1
19
20 package com.liferay.portal.servlet.filters.autologin;
21
22 import com.liferay.portal.NoSuchUserException;
23 import com.liferay.portal.kernel.log.Log;
24 import com.liferay.portal.kernel.log.LogFactoryUtil;
25 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
26 import com.liferay.portal.kernel.util.GetterUtil;
27 import com.liferay.portal.kernel.util.InstancePool;
28 import com.liferay.portal.kernel.util.StringPool;
29 import com.liferay.portal.kernel.util.Validator;
30 import com.liferay.portal.model.User;
31 import com.liferay.portal.security.auth.AutoLogin;
32 import com.liferay.portal.security.pwd.PwdEncryptor;
33 import com.liferay.portal.service.UserLocalServiceUtil;
34 import com.liferay.portal.servlet.filters.BasePortalFilter;
35 import com.liferay.portal.util.PortalInstances;
36 import com.liferay.portal.util.PortalUtil;
37 import com.liferay.portal.util.PropsValues;
38 import com.liferay.portal.util.WebKeys;
39
40 import java.io.IOException;
41
42 import javax.servlet.FilterChain;
43 import javax.servlet.ServletException;
44 import javax.servlet.http.HttpServletRequest;
45 import javax.servlet.http.HttpServletResponse;
46 import javax.servlet.http.HttpSession;
47
48
55 public class AutoLoginFilter extends BasePortalFilter {
56
57 protected String getLoginRemoteUser(
58 HttpServletRequest request, HttpServletResponse response,
59 HttpSession session, String[] credentials)
60 throws Exception {
61
62 if ((credentials != null) && (credentials.length == 3)) {
63 String jUsername = credentials[0];
64 String jPassword = credentials[1];
65 boolean encPassword = GetterUtil.getBoolean(credentials[2]);
66
67 if (Validator.isNotNull(jUsername) &&
68 Validator.isNotNull(jPassword)) {
69
70 try {
71 long userId = GetterUtil.getLong(jUsername);
72
73 if (userId > 0) {
74 User user = UserLocalServiceUtil.getUserById(userId);
75
76 if (user.isLockout()) {
77 return null;
78 }
79 }
80 else {
81 return null;
82 }
83 }
84 catch (NoSuchUserException nsue) {
85 return null;
86 }
87
88 session.setAttribute("j_username", jUsername);
89
90
94 if (encPassword) {
95 session.setAttribute("j_password", jPassword);
96 }
97 else {
98 session.setAttribute(
99 "j_password", PwdEncryptor.encrypt(jPassword));
100
101 session.setAttribute(WebKeys.USER_PASSWORD, jPassword);
102 }
103
104 if (PropsValues.PORTAL_JAAS_ENABLE) {
105 response.sendRedirect(
106 PortalUtil.getPathMain() + "/portal/touch_protected");
107 }
108
109 return jUsername;
110 }
111 }
112
113 return null;
114 }
115
116 protected void processFilter(
117 HttpServletRequest request, HttpServletResponse response,
118 FilterChain filterChain)
119 throws IOException, ServletException {
120
121 HttpSession session = request.getSession();
122
123 String host = PortalUtil.getHost(request);
124
125 if (PortalInstances.isAutoLoginIgnoreHost(host)) {
126 if (_log.isDebugEnabled()) {
127 _log.debug("Ignore host " + host);
128 }
129
130 processFilter(
131 AutoLoginFilter.class, request, response, filterChain);
132
133 return;
134 }
135
136 String contextPath = PortalUtil.getPathContext();
137
138 String path = request.getRequestURI().toLowerCase();
139
140 if ((!contextPath.equals(StringPool.SLASH)) &&
141 (path.indexOf(contextPath) != -1)) {
142
143 path = path.substring(contextPath.length(), path.length());
144 }
145
146 if (PortalInstances.isAutoLoginIgnorePath(path)) {
147 if (_log.isDebugEnabled()) {
148 _log.debug("Ignore path " + path);
149 }
150
151 processFilter(
152 AutoLoginFilter.class, request, response, filterChain);
153
154 return;
155 }
156
157 String remoteUser = request.getRemoteUser();
158 String jUserName = (String)session.getAttribute("j_username");
159
160 if ((remoteUser == null) && (jUserName == null)) {
161 for (String autoLoginHook : PropsValues.AUTO_LOGIN_HOOKS) {
162 AutoLogin autoLogin = (AutoLogin)InstancePool.get(
163 autoLoginHook);
164
165 try {
166 String[] credentials = autoLogin.login(request, response);
167
168 String redirect = (String)request.getAttribute(
169 AutoLogin.AUTO_LOGIN_REDIRECT);
170
171 if (redirect != null) {
172 response.sendRedirect(redirect);
173
174 return;
175 }
176
177 String loginRemoteUser = getLoginRemoteUser(
178 request, response, session, credentials);
179
180 if (loginRemoteUser != null) {
181 request = new ProtectedServletRequest(
182 request, loginRemoteUser);
183
184 if (PropsValues.PORTAL_JAAS_ENABLE) {
185 return;
186 }
187 }
188 }
189 catch (Exception e) {
190 if (_log.isWarnEnabled()) {
191 _log.warn(e, e);
192 }
193
194 _log.error(e.getMessage());
195 }
196 }
197 }
198
199 processFilter(AutoLoginFilter.class, request, response, filterChain);
200 }
201
202 private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
203
204 }