001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.struts;
016    
017    import com.liferay.portal.LayoutPermissionException;
018    import com.liferay.portal.PortletActiveException;
019    import com.liferay.portal.UserActiveException;
020    import com.liferay.portal.kernel.exception.SystemException;
021    import com.liferay.portal.kernel.log.Log;
022    import com.liferay.portal.kernel.log.LogFactoryUtil;
023    import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
024    import com.liferay.portal.kernel.servlet.HttpMethods;
025    import com.liferay.portal.kernel.servlet.SessionErrors;
026    import com.liferay.portal.kernel.struts.LastPath;
027    import com.liferay.portal.kernel.util.CharPool;
028    import com.liferay.portal.kernel.util.GetterUtil;
029    import com.liferay.portal.kernel.util.HttpUtil;
030    import com.liferay.portal.kernel.util.JavaConstants;
031    import com.liferay.portal.kernel.util.ParamUtil;
032    import com.liferay.portal.kernel.util.PropsKeys;
033    import com.liferay.portal.kernel.util.StringBundler;
034    import com.liferay.portal.kernel.util.StringPool;
035    import com.liferay.portal.kernel.util.Validator;
036    import com.liferay.portal.liveusers.LiveUsers;
037    import com.liferay.portal.model.Layout;
038    import com.liferay.portal.model.LayoutConstants;
039    import com.liferay.portal.model.Portlet;
040    import com.liferay.portal.model.PortletPreferencesIds;
041    import com.liferay.portal.model.User;
042    import com.liferay.portal.model.UserTracker;
043    import com.liferay.portal.model.UserTrackerPath;
044    import com.liferay.portal.security.auth.PrincipalException;
045    import com.liferay.portal.security.permission.ActionKeys;
046    import com.liferay.portal.security.permission.PermissionChecker;
047    import com.liferay.portal.service.LayoutLocalServiceUtil;
048    import com.liferay.portal.service.PortletLocalServiceUtil;
049    import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
050    import com.liferay.portal.service.permission.PortletPermissionUtil;
051    import com.liferay.portal.service.persistence.UserTrackerPathUtil;
052    import com.liferay.portal.theme.ThemeDisplay;
053    import com.liferay.portal.util.PortalUtil;
054    import com.liferay.portal.util.PrefsPropsUtil;
055    import com.liferay.portal.util.PropsUtil;
056    import com.liferay.portal.util.PropsValues;
057    import com.liferay.portal.util.WebKeys;
058    import com.liferay.portlet.InvokerPortlet;
059    import com.liferay.portlet.PortletConfigFactoryUtil;
060    import com.liferay.portlet.PortletInstanceFactoryUtil;
061    import com.liferay.portlet.PortletPreferencesFactoryUtil;
062    import com.liferay.portlet.PortletURLImpl;
063    import com.liferay.portlet.RenderRequestFactory;
064    import com.liferay.portlet.RenderRequestImpl;
065    import com.liferay.portlet.RenderResponseFactory;
066    import com.liferay.portlet.RenderResponseImpl;
067    
068    import java.io.IOException;
069    
070    import java.util.Date;
071    import java.util.HashSet;
072    import java.util.Iterator;
073    import java.util.Map.Entry;
074    import java.util.Map;
075    import java.util.Set;
076    
077    import javax.portlet.PortletConfig;
078    import javax.portlet.PortletContext;
079    import javax.portlet.PortletMode;
080    import javax.portlet.PortletPreferences;
081    import javax.portlet.PortletRequest;
082    import javax.portlet.WindowState;
083    
084    import javax.servlet.ServletContext;
085    import javax.servlet.ServletException;
086    import javax.servlet.http.HttpServletRequest;
087    import javax.servlet.http.HttpServletResponse;
088    import javax.servlet.http.HttpSession;
089    import javax.servlet.jsp.PageContext;
090    
091    import org.apache.struts.action.ActionMapping;
092    import org.apache.struts.config.ForwardConfig;
093    import org.apache.struts.tiles.TilesRequestProcessor;
094    
095    /**
096     * @author Brian Wing Shun Chan
097     * @author Jorge Ferrer
098     * @author Wesley Gong
099     */
100    public class PortalRequestProcessor extends TilesRequestProcessor {
101    
102            public PortalRequestProcessor() {
103    
104                    // auth.forward.last.path.
105    
106                    _lastPaths = new HashSet<String>();
107    
108                    _lastPaths.add(_PATH_PORTAL_LAYOUT);
109    
110                    addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
111    
112                    // auth.public.path.
113    
114                    _publicPaths = new HashSet<String>();
115    
116                    _publicPaths.add(_PATH_C);
117                    _publicPaths.add(_PATH_PORTAL_FLASH);
118                    _publicPaths.add(_PATH_PORTAL_J_LOGIN);
119                    _publicPaths.add(_PATH_PORTAL_LAYOUT);
120                    _publicPaths.add(_PATH_PORTAL_LOGIN);
121                    _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
122                    _publicPaths.add(_PATH_PORTAL_TCK);
123                    _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
124    
125                    addPaths(_publicPaths, PropsKeys.AUTH_PUBLIC_PATHS);
126    
127                    _trackerIgnorePaths = new HashSet<String>();
128    
129                    addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
130            }
131    
132            public void process(
133                            HttpServletRequest request, HttpServletResponse response)
134                    throws IOException, ServletException {
135    
136                    String path = super.processPath(request, response);
137    
138                    ActionMapping mapping = (ActionMapping)moduleConfig.findActionConfig(
139                            path);
140    
141                    if (mapping == null) {
142                            String lastPath = getLastPath(request);
143    
144                            if (_log.isDebugEnabled()) {
145                                    _log.debug("Last path " + lastPath);
146                            }
147    
148                            response.sendRedirect(lastPath);
149    
150                            return;
151                    }
152    
153                    super.process(request, response);
154    
155                    try {
156                            if (isPortletPath(path)) {
157                                    cleanUp(request);
158                            }
159                    }
160                    catch (Exception e) {
161                            _log.error(e, e);
162                    }
163            }
164    
165            protected void addPaths(Set<String> paths, String propsKey) {
166                    String[] pathsArray = PropsUtil.getArray(propsKey);
167    
168                    for (String path : pathsArray) {
169                            paths.add(path);
170                    }
171            }
172    
173            protected void callParentDoForward(
174                            String uri, HttpServletRequest request,
175                            HttpServletResponse response)
176                    throws IOException, ServletException {
177    
178                    super.doForward(uri, request, response);
179            }
180    
181            protected HttpServletRequest callParentProcessMultipart(
182                    HttpServletRequest request) {
183    
184                    return super.processMultipart(request);
185            }
186    
187            protected String callParentProcessPath(
188                            HttpServletRequest request, HttpServletResponse response)
189                    throws IOException {
190    
191                    return super.processPath(request, response);
192            }
193    
194            protected boolean callParentProcessRoles(
195                            HttpServletRequest request, HttpServletResponse response,
196                            ActionMapping mapping)
197                    throws IOException, ServletException {
198    
199                    return super.processRoles(request, response, mapping);
200            }
201    
202            protected void cleanUp(HttpServletRequest request) throws Exception {
203    
204                    // Clean up portlet objects that may have been created by defineObjects
205                    // for portlets that are called directly from a Struts path
206    
207                    RenderRequestImpl renderRequestImpl =
208                            (RenderRequestImpl)request.getAttribute(
209                                    JavaConstants.JAVAX_PORTLET_REQUEST);
210    
211                    if (renderRequestImpl != null) {
212                            renderRequestImpl.cleanUp();
213                    }
214            }
215    
216            protected void defineObjects(
217                            HttpServletRequest request, HttpServletResponse response,
218                            Portlet portlet)
219                    throws Exception {
220    
221                    String portletId = portlet.getPortletId();
222    
223                    ServletContext servletContext = (ServletContext)request.getAttribute(
224                            WebKeys.CTX);
225    
226                    InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
227                            portlet, servletContext);
228    
229                    PortletPreferencesIds portletPreferencesIds =
230                            PortletPreferencesFactoryUtil.getPortletPreferencesIds(
231                                    request, portletId);
232    
233                    PortletPreferences portletPreferences =
234                            PortletPreferencesLocalServiceUtil.getPreferences(
235                                    portletPreferencesIds);
236    
237                    PortletConfig portletConfig = PortletConfigFactoryUtil.create(
238                            portlet, servletContext);
239                    PortletContext portletContext = portletConfig.getPortletContext();
240    
241                    RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
242                            request, portlet, invokerPortlet, portletContext,
243                            WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
244    
245                    RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
246                            renderRequestImpl, response, portletId, portlet.getCompanyId());
247    
248                    renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
249    
250                    request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
251            }
252    
253            protected void doForward(
254                            String uri, HttpServletRequest request,
255                            HttpServletResponse response)
256                    throws ServletException {
257    
258                    StrutsUtil.forward(uri, getServletContext(), request, response);
259            }
260    
261            protected void doInclude(
262                            String uri, HttpServletRequest request,
263                            HttpServletResponse response)
264                    throws ServletException {
265    
266                    StrutsUtil.include(uri, getServletContext(), request, response);
267            }
268    
269            protected String getFriendlyTrackerPath(
270                            String path, ThemeDisplay themeDisplay, HttpServletRequest request)
271                    throws Exception {
272    
273                    if (!path.equals(_PATH_PORTAL_LAYOUT)) {
274                            return null;
275                    }
276    
277                    long plid = ParamUtil.getLong(request, "p_l_id");
278    
279                    if (plid == 0) {
280                            return null;
281                    }
282    
283                    Layout layout = LayoutLocalServiceUtil.getLayout(plid);
284    
285                    String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
286                            layout, themeDisplay);
287    
288                    String portletId = ParamUtil.getString(request, "p_p_id");
289    
290                    if (Validator.isNull(portletId)) {
291                            return layoutFriendlyURL;
292                    }
293    
294                    long companyId = PortalUtil.getCompanyId(request);
295    
296                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
297                            companyId, portletId);
298    
299                    if (portlet == null) {
300                            String strutsPath = path.substring(
301                                    1, path.lastIndexOf(CharPool.SLASH));
302    
303                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
304                                    companyId, strutsPath);
305                    }
306    
307                    if ((portlet == null) || !portlet.isActive()) {
308                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
309                                    request.getQueryString());
310                    }
311    
312                    String namespace = PortalUtil.getPortletNamespace(portletId);
313    
314                    FriendlyURLMapper friendlyURLMapper =
315                            portlet.getFriendlyURLMapperInstance();
316    
317                    if (friendlyURLMapper == null) {
318                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
319                                    request.getQueryString());
320                    }
321    
322                    PortletURLImpl portletURL = new PortletURLImpl(
323                            request, portletId, plid, PortletRequest.RENDER_PHASE);
324    
325                    Iterator<Map.Entry<String, String[]>> itr =
326                            request.getParameterMap().entrySet().iterator();
327    
328                    while (itr.hasNext()) {
329                            Entry<String, String[]> entry = itr.next();
330    
331                            String key = entry.getKey();
332    
333                            if (key.startsWith(namespace)) {
334                                    key = key.substring(namespace.length());
335    
336                                    portletURL.setParameter(key, entry.getValue());
337                            }
338                    }
339    
340                    String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
341    
342                    if (portletFriendlyURL != null) {
343                            return layoutFriendlyURL.concat(portletFriendlyURL);
344                    }
345                    else {
346                            return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
347                                    request.getQueryString());
348                    }
349            }
350    
351            protected String getLastPath(HttpServletRequest request) {
352                    HttpSession session = request.getSession();
353    
354                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
355                            WebKeys.THEME_DISPLAY);
356    
357                    Boolean httpsInitial = (Boolean)session.getAttribute(
358                            WebKeys.HTTPS_INITIAL);
359    
360                    String portalURL = null;
361    
362                    if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
363                            (!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&
364                            (httpsInitial != null) && (!httpsInitial.booleanValue())) {
365    
366                            portalURL = PortalUtil.getPortalURL(request, false);
367                    }
368                    else {
369                            portalURL = PortalUtil.getPortalURL(request);
370                    }
371    
372                    StringBundler sb = new StringBundler();
373    
374                    sb.append(portalURL);
375                    sb.append(themeDisplay.getPathMain());
376                    sb.append(_PATH_PORTAL_LAYOUT);
377    
378                    if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
379                            if (request.getRemoteUser() != null) {
380    
381                                    // If we do not forward by last path and the user is logged in,
382                                    // forward to the user's default layout to prevent a lagging
383                                    // loop
384    
385                                    sb.append(StringPool.QUESTION);
386                                    sb.append("p_l_id");
387                                    sb.append(StringPool.EQUAL);
388                                    sb.append(LayoutConstants.DEFAULT_PLID);
389                            }
390    
391                            return sb.toString();
392                    }
393    
394                    LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
395    
396                    if (lastPath == null) {
397                            return sb.toString();
398                    }
399    
400                    Map<String, String[]> parameterMap = lastPath.getParameterMap();
401    
402                    // Only test for existing mappings for last paths that were set when the
403                    // user accessed a layout directly instead of through its friendly URL
404    
405                    if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
406                            ActionMapping mapping =
407                                    (ActionMapping)moduleConfig.findActionConfig(
408                                            lastPath.getPath());
409    
410                            if ((mapping == null) || (parameterMap == null)) {
411                                    return sb.toString();
412                            }
413                    }
414    
415                    StringBundler lastPathSB = new StringBundler(4);
416    
417                    lastPathSB.append(portalURL);
418                    lastPathSB.append(lastPath.getContextPath());
419                    lastPathSB.append(lastPath.getPath());
420                    lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
421    
422                    return lastPathSB.toString();
423            }
424    
425            protected boolean isPortletPath(String path) {
426                    if ((path != null) &&
427                            (!path.equals(_PATH_C)) &&
428                            (!path.startsWith(_PATH_COMMON)) &&
429                            (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
430                            (!path.startsWith(_PATH_PORTAL))) {
431    
432                            return true;
433                    }
434                    else {
435                            return false;
436                    }
437            }
438    
439            protected boolean isPublicPath(String path) {
440                    if ((path != null) &&
441                            (_publicPaths.contains(path)) ||
442                            (path.startsWith(_PATH_COMMON))) {
443    
444                            return true;
445                    }
446                    else {
447                            return false;
448                    }
449            }
450    
451            protected ActionMapping processMapping(
452                            HttpServletRequest request, HttpServletResponse response,
453                            String path)
454                    throws IOException {
455    
456                    if (path == null) {
457                            return null;
458                    }
459    
460                    ActionMapping mapping = super.processMapping(request, response, path);
461    
462                    if (mapping == null) {
463                            String msg = getInternal().getMessage("processInvalid");
464    
465                            _log.error("User ID " + request.getRemoteUser());
466                            _log.error("Current URL " + PortalUtil.getCurrentURL(request));
467                            _log.error("Referer " + request.getHeader("Referer"));
468                            _log.error("Remote address " + request.getRemoteAddr());
469    
470                            _log.error(msg + " " + path);
471                    }
472    
473                    return mapping;
474            }
475    
476            protected HttpServletRequest processMultipart(HttpServletRequest request) {
477    
478                    // Disable Struts from automatically wrapping a multipart request
479    
480                    return request;
481            }
482    
483            protected String processPath(
484                            HttpServletRequest request, HttpServletResponse response)
485                    throws IOException {
486    
487                    String path = GetterUtil.getString(
488                            super.processPath(request, response));
489    
490                    HttpSession session = request.getSession();
491    
492                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
493                            WebKeys.THEME_DISPLAY);
494    
495                    // Current users
496    
497                    UserTracker userTracker = LiveUsers.getUserTracker(
498                            themeDisplay.getCompanyId(), session.getId());
499    
500                    if ((userTracker != null) && (!path.equals(_PATH_C)) &&
501                            (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
502                            (path.indexOf(_PATH_PORTAL_PROTECTED) == -1) &&
503                            (!_trackerIgnorePaths.contains(path))) {
504    
505                            String fullPath = null;
506    
507                            try {
508                                    if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
509                                            fullPath = getFriendlyTrackerPath(
510                                                    path, themeDisplay, request);
511                                    }
512                            }
513                            catch (Exception e) {
514                                    _log.error(e, e);
515                            }
516    
517                            String queryString = request.getQueryString();
518    
519                            if (Validator.isNull(fullPath) &&
520                                    Validator.isNotNull(queryString)) {
521    
522                                    fullPath = path.concat(StringPool.QUESTION).concat(queryString);
523                            }
524                            else {
525                                    fullPath = path;
526                            }
527    
528                            UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
529    
530                            userTrackerPath.setUserTrackerId(userTracker.getUserTrackerId());
531                            userTrackerPath.setPath(fullPath);
532                            userTrackerPath.setPathDate(new Date());
533    
534                            userTracker.addPath(userTrackerPath);
535                    }
536    
537                    String remoteUser = request.getRemoteUser();
538    
539                    User user = null;
540    
541                    try {
542                            user = PortalUtil.getUser(request);
543                    }
544                    catch (Exception e) {
545                    }
546    
547                    // Last path
548    
549                    if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
550                            boolean saveLastPath = ParamUtil.getBoolean(
551                                    request, "saveLastPath", true);
552    
553                            if (themeDisplay.isLifecycleResource() ||
554                                    themeDisplay.isStateExclusive() ||
555                                    themeDisplay.isStatePopUp() ||
556                                    !request.getMethod().equalsIgnoreCase(HttpMethods.GET)) {
557    
558                                    saveLastPath = false;
559                            }
560    
561                            // Save last path
562    
563                            if (saveLastPath) {
564    
565                                    // Was a last path set by another servlet that dispatched to
566                                    // the MainServlet? If so, use that last path instead.
567    
568                                    LastPath lastPath = (LastPath)request.getAttribute(
569                                            WebKeys.LAST_PATH);
570    
571                                    if (lastPath == null) {
572                                            lastPath = new LastPath(
573                                                    themeDisplay.getPathMain(), path,
574                                                    request.getParameterMap());
575                                    }
576    
577                                    session.setAttribute(WebKeys.LAST_PATH, lastPath);
578                            }
579                    }
580    
581                    // Authenticated users can always log out
582    
583                    if (((remoteUser != null) || (user != null)) &&
584                            (path.equals(_PATH_PORTAL_LOGOUT))) {
585    
586                            return path;
587                    }
588    
589                    // Authenticated users can always extend or confirm their session
590    
591                    if (((remoteUser != null) || (user != null)) &&
592                            (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
593                             path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
594    
595                            return path;
596                    }
597    
598                    // Authenticated users can always agree to terms of use
599    
600                    if (((remoteUser != null) || (user != null)) &&
601                            (path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE))) {
602    
603                            return path;
604                    }
605    
606                    // Authenticated users must still exist in the system
607    
608                    if ((remoteUser != null) && (user == null)) {
609                            return _PATH_PORTAL_LOGOUT;
610                    }
611    
612                    // Authenticated users must be active
613    
614                    if ((user != null) && !user.isActive()) {
615                            SessionErrors.add(request, UserActiveException.class.getName());
616    
617                            return _PATH_PORTAL_ERROR;
618                    }
619    
620                    if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
621                            !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
622                            !ParamUtil.getBoolean(request, "wsrp")) {
623    
624                            // Authenticated users should agree to Terms of Use
625    
626                            if ((user != null) && !user.isAgreedToTermsOfUse()) {
627                                    boolean termsOfUseRequired = false;
628    
629                                    try {
630                                            termsOfUseRequired = PrefsPropsUtil.getBoolean(
631                                                    user.getCompanyId(), PropsKeys.TERMS_OF_USE_REQUIRED);
632                                    }
633                                    catch (SystemException se) {
634                                            termsOfUseRequired = PropsValues.TERMS_OF_USE_REQUIRED;
635                                    }
636    
637                                    if (termsOfUseRequired) {
638                                            return _PATH_PORTAL_TERMS_OF_USE;
639                                    }
640                            }
641    
642                            // Authenticated users must have a current password
643    
644                            if ((user != null) && user.isPasswordReset()) {
645                                    return _PATH_PORTAL_UPDATE_PASSWORD;
646                            }
647    
648                            // Authenticated users must have an email address
649    
650                            if ((user != null) &&
651                                    Validator.isNull(user.getDisplayEmailAddress())) {
652    
653                                    return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
654                            }
655    
656                            // Authenticated users should have a reminder query
657    
658                            if ((user != null) &&
659                                    (Validator.isNull(user.getReminderQueryQuestion()) ||
660                                     Validator.isNull(user.getReminderQueryAnswer()))) {
661    
662                                    if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
663                                            return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
664                                    }
665                            }
666                    }
667    
668                    // Users must sign in
669    
670                    if (!isPublicPath(path)) {
671                            if (user == null) {
672                                    SessionErrors.add(request, PrincipalException.class.getName());
673    
674                                    return _PATH_PORTAL_LOGIN;
675                            }
676                    }
677    
678                    ActionMapping mapping =
679                            (ActionMapping)moduleConfig.findActionConfig(path);
680    
681                    path = mapping.getPath();
682    
683                    // Define the portlet objects
684    
685                    if (isPortletPath(path)) {
686                            try {
687                                    Portlet portlet = null;
688    
689                                    long companyId = PortalUtil.getCompanyId(request);
690                                    String portletId = ParamUtil.getString(request, "p_p_id");
691    
692                                    if (Validator.isNotNull(portletId)) {
693                                            portlet = PortletLocalServiceUtil.getPortletById(
694                                                    companyId, portletId);
695                                    }
696    
697                                    if (portlet == null) {
698                                            String strutsPath = path.substring(
699                                                    1, path.lastIndexOf(CharPool.SLASH));
700    
701                                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
702                                                    companyId, strutsPath);
703                                    }
704    
705                                    if ((portlet != null) && portlet.isActive()) {
706                                            defineObjects(request, response, portlet);
707                                    }
708                            }
709                            catch (Exception e) {
710                                    request.setAttribute(PageContext.EXCEPTION, e);
711    
712                                    path = _PATH_COMMON_ERROR;
713                            }
714                    }
715    
716                    // Authenticated users must have access to at least one layout
717    
718                    if (SessionErrors.contains(
719                                    request, LayoutPermissionException.class.getName())) {
720    
721                            return _PATH_PORTAL_ERROR;
722                    }
723    
724                    return path;
725            }
726    
727            protected boolean processRoles(
728                            HttpServletRequest request, HttpServletResponse response,
729                            ActionMapping mapping)
730                    throws IOException, ServletException {
731    
732                    String path = mapping.getPath();
733    
734                    if (isPublicPath(path)) {
735                            return true;
736                    }
737    
738                    boolean authorized = true;
739    
740                    User user = null;
741    
742                    try {
743                            user = PortalUtil.getUser(request);
744                    }
745                    catch (Exception e) {
746                    }
747    
748                    if ((user != null) && isPortletPath(path)) {
749                            try {
750    
751                                    // Authenticated users can always log out
752    
753                                    if (path.equals(_PATH_PORTAL_LOGOUT)) {
754                                            return true;
755                                    }
756    
757                                    Portlet portlet = null;
758    
759                                    String portletId = ParamUtil.getString(request, "p_p_id");
760    
761                                    if (Validator.isNotNull(portletId)) {
762                                            portlet = PortletLocalServiceUtil.getPortletById(
763                                                    user.getCompanyId(), portletId);
764                                    }
765    
766                                    String strutsPath = path.substring(
767                                            1, path.lastIndexOf(CharPool.SLASH));
768    
769                                    if (portlet != null) {
770                                            if (!strutsPath.equals(portlet.getStrutsPath())) {
771                                                    throw new PrincipalException();
772                                            }
773                                    }
774                                    else {
775                                            portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
776                                                    user.getCompanyId(), strutsPath);
777                                    }
778    
779                                    if ((portlet != null) && portlet.isActive()) {
780                                            ThemeDisplay themeDisplay =
781                                                    (ThemeDisplay)request.getAttribute(
782                                                            WebKeys.THEME_DISPLAY);
783    
784                                            Layout layout = themeDisplay.getLayout();
785                                            PermissionChecker permissionChecker =
786                                                    themeDisplay.getPermissionChecker();
787    
788                                            if (!PortletPermissionUtil.contains(
789                                                            permissionChecker, layout.getPlid(), portlet,
790                                                            ActionKeys.VIEW)) {
791    
792                                                    throw new PrincipalException();
793                                            }
794                                    }
795                                    else if (portlet != null && !portlet.isActive()) {
796                                            SessionErrors.add(
797                                                    request, PortletActiveException.class.getName());
798    
799                                            authorized = false;
800                                    }
801                            }
802                            catch (Exception e) {
803                                    SessionErrors.add(request, PrincipalException.class.getName());
804    
805                                    authorized = false;
806                            }
807                    }
808    
809                    if (!authorized) {
810                            ForwardConfig forwardConfig =
811                                    mapping.findForward(_PATH_PORTAL_ERROR);
812    
813                            processForwardConfig(request, response, forwardConfig);
814    
815                            return false;
816                    }
817                    else {
818                            return true;
819                    }
820            }
821    
822            private static String _PATH_C = "/c";
823    
824            private static String _PATH_COMMON = "/common";
825    
826            private static String _PATH_COMMON_ERROR = "/common/error";
827    
828            private static String _PATH_J_SECURITY_CHECK = "/j_security_check";
829    
830            private static String _PATH_PORTAL = "/portal";
831    
832            private static String _PATH_PORTAL_ERROR = "/portal/error";
833    
834            private static String _PATH_PORTAL_EXPIRE_SESSION =
835                    "/portal/expire_session";
836    
837            private static String _PATH_PORTAL_EXTEND_SESSION =
838                    "/portal/extend_session";
839    
840            private static String _PATH_PORTAL_FLASH = "/portal/flash";
841    
842            private static String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
843    
844            private static String _PATH_PORTAL_JSON_SERVICE = "/portal/json_service";
845    
846            private static String _PATH_PORTAL_LAYOUT = "/portal/layout";
847    
848            private static String _PATH_PORTAL_LOGIN = "/portal/login";
849    
850            private static String _PATH_PORTAL_LOGOUT = "/portal/logout";
851    
852            private static String _PATH_PORTAL_PROTECTED = "/portal/protected";
853    
854            private static String _PATH_PORTAL_RENDER_PORTLET =
855                    "/portal/render_portlet";
856    
857            private static String _PATH_PORTAL_TCK = "/portal/tck";
858    
859            private static String _PATH_PORTAL_TERMS_OF_USE = "/portal/terms_of_use";
860    
861            private static String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
862                    "/portal/update_email_address";
863    
864            private static String _PATH_PORTAL_UPDATE_PASSWORD =
865                    "/portal/update_password";
866    
867            private static String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
868                    "/portal/update_reminder_query";
869    
870            private static String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
871                    "/portal/update_terms_of_use";
872    
873            private static Log _log = LogFactoryUtil.getLog(
874                    PortalRequestProcessor.class);
875    
876            private Set<String> _lastPaths;
877            private Set<String> _publicPaths;
878            private Set<String> _trackerIgnorePaths;
879    
880    }