001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.servlet.HttpHeaders;
020 import com.liferay.portal.kernel.util.PropsKeys;
021 import com.liferay.portal.kernel.util.StringPool;
022 import com.liferay.portal.kernel.util.Validator;
023 import com.liferay.portal.model.User;
024 import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026 import com.liferay.portal.util.PortalUtil;
027 import com.liferay.portal.util.PrefsPropsUtil;
028 import com.liferay.portal.util.PropsUtil;
029 import com.liferay.portal.util.PropsValues;
030
031 import java.util.HashSet;
032 import java.util.Set;
033
034 import javax.servlet.http.HttpServletRequest;
035 import javax.servlet.http.HttpServletResponse;
036
037
041 public class RequestHeaderAutoLogin extends BaseAutoLogin {
042
043 public RequestHeaderAutoLogin() {
044 String[] hostsAllowedArray = PropsUtil.getArray(
045 "request.header.auth.hosts.allowed");
046
047 for (int i = 0; i < hostsAllowedArray.length; i++) {
048 _hostsAllowed.add(hostsAllowedArray[i]);
049 }
050 }
051
052 @Override
053 protected String[] doLogin(
054 HttpServletRequest request, HttpServletResponse response)
055 throws Exception {
056
057 String remoteAddr = request.getRemoteAddr();
058
059 if (AuthSettingsUtil.isAccessAllowed(request, _hostsAllowed)) {
060 if (_log.isDebugEnabled()) {
061 _log.debug("Access allowed for " + remoteAddr);
062 }
063 }
064 else {
065 if (_log.isWarnEnabled()) {
066 _log.warn("Access denied for " + remoteAddr);
067 }
068
069 return null;
070 }
071
072 long companyId = PortalUtil.getCompanyId(request);
073
074 String screenName = request.getHeader(HttpHeaders.LIFERAY_SCREEN_NAME);
075
076 if (Validator.isNull(screenName)) {
077 return null;
078 }
079
080 User user = null;
081
082 if (PrefsPropsUtil.getBoolean(
083 companyId, PropsKeys.REQUEST_HEADER_AUTH_IMPORT_FROM_LDAP,
084 PropsValues.REQUEST_HEADER_AUTH_IMPORT_FROM_LDAP)) {
085
086 try {
087 user = PortalLDAPImporterUtil.importLDAPUser(
088 companyId, StringPool.BLANK, screenName);
089 }
090 catch (Exception e) {
091 }
092 }
093
094 if (user == null) {
095 user = UserLocalServiceUtil.getUserByScreenName(
096 companyId, screenName);
097 }
098
099 String[] credentials = new String[3];
100
101 credentials[0] = String.valueOf(user.getUserId());
102 credentials[1] = user.getPassword();
103 credentials[2] = Boolean.TRUE.toString();
104
105 return credentials;
106 }
107
108 private static Log _log = LogFactoryUtil.getLog(
109 RequestHeaderAutoLogin.class);
110
111 private Set<String> _hostsAllowed = new HashSet<String>();
112
113 }