001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.CompanyMaxUsersException;
018    import com.liferay.portal.CookieNotSupportedException;
019    import com.liferay.portal.NoSuchUserException;
020    import com.liferay.portal.PasswordExpiredException;
021    import com.liferay.portal.UserEmailAddressException;
022    import com.liferay.portal.UserIdException;
023    import com.liferay.portal.UserLockoutException;
024    import com.liferay.portal.UserPasswordException;
025    import com.liferay.portal.UserScreenNameException;
026    import com.liferay.portal.kernel.log.Log;
027    import com.liferay.portal.kernel.log.LogFactoryUtil;
028    import com.liferay.portal.kernel.servlet.SessionErrors;
029    import com.liferay.portal.kernel.util.Http;
030    import com.liferay.portal.kernel.util.ParamUtil;
031    import com.liferay.portal.kernel.util.Validator;
032    import com.liferay.portal.security.auth.AuthException;
033    import com.liferay.portal.struts.PortletAction;
034    import com.liferay.portal.theme.ThemeDisplay;
035    import com.liferay.portal.util.PortalUtil;
036    import com.liferay.portal.util.PropsValues;
037    import com.liferay.portal.util.WebKeys;
038    import com.liferay.portlet.PortletPreferencesFactoryUtil;
039    import com.liferay.portlet.login.util.LoginUtil;
040    
041    import javax.portlet.ActionRequest;
042    import javax.portlet.ActionResponse;
043    import javax.portlet.PortletConfig;
044    import javax.portlet.PortletPreferences;
045    import javax.portlet.RenderRequest;
046    import javax.portlet.RenderResponse;
047    
048    import javax.servlet.http.HttpServletRequest;
049    import javax.servlet.http.HttpServletResponse;
050    import javax.servlet.http.HttpSession;
051    
052    import org.apache.struts.action.ActionForm;
053    import org.apache.struts.action.ActionForward;
054    import org.apache.struts.action.ActionMapping;
055    
056    /**
057     * @author Brian Wing Shun Chan
058     */
059    public class LoginAction extends PortletAction {
060    
061            @Override
062            public void processAction(
063                            ActionMapping actionMapping, ActionForm actionForm,
064                            PortletConfig portletConfig, ActionRequest actionRequest,
065                            ActionResponse actionResponse)
066                    throws Exception {
067    
068                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
069                            WebKeys.THEME_DISPLAY);
070    
071                    if (PropsValues.AUTH_LOGIN_DISABLED) {
072                            actionResponse.sendRedirect(
073                                    themeDisplay.getPathMain() +
074                                            PropsValues.AUTH_LOGIN_DISABLED_PATH);
075    
076                            return;
077                    }
078    
079                    /*if (actionRequest.getRemoteUser() != null) {
080                            actionResponse.sendRedirect(themeDisplay.getPathMain());
081    
082                            return;
083                    }*/
084    
085                    try {
086                            PortletPreferences preferences =
087                                    PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
088    
089                            login(themeDisplay, actionRequest, actionResponse, preferences);
090    
091                            boolean doActionAfterLogin = ParamUtil.getBoolean(
092                                    actionRequest, "doActionAfterLogin");
093    
094                            if (doActionAfterLogin) {
095                                    setForward(actionRequest, "portlet.login.login_redirect");
096                            }
097                    }
098                    catch (Exception e) {
099                            if (e instanceof AuthException) {
100                                    Throwable cause = e.getCause();
101    
102                                    if (cause instanceof PasswordExpiredException ||
103                                            cause instanceof UserLockoutException) {
104    
105                                            SessionErrors.add(actionRequest, cause.getClass());
106                                    }
107                                    else {
108                                            if (_log.isInfoEnabled()) {
109                                                    _log.info("Authentication failed");
110                                            }
111    
112                                            SessionErrors.add(actionRequest, e.getClass());
113                                    }
114                            }
115                            else if (e instanceof CompanyMaxUsersException ||
116                                             e instanceof CookieNotSupportedException ||
117                                             e instanceof NoSuchUserException ||
118                                             e instanceof PasswordExpiredException ||
119                                             e instanceof UserEmailAddressException ||
120                                             e instanceof UserIdException ||
121                                             e instanceof UserLockoutException ||
122                                             e instanceof UserPasswordException ||
123                                             e instanceof UserScreenNameException) {
124    
125                                    SessionErrors.add(actionRequest, e.getClass());
126                            }
127                            else {
128                                    _log.error(e, e);
129    
130                                    PortalUtil.sendError(e, actionRequest, actionResponse);
131                            }
132                    }
133            }
134    
135            @Override
136            public ActionForward render(
137                            ActionMapping actionMapping, ActionForm actionForm,
138                            PortletConfig portletConfig, RenderRequest renderRequest,
139                            RenderResponse renderResponse)
140                    throws Exception {
141    
142                    return actionMapping.findForward(
143                            getForward(renderRequest, "portlet.login.login"));
144            }
145    
146            protected String getCompleteRedirectURL(
147                    HttpServletRequest request, String redirect) {
148    
149                    HttpSession session = request.getSession();
150    
151                    Boolean httpsInitial = (Boolean)session.getAttribute(
152                            WebKeys.HTTPS_INITIAL);
153    
154                    String portalURL = null;
155    
156                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
157                            !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
158                            (httpsInitial != null) && !httpsInitial.booleanValue()) {
159    
160                            portalURL = PortalUtil.getPortalURL(request, false);
161                    }
162                    else {
163                            portalURL = PortalUtil.getPortalURL(request);
164                    }
165    
166                    return portalURL.concat(redirect);
167            }
168    
169            @Override
170            protected boolean isCheckMethodOnProcessAction() {
171                    return _CHECK_METHOD_ON_PROCESS_ACTION;
172            }
173    
174            protected void login(
175                            ThemeDisplay themeDisplay, ActionRequest actionRequest,
176                            ActionResponse actionResponse, PortletPreferences preferences)
177                    throws Exception {
178    
179                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
180                            actionRequest);
181                    HttpServletResponse response = PortalUtil.getHttpServletResponse(
182                            actionResponse);
183    
184                    String login = ParamUtil.getString(actionRequest, "login");
185                    String password = actionRequest.getParameter("password");
186                    boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
187    
188                    String authType = preferences.getValue("authType", null);
189    
190                    if (!themeDisplay.isSignedIn()) {
191                            LoginUtil.login(
192                                    request, response, login, password, rememberMe, authType);
193                    }
194    
195                    if (PropsValues.PORTAL_JAAS_ENABLE) {
196                            actionResponse.sendRedirect(
197                                    themeDisplay.getPathMain() + "/portal/protected");
198                    }
199                    else {
200                            String redirect = ParamUtil.getString(actionRequest, "redirect");
201    
202                            if (Validator.isNotNull(redirect)) {
203                                    redirect = PortalUtil.escapeRedirect(redirect);
204    
205                                    if (!redirect.startsWith(Http.HTTP)) {
206                                            redirect = getCompleteRedirectURL(request, redirect);
207                                    }
208    
209                                    actionResponse.sendRedirect(redirect);
210                            }
211                            else {
212                                    boolean doActionAfterLogin = ParamUtil.getBoolean(
213                                            actionRequest, "doActionAfterLogin");
214    
215                                    if (doActionAfterLogin) {
216                                            return;
217                                    }
218                                    else {
219                                            actionResponse.sendRedirect(themeDisplay.getPathMain());
220                                    }
221                            }
222                    }
223            }
224    
225            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
226    
227            private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
228    
229    }