " + request.getRemoteAddr());
497 
498             _log.error(msg + " " + path);
499         }
500 
501         return mapping;
502     }
503 
504     protected HttpServletRequest processMultipart(HttpServletRequest request) {
505 
506         // Disable Struts from automatically wrapping a multipart request
507 
508         return request;
509     }
510 
511     protected String processPath(
512             HttpServletRequest request, HttpServletResponse response)
513         throws IOException {
514 
515         String path = super.processPath(request, response);
516 
517         HttpSession session = request.getSession();
518 
519         ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
520             WebKeys.THEME_DISPLAY);
521 
522         // Current users
523 
524         UserTracker userTracker = LiveUsers.getUserTracker(
525             themeDisplay.getCompanyId(), session.getId());
526 
527         if ((userTracker != null) && (path != null) &&
528             (!path.equals(_PATH_C)) &&
529             (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
530             (path.indexOf(_PATH_PORTAL_PROTECTED) == -1) &&
531             (!_trackerIgnorePaths.contains(path))) {
532 
533             StringBuilder sb = null;
534 
535             try {
536                 if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
537                     sb = getFriendlyTrackerPath(path, themeDisplay, request);
538                 }
539             }
540             catch (Exception e) {
541                 _log.error(e, e);
542             }
543 
544             if (sb == null) {
545                 sb = new StringBuilder();
546 
547                 sb.append(path);
548                 sb.append(StringPool.QUESTION);
549                 sb.append(request.getQueryString());
550             }
551 
552             UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
553 
554             userTrackerPath.setUserTrackerId(userTracker.getUserTrackerId());
555             userTrackerPath.setPath(sb.toString());
556             userTrackerPath.setPathDate(new Date());
557 
558             userTracker.addPath(userTrackerPath);
559         }
560 
561         String remoteUser = request.getRemoteUser();
562 
563         User user = null;
564 
565         try {
566             user = PortalUtil.getUser(request);
567         }
568         catch (Exception e) {
569         }
570 
571         // Last path
572 
573         if ((path != null) && (_lastPaths.contains(path)) &&
574             (!_trackerIgnorePaths.contains(path))) {
575 
576             boolean saveLastPath = ParamUtil.getBoolean(
577                 request, "saveLastPath", true);
578 
579             if (themeDisplay.isLifecycleResource() ||
580                 themeDisplay.isStateExclusive() ||
581                 themeDisplay.isStatePopUp() ||
582                 !request.getMethod().equalsIgnoreCase(HttpMethods.GET)) {
583 
584                 saveLastPath = false;
585             }
586 
587             // Save last path
588 
589             if (saveLastPath) {
590 
591                 // Was a last path set by another servlet that dispatched to
592                 // the MainServlet? If so, use that last path instead.
593 
594                 LastPath lastPath = (LastPath)request.getAttribute(
595                     WebKeys.LAST_PATH);
596 
597                 if (lastPath == null) {
598                     lastPath = new LastPath(
599                         themeDisplay.getPathMain(), path,
600                         request.getParameterMap());
601                 }
602 
603                 session.setAttribute(WebKeys.LAST_PATH, lastPath);
604             }
605         }
606 
607         // Authenticated users can always log out
608 
609         if (((remoteUser != null) || (user != null)) && (path != null) &&
610             (path.equals(_PATH_PORTAL_LOGOUT))) {
611 
612             return path;
613         }
614 
615         // Authenticated users can always extend or confirm their session
616 
617         if (((remoteUser != null) || (user != null)) && (path != null) &&
618             (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
619              path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
620 
621             return path;
622         }
623 
624         // Authenticated users can retrieve CSS and JavaScript
625 
626         if (((remoteUser != null) || (user != null)) && (path != null) &&
627             (path.equals(_PATH_PORTAL_CSS) ||
628              path.equals(_PATH_PORTAL_CSS_CACHED) ||
629              path.equals(_PATH_PORTAL_JAVASCRIPT) ||
630              path.equals(_PATH_PORTAL_JAVASCRIPT_CACHED))) {
631 
632             return path;
633         }
634 
635         // Authenticated users can always agree to terms of use
636 
637         if (((remoteUser != null) || (user != null)) && (path != null) &&
638             (path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE))) {
639 
640             return path;
641         }
642 
643         // Authenticated users must still exist in the system
644 
645         if ((remoteUser != null) && (user == null)) {
646             return _PATH_PORTAL_LOGOUT;
647         }
648 
649         // Authenticated users must agree to Terms of Use
650 
651         if ((user != null) && (!user.isAgreedToTermsOfUse())) {
652             if (PropsValues.TERMS_OF_USE_REQUIRED) {
653                 return _PATH_PORTAL_TERMS_OF_USE;
654             }
655         }
656 
657         // Authenticated users must be active
658 
659         if ((user != null) && (!user.isActive())) {
660             SessionErrors.add(request, UserActiveException.class.getName());
661 
662             return _PATH_PORTAL_ERROR;
663         }
664 
665         // Authenticated users must have a current password
666 
667         if ((user != null) && (user.isPasswordReset())) {
668             return _PATH_PORTAL_CHANGE_PASSWORD;
669         }
670 
671         // Authenticated users must have at least one personalized page
672 
673         if (user != null) {
674             List<Layout> layouts = themeDisplay.getLayouts();
675 
676             if ((layouts == null) || (layouts.size() == 0)) {
677                 SessionErrors.add(
678                     request, RequiredLayoutException.class.getName());
679 
680                 return _PATH_PORTAL_ERROR;
681             }
682         }
683 
684         // Users must sign in
685 
686         if (!isPublicPath(path)) {
687             if (user == null) {
688                 SessionErrors.add(request, PrincipalException.class.getName());
689 
690                 return _PATH_PORTAL_LOGIN;
691             }
692         }
693 
694         ActionMapping mapping =
695             (ActionMapping)moduleConfig.findActionConfig(path);
696 
697         path = mapping.getPath();
698 
699         // Authenticated users must have at least one role
700 
701         if (user != null) {
702             try {
703 
704                 // FIX ME
705 
706                 if (false) {
707                     SessionErrors.add(
708                         request, RequiredRoleException.class.getName());
709 
710                     return _PATH_PORTAL_ERROR;
711                 }
712             }
713             catch (Exception e) {
714                 e.printStackTrace();
715             }
716         }
717 
718         // Define the portlet objects
719 
720         if (isPortletPath(path)) {
721             try {
722                 Portlet portlet = null;
723 
724                 long companyId = PortalUtil.getCompanyId(request);
725                 String portletId = ParamUtil.getString(request, "p_p_id");
726 
727                 if (Validator.isNotNull(portletId)) {
728                     portlet = PortletLocalServiceUtil.getPortletById(
729                         companyId, portletId);
730                 }
731 
732                 if (portlet == null) {
733                     String strutsPath = path.substring(
734                         1, path.lastIndexOf(StringPool.SLASH));
735 
736                     portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
737                         companyId, strutsPath);
738                 }
739 
740                 if ((portlet != null) && portlet.isActive()) {
741                     defineObjects(request, response, portlet);
742                 }
743             }
744             catch (Exception e) {
745                 request.setAttribute(PageContext.EXCEPTION, e);
746 
747                 path = _PATH_COMMON_ERROR;
748             }
749         }
750 
751         // Authenticated users must have access to at least one layout
752 
753         if (SessionErrors.contains(
754                 request, LayoutPermissionException.class.getName())) {
755 
756             return _PATH_PORTAL_ERROR;
757         }
758 
759         return path;
760     }
761 
762     protected boolean processRoles(
763             HttpServletRequest request, HttpServletResponse response,
764             ActionMapping mapping)
765         throws IOException, ServletException {
766 
767         String path = mapping.getPath();
768 
769         if (isPublicPath(path)) {
770             return true;
771         }
772 
773         boolean authorized = true;
774 
775         User user = null;
776 
777         try {
778             user = PortalUtil.getUser(request);
779         }
780         catch (Exception e) {
781         }
782 
783         if ((user != null) && isPortletPath(path)) {
784             try {
785 
786                 // Authenticated users can always log out
787 
788                 if (path.equals(_PATH_PORTAL_LOGOUT)) {
789                     return true;
790                 }
791 
792                 Portlet portlet = null;
793 
794                 String portletId = ParamUtil.getString(request, "p_p_id");
795 
796                 if (Validator.isNotNull(portletId)) {
797                     portlet = PortletLocalServiceUtil.getPortletById(
798                         user.getCompanyId(), portletId);
799                 }
800 
801                 String strutsPath = path.substring(
802                     1, path.lastIndexOf(StringPool.SLASH));
803 
804                 if (portlet != null) {
805                     if (!strutsPath.equals(portlet.getStrutsPath())) {
806                         throw new PrincipalException();
807                     }
808                 }
809                 else {
810                     portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
811                         user.getCompanyId(), strutsPath);
812                 }
813 
814                 if ((portlet != null) && portlet.isActive()) {
815                     ThemeDisplay themeDisplay =
816                         (ThemeDisplay)request.getAttribute(
817                             WebKeys.THEME_DISPLAY);
818 
819                     Layout layout = themeDisplay.getLayout();
820                     PermissionChecker permissionChecker =
821                         themeDisplay.getPermissionChecker();
822 
823                     if (!PortletPermissionUtil.contains(
824                             permissionChecker, layout.getPlid(), portlet,
825                             ActionKeys.VIEW)) {
826 
827                         throw new PrincipalException();
828                     }
829                 }
830                 else if (portlet != null && !portlet.isActive()) {
831                     SessionErrors.add(
832                         request, PortletActiveException.class.getName());
833 
834                     authorized = false;
835                 }
836             }
837             catch (Exception e) {
838                 SessionErrors.add(request, PrincipalException.class.getName());
839 
840                 authorized = false;
841             }
842         }
843 
844         if (!authorized) {
845             ForwardConfig forwardConfig =
846                 mapping.findForward(_PATH_PORTAL_ERROR);
847 
848             processForwardConfig(request, response, forwardConfig);
849 
850             return false;
851         }
852         else {
853             return true;
854         }
855     }
856 
857     private static String _PATH_C = "/c";
858 
859     private static String _PATH_COMMON = "/common";
860 
861     private static String _PATH_COMMON_ERROR = "/common/error";
862 
863     private static String _PATH_J_SECURITY_CHECK = "/j_security_check";
864 
865     private static String _PATH_PORTAL = "/portal";
866 
867     private static String _PATH_PORTAL_CHANGE_PASSWORD =
868         "/portal/change_password";
869 
870     private static String _PATH_PORTAL_CSS = "/portal/css";
871 
872     private static String _PATH_PORTAL_CSS_CACHED = "/portal/css_cached";
873 
874     private static String _PATH_PORTAL_ERROR = "/portal/error";
875 
876     private static String _PATH_PORTAL_EXPIRE_SESSION =
877         "/portal/expire_session";
878 
879     private static String _PATH_PORTAL_EXTEND_SESSION =
880         "/portal/extend_session";
881 
882     private static String _PATH_PORTAL_FLASH = "/portal/flash";
883 
884     private static String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
885 
886     private static String _PATH_PORTAL_JAVASCRIPT = "/portal/javascript";
887 
888     private static String _PATH_PORTAL_JAVASCRIPT_CACHED =
889         "/portal/javascript_cached";
890 
891     private static String _PATH_PORTAL_LAYOUT = "/portal/layout";
892 
893     private static String _PATH_PORTAL_LOGIN = "/portal/login";
894 
895     private static String _PATH_PORTAL_LOGIN_CAPTCHA = "/portal/login_captcha";
896 
897     private static String _PATH_PORTAL_LOGOUT = "/portal/logout";
898 
899     private static String _PATH_PORTAL_PROTECTED = "/portal/protected";
900 
901     private static String _PATH_PORTAL_RENDER_PORTLET =
902         "/portal/render_portlet";
903 
904     private static String _PATH_PORTAL_TCK = "/portal/tck";
905 
906     private static String _PATH_PORTAL_TERMS_OF_USE = "/portal/terms_of_use";
907 
908     private static String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
909         "/portal/update_terms_of_use";
910 
911     private static Log _log = LogFactory.getLog(PortalRequestProcessor.class);
912 
913     private Set<String> _lastPaths;
914     private Set<String> _publicPaths;
915     private Set<String> _trackerIgnorePaths;
916 
917 }