1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.security.auth;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.util.ParamUtil;
20  import com.liferay.portal.kernel.util.StringPool;
21  import com.liferay.portal.kernel.util.Validator;
22  import com.liferay.portal.model.User;
23  import com.liferay.portal.security.ldap.LDAPSettingsUtil;
24  import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
25  import com.liferay.portal.security.ldap.PortalLDAPUtil;
26  import com.liferay.portal.util.PortalUtil;
27  import com.liferay.portal.util.WebKeys;
28  
29  import javax.naming.directory.SearchResult;
30  import javax.naming.ldap.LdapContext;
31  
32  import javax.servlet.http.HttpServletRequest;
33  import javax.servlet.http.HttpServletResponse;
34  
35  /**
36   * <a href="NtlmAutoLogin.java.html"><b><i>View Source</i></b></a>
37   *
38   * @author Bruno Farache
39   */
40  public class NtlmAutoLogin implements AutoLogin {
41  
42      public String[] login(
43          HttpServletRequest request, HttpServletResponse response) {
44  
45          String[] credentials = null;
46  
47          try {
48              long companyId = PortalUtil.getCompanyId(request);
49  
50              if (!LDAPSettingsUtil.isNtlmEnabled(companyId)) {
51                  return credentials;
52              }
53  
54              String screenName = (String)request.getAttribute(
55                  WebKeys.NTLM_REMOTE_USER);
56  
57              if (screenName == null) {
58                  return credentials;
59              }
60  
61              request.removeAttribute(WebKeys.NTLM_REMOTE_USER);
62  
63              User user = getUser(companyId, screenName);
64  
65              if (user != null) {
66                  String redirect = ParamUtil.getString(request, "redirect");
67  
68                  if (Validator.isNotNull(redirect)) {
69                      request.setAttribute(
70                          AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE, redirect);
71                  }
72  
73                  credentials = new String[3];
74  
75                  credentials[0] = String.valueOf(user.getUserId());
76                  credentials[1] = user.getPassword();
77                  credentials[2] = Boolean.TRUE.toString();
78              }
79          }
80          catch (Exception e) {
81              _log.error(e, e);
82          }
83  
84          return credentials;
85      }
86  
87      protected User getUser(long companyId, String screenName) throws Exception {
88          long ldapServerId = PortalLDAPUtil.getLdapServerId(
89              companyId, screenName);
90  
91          SearchResult result = (SearchResult)PortalLDAPUtil.getUser(
92              ldapServerId, companyId, screenName);
93  
94          if (result == null) {
95              if (_log.isWarnEnabled()) {
96                  _log.warn(
97                      "No user was found in LDAP with screenName " + screenName);
98              }
99  
100             return null;
101         }
102 
103         LdapContext ctx = PortalLDAPUtil.getContext(ldapServerId, companyId);
104 
105         User user = PortalLDAPImporterUtil.importLDAPUser(
106             ldapServerId, companyId, ctx, result.getAttributes(),
107             StringPool.BLANK, false);
108 
109         ctx.close();
110 
111         return user;
112     }
113 
114     private static Log _log = LogFactoryUtil.getLog(NtlmAutoLogin.class);
115 
116 }