1
22
23 package com.liferay.portal.servlet.filters.autologin;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.kernel.log.Log;
27 import com.liferay.portal.kernel.log.LogFactoryUtil;
28 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
29 import com.liferay.portal.kernel.util.GetterUtil;
30 import com.liferay.portal.kernel.util.InstancePool;
31 import com.liferay.portal.kernel.util.StringPool;
32 import com.liferay.portal.kernel.util.Validator;
33 import com.liferay.portal.model.User;
34 import com.liferay.portal.security.auth.AutoLogin;
35 import com.liferay.portal.security.pwd.PwdEncryptor;
36 import com.liferay.portal.service.UserLocalServiceUtil;
37 import com.liferay.portal.servlet.filters.BasePortalFilter;
38 import com.liferay.portal.util.PortalInstances;
39 import com.liferay.portal.util.PortalUtil;
40 import com.liferay.portal.util.PropsValues;
41 import com.liferay.portal.util.WebKeys;
42
43 import java.io.IOException;
44
45 import javax.servlet.FilterChain;
46 import javax.servlet.ServletException;
47 import javax.servlet.http.HttpServletRequest;
48 import javax.servlet.http.HttpServletResponse;
49 import javax.servlet.http.HttpSession;
50
51
58 public class AutoLoginFilter extends BasePortalFilter {
59
60 protected String getLoginRemoteUser(
61 HttpServletRequest request, HttpServletResponse response,
62 HttpSession session, String[] credentials)
63 throws Exception {
64
65 if ((credentials != null) && (credentials.length == 3)) {
66 String jUsername = credentials[0];
67 String jPassword = credentials[1];
68 boolean encPassword = GetterUtil.getBoolean(credentials[2]);
69
70 if (Validator.isNotNull(jUsername) &&
71 Validator.isNotNull(jPassword)) {
72
73 try {
74 long userId = GetterUtil.getLong(jUsername);
75
76 if (userId > 0) {
77 User user = UserLocalServiceUtil.getUserById(userId);
78
79 if (user.isLockout()) {
80 return null;
81 }
82 }
83 else {
84 return null;
85 }
86 }
87 catch (NoSuchUserException nsue) {
88 return null;
89 }
90
91 session.setAttribute("j_username", jUsername);
92
93
97 if (encPassword) {
98 session.setAttribute("j_password", jPassword);
99 }
100 else {
101 session.setAttribute(
102 "j_password", PwdEncryptor.encrypt(jPassword));
103
104 session.setAttribute(WebKeys.USER_PASSWORD, jPassword);
105 }
106
107 if (PropsValues.PORTAL_JAAS_ENABLE) {
108 response.sendRedirect(
109 PortalUtil.getPathMain() + "/portal/touch_protected");
110 }
111
112 return jUsername;
113 }
114 }
115
116 return null;
117 }
118
119 protected void processFilter(
120 HttpServletRequest request, HttpServletResponse response,
121 FilterChain filterChain)
122 throws IOException, ServletException {
123
124 HttpSession session = request.getSession();
125
126 String host = PortalUtil.getHost(request);
127
128 if (PortalInstances.isAutoLoginIgnoreHost(host)) {
129 if (_log.isDebugEnabled()) {
130 _log.debug("Ignore host " + host);
131 }
132
133 processFilter(
134 AutoLoginFilter.class, request, response, filterChain);
135
136 return;
137 }
138
139 String contextPath = PortalUtil.getPathContext();
140
141 String path = request.getRequestURI().toLowerCase();
142
143 if ((!contextPath.equals(StringPool.SLASH)) &&
144 (path.indexOf(contextPath) != -1)) {
145
146 path = path.substring(contextPath.length(), path.length());
147 }
148
149 if (PortalInstances.isAutoLoginIgnorePath(path)) {
150 if (_log.isDebugEnabled()) {
151 _log.debug("Ignore path " + path);
152 }
153
154 processFilter(
155 AutoLoginFilter.class, request, response, filterChain);
156
157 return;
158 }
159
160 String remoteUser = request.getRemoteUser();
161 String jUserName = (String)session.getAttribute("j_username");
162
163 if ((remoteUser == null) && (jUserName == null)) {
164 for (String autoLoginHook : PropsValues.AUTO_LOGIN_HOOKS) {
165 AutoLogin autoLogin = (AutoLogin)InstancePool.get(
166 autoLoginHook);
167
168 try {
169 String[] credentials = autoLogin.login(request, response);
170
171 String redirect = (String)request.getAttribute(
172 AutoLogin.AUTO_LOGIN_REDIRECT);
173
174 if (redirect != null) {
175 response.sendRedirect(redirect);
176
177 return;
178 }
179
180 String loginRemoteUser = getLoginRemoteUser(
181 request, response, session, credentials);
182
183 if (loginRemoteUser != null) {
184 request = new ProtectedServletRequest(
185 request, loginRemoteUser);
186
187 if (PropsValues.PORTAL_JAAS_ENABLE) {
188 return;
189 }
190 }
191 }
192 catch (Exception e) {
193 _log.warn(e, e);
194 _log.error(e.getMessage());
195 }
196 }
197 }
198
199 processFilter(AutoLoginFilter.class, request, response, filterChain);
200 }
201
202 private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
203
204 }