1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.servlet.filters.autologin;
24  
25  import com.liferay.portal.NoSuchUserException;
26  import com.liferay.portal.kernel.log.Log;
27  import com.liferay.portal.kernel.log.LogFactoryUtil;
28  import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
29  import com.liferay.portal.kernel.util.GetterUtil;
30  import com.liferay.portal.kernel.util.InstancePool;
31  import com.liferay.portal.kernel.util.ListUtil;
32  import com.liferay.portal.kernel.util.StringPool;
33  import com.liferay.portal.kernel.util.Validator;
34  import com.liferay.portal.model.User;
35  import com.liferay.portal.security.auth.AutoLogin;
36  import com.liferay.portal.security.pwd.PwdEncryptor;
37  import com.liferay.portal.service.UserLocalServiceUtil;
38  import com.liferay.portal.servlet.filters.BasePortalFilter;
39  import com.liferay.portal.util.PortalInstances;
40  import com.liferay.portal.util.PortalUtil;
41  import com.liferay.portal.util.PropsValues;
42  import com.liferay.portal.util.WebKeys;
43  
44  import java.util.ArrayList;
45  import java.util.List;
46  
47  import javax.servlet.FilterChain;
48  import javax.servlet.http.HttpServletRequest;
49  import javax.servlet.http.HttpServletResponse;
50  import javax.servlet.http.HttpSession;
51  
52  /**
53   * <a href="AutoLoginFilter.java.html"><b><i>View Source</i></b></a>
54   *
55   * @author Brian Wing Shun Chan
56   * @author Raymond Augé
57   *
58   */
59  public class AutoLoginFilter extends BasePortalFilter {
60  
61      public static void registerAutoLogin(AutoLogin autoLogin) {
62          if (_autoLogins == null) {
63              _log.error("AutoLoginFilter is not initialized yet");
64  
65              return;
66          }
67  
68          List<AutoLogin> autoLogins = ListUtil.fromArray(_autoLogins);
69  
70          autoLogins.add(autoLogin);
71  
72          _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
73      }
74  
75      public static void unregisterAutoLogin(AutoLogin autoLogin) {
76          if (_autoLogins == null) {
77              _log.error("AutoLoginFilter is not initialized yet");
78  
79              return;
80          }
81  
82          List<AutoLogin> autoLogins = ListUtil.fromArray(_autoLogins);
83  
84          if (autoLogins.remove(autoLogin)) {
85              _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
86          }
87      }
88  
89      public AutoLoginFilter() {
90          List<AutoLogin> autoLogins = new ArrayList<AutoLogin>();
91  
92          for (String autoLoginHook : PropsValues.AUTO_LOGIN_HOOKS) {
93              AutoLogin autoLogin = (AutoLogin)InstancePool.get(
94                  autoLoginHook);
95  
96              autoLogins.add(autoLogin);
97          }
98  
99          _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
100     }
101 
102     protected String getLoginRemoteUser(
103             HttpServletRequest request, HttpServletResponse response,
104             HttpSession session, String[] credentials)
105         throws Exception {
106 
107         if ((credentials != null) && (credentials.length == 3)) {
108             String jUsername = credentials[0];
109             String jPassword = credentials[1];
110             boolean encPassword = GetterUtil.getBoolean(credentials[2]);
111 
112             if (Validator.isNotNull(jUsername) &&
113                 Validator.isNotNull(jPassword)) {
114 
115                 try {
116                     long userId = GetterUtil.getLong(jUsername);
117 
118                     if (userId > 0) {
119                         User user = UserLocalServiceUtil.getUserById(userId);
120 
121                         if (user.isLockout()) {
122                             return null;
123                         }
124                     }
125                     else {
126                         return null;
127                     }
128                 }
129                 catch (NoSuchUserException nsue) {
130                     return null;
131                 }
132 
133                 session.setAttribute("j_username", jUsername);
134 
135                 // Not having access to the unencrypted password
136                 // will not allow you to connect to external
137                 // resources that require it (mail server)
138 
139                 if (encPassword) {
140                     session.setAttribute("j_password", jPassword);
141                 }
142                 else {
143                     session.setAttribute(
144                         "j_password", PwdEncryptor.encrypt(jPassword));
145 
146                     session.setAttribute(WebKeys.USER_PASSWORD, jPassword);
147                 }
148 
149                 if (PropsValues.PORTAL_JAAS_ENABLE) {
150                     response.sendRedirect(
151                         PortalUtil.getPathMain() + "/portal/touch_protected");
152                 }
153 
154                 return jUsername;
155             }
156         }
157 
158         return null;
159     }
160 
161     protected void processFilter(
162             HttpServletRequest request, HttpServletResponse response,
163             FilterChain filterChain)
164         throws Exception {
165 
166         HttpSession session = request.getSession();
167 
168         String host = PortalUtil.getHost(request);
169 
170         if (PortalInstances.isAutoLoginIgnoreHost(host)) {
171             if (_log.isDebugEnabled()) {
172                 _log.debug("Ignore host " + host);
173             }
174 
175             processFilter(
176                 AutoLoginFilter.class, request, response, filterChain);
177 
178             return;
179         }
180 
181         String contextPath = PortalUtil.getPathContext();
182 
183         String path = request.getRequestURI().toLowerCase();
184 
185         if ((!contextPath.equals(StringPool.SLASH)) &&
186             (path.indexOf(contextPath) != -1)) {
187 
188             path = path.substring(contextPath.length(), path.length());
189         }
190 
191         if (PortalInstances.isAutoLoginIgnorePath(path)) {
192             if (_log.isDebugEnabled()) {
193                 _log.debug("Ignore path " + path);
194             }
195 
196             processFilter(
197                 AutoLoginFilter.class, request, response, filterChain);
198 
199             return;
200         }
201 
202         String remoteUser = request.getRemoteUser();
203         String jUserName = (String)session.getAttribute("j_username");
204 
205         if ((remoteUser == null) && (jUserName == null)) {
206             for (AutoLogin autoLogin : _autoLogins) {
207                 try {
208                     String[] credentials = autoLogin.login(request, response);
209 
210                     String redirect = (String)request.getAttribute(
211                         AutoLogin.AUTO_LOGIN_REDIRECT);
212 
213                     if (redirect != null) {
214                         response.sendRedirect(redirect);
215 
216                         return;
217                     }
218 
219                     String loginRemoteUser = getLoginRemoteUser(
220                         request, response, session, credentials);
221 
222                     if (loginRemoteUser != null) {
223                         request = new ProtectedServletRequest(
224                             request, loginRemoteUser);
225 
226                         if (PropsValues.PORTAL_JAAS_ENABLE) {
227                             return;
228                         }
229                     }
230                 }
231                 catch (Exception e) {
232                     if (_log.isWarnEnabled()) {
233                         _log.warn(e, e);
234                     }
235 
236                     String currentURL = PortalUtil.getCurrentURL(request);
237 
238                     if (currentURL.endsWith(_PATH_CHAT_LATEST)) {
239                         if (_log.isWarnEnabled()) {
240                             _log.warn(
241                                 "Current URL " + currentURL +
242                                     " generates exception: " + e.getMessage());
243                         }
244                     }
245                     else {
246                         _log.error(
247                             "Current URL " + currentURL +
248                                 " generates exception: " + e.getMessage());
249                     }
250                 }
251             }
252         }
253 
254         processFilter(AutoLoginFilter.class, request, response, filterChain);
255     }
256 
257     private static final String _PATH_CHAT_LATEST = "/-/chat/latest";
258 
259     private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
260 
261     private static AutoLogin[] _autoLogins;
262 
263 }