001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.kernel.util.KeyValuePair;
021 import com.liferay.portal.kernel.util.StringPool;
022 import com.liferay.portal.kernel.util.Validator;
023 import com.liferay.portal.model.Company;
024 import com.liferay.portal.model.User;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026 import com.liferay.portal.util.CookieKeys;
027 import com.liferay.portal.util.PortalUtil;
028
029 import javax.servlet.http.Cookie;
030 import javax.servlet.http.HttpServletRequest;
031 import javax.servlet.http.HttpServletResponse;
032
033
036 public class RememberMeAutoLogin implements AutoLogin {
037
038 public String[] login(
039 HttpServletRequest request, HttpServletResponse response)
040 throws AutoLoginException {
041
042 try {
043 String[] credentials = null;
044
045 String autoUserId = CookieKeys.getCookie(request, CookieKeys.ID);
046 String autoPassword = CookieKeys.getCookie(
047 request, CookieKeys.PASSWORD);
048 String rememberMe = CookieKeys.getCookie(
049 request, CookieKeys.REMEMBER_ME);
050
051
052
053 if (!PortalUtil.getPathContext().equals(request.getContextPath())) {
054 rememberMe = Boolean.TRUE.toString();
055 }
056
057 if (Validator.isNotNull(autoUserId) &&
058 Validator.isNotNull(autoPassword) &&
059 Validator.isNotNull(rememberMe)) {
060
061 Company company = PortalUtil.getCompany(request);
062
063 KeyValuePair kvp = null;
064
065 if (company.isAutoLogin()) {
066 kvp = UserLocalServiceUtil.decryptUserId(
067 company.getCompanyId(), autoUserId, autoPassword);
068
069 credentials = new String[3];
070
071 credentials[0] = kvp.getKey();
072 credentials[1] = kvp.getValue();
073 credentials[2] = Boolean.FALSE.toString();
074 }
075 }
076
077
078
079 if (credentials != null) {
080 Company company = PortalUtil.getCompany(request);
081
082 User defaultUser = UserLocalServiceUtil.getDefaultUser(
083 company.getCompanyId());
084
085 long userId = GetterUtil.getLong(credentials[0]);
086
087 if (defaultUser.getUserId() == userId) {
088 credentials = null;
089
090 removeCookies(request, response);
091 }
092 }
093
094 return credentials;
095 }
096 catch (Exception e) {
097 _log.warn(e, e);
098
099 removeCookies(request, response);
100
101 throw new AutoLoginException(e);
102 }
103 }
104
105 protected void removeCookies(
106 HttpServletRequest request, HttpServletResponse response) {
107
108 Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
109
110 cookie.setMaxAge(0);
111 cookie.setPath(StringPool.SLASH);
112
113 CookieKeys.addCookie(request, response, cookie);
114
115 cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
116
117 cookie.setMaxAge(0);
118 cookie.setPath(StringPool.SLASH);
119
120 CookieKeys.addCookie(request, response, cookie);
121 }
122
123 private static Log _log = LogFactoryUtil.getLog(RememberMeAutoLogin.class);
124
125 }