1
22
23 package com.liferay.portal.security.auth;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.SystemException;
27 import com.liferay.portal.kernel.log.Log;
28 import com.liferay.portal.kernel.log.LogFactoryUtil;
29 import com.liferay.portal.kernel.util.ParamUtil;
30 import com.liferay.portal.kernel.util.PropsKeys;
31 import com.liferay.portal.kernel.util.StringPool;
32 import com.liferay.portal.kernel.util.StringUtil;
33 import com.liferay.portal.kernel.util.Validator;
34 import com.liferay.portal.model.User;
35 import com.liferay.portal.security.ldap.PortalLDAPUtil;
36 import com.liferay.portal.service.UserLocalServiceUtil;
37 import com.liferay.portal.servlet.filters.sso.cas.CASFilter;
38 import com.liferay.portal.util.PortalUtil;
39 import com.liferay.portal.util.PrefsPropsUtil;
40 import com.liferay.portal.util.PropsValues;
41
42 import javax.naming.Binding;
43 import javax.naming.NamingEnumeration;
44 import javax.naming.directory.Attributes;
45 import javax.naming.directory.SearchControls;
46 import javax.naming.directory.SearchResult;
47 import javax.naming.ldap.LdapContext;
48
49 import javax.servlet.http.HttpServletRequest;
50 import javax.servlet.http.HttpServletResponse;
51 import javax.servlet.http.HttpSession;
52
53
60 public class CASAutoLogin implements AutoLogin {
61
62 public String[] login(
63 HttpServletRequest request, HttpServletResponse response) {
64
65 String[] credentials = null;
66
67 try {
68 long companyId = PortalUtil.getCompanyId(request);
69
70 if (!PrefsPropsUtil.getBoolean(
71 companyId, PropsKeys.CAS_AUTH_ENABLED,
72 PropsValues.CAS_AUTH_ENABLED)) {
73
74 return credentials;
75 }
76
77 HttpSession session = request.getSession();
78
79 String screenName = (String)session.getAttribute(
80 CASFilter.SCREEN_NAME);
81
82 if (Validator.isNull(screenName)) {
83 return credentials;
84 }
85
86 User user = null;
87
88 if (PrefsPropsUtil.getBoolean(
89 companyId, PropsKeys.CAS_IMPORT_FROM_LDAP,
90 PropsValues.CAS_IMPORT_FROM_LDAP)) {
91
92 try {
93 user = importLDAPUser(companyId, screenName);
94 }
95 catch (SystemException se) {
96 }
97 }
98
99 if (user == null) {
100 user = UserLocalServiceUtil.getUserByScreenName(
101 companyId, screenName);
102 }
103
104 String redirect = ParamUtil.getString(request, "redirect");
105
106 if (Validator.isNotNull(redirect)) {
107 request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
108 }
109
110 credentials = new String[3];
111
112 credentials[0] = String.valueOf(user.getUserId());
113 credentials[1] = user.getPassword();
114 credentials[2] = Boolean.TRUE.toString();
115
116 return credentials;
117 }
118 catch (Exception e) {
119 _log.error(e, e);
120 }
121
122 return credentials;
123 }
124
125
128 protected User addUser(long companyId, String screenName)
129 throws Exception {
130
131 return importLDAPUser(companyId, screenName);
132 }
133
134 protected User importLDAPUser(long companyId, String screenName)
135 throws Exception {
136
137 LdapContext ctx = null;
138
139 try {
140 long ldapServerId = PortalLDAPUtil.getLdapServerId(
141 companyId, screenName);
142
143 String postfix = PortalLDAPUtil.getPropertyPostfix(ldapServerId);
144
145 String baseDN = PrefsPropsUtil.getString(
146 companyId, PropsKeys.LDAP_BASE_DN + postfix);
147
148 ctx = PortalLDAPUtil.getContext(ldapServerId, companyId);
149
150 if (ctx == null) {
151 throw new SystemException("Failed to bind to the LDAP server");
152 }
153
154 String filter = PrefsPropsUtil.getString(
155 companyId, PropsKeys.LDAP_AUTH_SEARCH_FILTER + postfix);
156
157 if (_log.isDebugEnabled()) {
158 _log.debug("Search filter before transformation " + filter);
159 }
160
161 filter = StringUtil.replace(
162 filter,
163 new String[] {
164 "@company_id@", "@email_address@", "@screen_name@"
165 },
166 new String[] {
167 String.valueOf(companyId), StringPool.BLANK, screenName
168 });
169
170 if (_log.isDebugEnabled()) {
171 _log.debug("Search filter after transformation " + filter);
172 }
173
174 SearchControls cons = new SearchControls(
175 SearchControls.SUBTREE_SCOPE, 1, 0, null, false, false);
176
177 NamingEnumeration<SearchResult> enu = ctx.search(
178 baseDN, filter, cons);
179
180 if (enu.hasMoreElements()) {
181 if (_log.isDebugEnabled()) {
182 _log.debug("Search filter returned at least one result");
183 }
184
185 Binding binding = enu.nextElement();
186
187 Attributes attrs = PortalLDAPUtil.getUserAttributes(
188 ldapServerId, companyId, ctx,
189 PortalLDAPUtil.getNameInNamespace(
190 ldapServerId, companyId, binding));
191
192 return PortalLDAPUtil.importLDAPUser(
193 ldapServerId, companyId, ctx, attrs, StringPool.BLANK,
194 true);
195 }
196 else {
197 throw new NoSuchUserException(
198 "User " + screenName + " was not found in the LDAP server");
199 }
200 }
201 catch (Exception e) {
202 if (_log.isWarnEnabled()) {
203 _log.warn("Problem accessing LDAP server " + e.getMessage());
204 }
205
206 if (_log.isDebugEnabled()) {
207 _log.debug(e, e);
208 }
209
210 throw new SystemException(
211 "Problem accessing LDAP server " + e.getMessage());
212 }
213 finally {
214 if (ctx != null) {
215 ctx.close();
216 }
217 }
218 }
219
220 private static Log _log = LogFactoryUtil.getLog(CASAutoLogin.class);
221
222 }