001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.action;
016    
017    import com.liferay.portal.kernel.portlet.WindowStateFactory;
018    import com.liferay.portal.kernel.util.CharPool;
019    import com.liferay.portal.kernel.util.HttpUtil;
020    import com.liferay.portal.kernel.util.ParamUtil;
021    import com.liferay.portal.kernel.util.PropsKeys;
022    import com.liferay.portal.kernel.util.StringBundler;
023    import com.liferay.portal.kernel.util.StringPool;
024    import com.liferay.portal.kernel.util.StringUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.theme.ThemeDisplay;
027    import com.liferay.portal.util.PortalUtil;
028    import com.liferay.portal.util.PortletKeys;
029    import com.liferay.portal.util.PrefsPropsUtil;
030    import com.liferay.portal.util.PropsValues;
031    import com.liferay.portal.util.WebKeys;
032    import com.liferay.portlet.PortletURLFactoryUtil;
033    import com.liferay.portlet.login.util.LoginUtil;
034    
035    import javax.portlet.PortletMode;
036    import javax.portlet.PortletRequest;
037    import javax.portlet.PortletURL;
038    import javax.portlet.WindowState;
039    
040    import javax.servlet.http.HttpServletRequest;
041    import javax.servlet.http.HttpServletResponse;
042    import javax.servlet.http.HttpSession;
043    
044    import org.apache.struts.action.Action;
045    import org.apache.struts.action.ActionForm;
046    import org.apache.struts.action.ActionForward;
047    import org.apache.struts.action.ActionMapping;
048    
049    /**
050     * @author Brian Wing Shun Chan
051     * @author Scott Lee
052     */
053    public class LoginAction extends Action {
054    
055            @Override
056            public ActionForward execute(
057                            ActionMapping actionMapping, ActionForm actionForm,
058                            HttpServletRequest request, HttpServletResponse response)
059                    throws Exception {
060    
061                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
062                            WebKeys.THEME_DISPLAY);
063    
064                    if (PropsValues.AUTH_LOGIN_DISABLED) {
065                            response.sendRedirect(
066                                    themeDisplay.getPathMain() +
067                                            PropsValues.AUTH_LOGIN_DISABLED_PATH);
068    
069                            return null;
070                    }
071    
072                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
073                            !request.isSecure()) {
074    
075                            StringBundler sb = new StringBundler(4);
076    
077                            sb.append(PortalUtil.getPortalURL(request, true));
078                            sb.append(request.getRequestURI());
079                            sb.append(StringPool.QUESTION);
080                            sb.append(request.getQueryString());
081    
082                            response.sendRedirect(sb.toString());
083    
084                            return null;
085                    }
086    
087                    String login = ParamUtil.getString(request, "login");
088                    String password = request.getParameter("password");
089                    boolean rememberMe = ParamUtil.getBoolean(request, "rememberMe");
090                    String authType = ParamUtil.getString(request, "authType");
091    
092                    if (Validator.isNotNull(login) && Validator.isNotNull(password)) {
093                            LoginUtil.login(
094                                    request, response, login, password, rememberMe, authType);
095                    }
096    
097                    HttpSession session = request.getSession();
098    
099                    if ((session.getAttribute("j_username") != null) &&
100                            (session.getAttribute("j_password") != null)) {
101    
102                            if (PropsValues.PORTAL_JAAS_ENABLE) {
103                                    return actionMapping.findForward("/portal/touch_protected.jsp");
104                            }
105    
106                            String redirect = ParamUtil.getString(request, "redirect");
107    
108                            redirect = PortalUtil.escapeRedirect(redirect);
109    
110                            if (Validator.isNull(redirect)) {
111                                    redirect = themeDisplay.getPathMain();
112                            }
113    
114                            if (redirect.charAt(0) == CharPool.SLASH) {
115                                    String portalURL = PortalUtil.getPortalURL(
116                                            request, request.isSecure());
117    
118                                    if (Validator.isNotNull(portalURL)) {
119                                            redirect = portalURL.concat(redirect);
120                                    }
121                            }
122    
123                            response.sendRedirect(redirect);
124    
125                            return null;
126                    }
127    
128                    String redirect = PortalUtil.getSiteLoginURL(themeDisplay);
129    
130                    if (Validator.isNull(redirect)) {
131                            redirect = PropsValues.AUTH_LOGIN_URL;
132                    }
133    
134                    if (Validator.isNull(redirect)) {
135                            PortletURL portletURL = PortletURLFactoryUtil.create(
136                                    request, PortletKeys.LOGIN, themeDisplay.getPlid(),
137                                    PortletRequest.RENDER_PHASE);
138    
139                            portletURL.setParameter("saveLastPath", Boolean.FALSE.toString());
140                            portletURL.setParameter("struts_action", "/login/login");
141                            portletURL.setPortletMode(PortletMode.VIEW);
142                            portletURL.setWindowState(getWindowState(request));
143    
144                            redirect = portletURL.toString();
145                    }
146    
147                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) {
148                            String portalURL = PortalUtil.getPortalURL(request);
149                            String portalURLSecure = PortalUtil.getPortalURL(request, true);
150    
151                            if (!portalURL.equals(portalURLSecure)) {
152                                    redirect = StringUtil.replaceFirst(
153                                            redirect, portalURL, portalURLSecure);
154                            }
155                    }
156    
157                    String loginRedirect = ParamUtil.getString(request, "redirect");
158    
159                    loginRedirect = PortalUtil.escapeRedirect(loginRedirect);
160    
161                    if (Validator.isNotNull(loginRedirect)) {
162                            if (PrefsPropsUtil.getBoolean(
163                                            themeDisplay.getCompanyId(), PropsKeys.CAS_AUTH_ENABLED,
164                                            PropsValues.CAS_AUTH_ENABLED)) {
165    
166                                    redirect = loginRedirect;
167                            }
168                            else {
169                                    String loginPortletNamespace = PortalUtil.getPortletNamespace(
170                                            PropsValues.AUTH_LOGIN_PORTLET_NAME);
171    
172                                    String loginRedirectParameter =
173                                            loginPortletNamespace + "redirect";
174    
175                                    redirect = HttpUtil.setParameter(
176                                            redirect, "p_p_id", PropsValues.AUTH_LOGIN_PORTLET_NAME);
177                                    redirect = HttpUtil.setParameter(
178                                            redirect, "p_p_lifecycle", "0");
179                                    redirect = HttpUtil.setParameter(
180                                            redirect, loginRedirectParameter, loginRedirect);
181                            }
182                    }
183    
184                    response.sendRedirect(redirect);
185    
186                    return null;
187            }
188    
189            protected WindowState getWindowState(HttpServletRequest request) {
190                    WindowState windowState = WindowState.MAXIMIZED;
191    
192                    String windowStateString = ParamUtil.getString(request, "windowState");
193    
194                    if (Validator.isNotNull(windowStateString)) {
195                            windowState = WindowStateFactory.getWindowState(windowStateString);
196                    }
197    
198                    return windowState;
199            }
200    
201    }