001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.NoSuchUserException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.util.ParamUtil;
022    import com.liferay.portal.kernel.util.PropsKeys;
023    import com.liferay.portal.kernel.util.StringPool;
024    import com.liferay.portal.kernel.util.Validator;
025    import com.liferay.portal.model.CompanyConstants;
026    import com.liferay.portal.model.User;
027    import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
028    import com.liferay.portal.service.UserLocalServiceUtil;
029    import com.liferay.portal.util.PortalUtil;
030    import com.liferay.portal.util.PrefsPropsUtil;
031    import com.liferay.portal.util.PropsValues;
032    import com.liferay.portal.util.WebKeys;
033    
034    import javax.servlet.http.HttpServletRequest;
035    import javax.servlet.http.HttpServletResponse;
036    import javax.servlet.http.HttpSession;
037    
038    /**
039     * @author Brian Wing Shun Chan
040     * @author Jorge Ferrer
041     * @author Wesley Gong
042     * @author Daeyoung Song
043     */
044    public class CASAutoLogin extends BaseAutoLogin {
045    
046            /**
047             * @deprecated As of 6.2.0, replaced by {@link
048             *             PortalLDAPImporterUtil#importLDAPUser(long, String, String)}
049             */
050            protected User addUser(long companyId, String screenName) throws Exception {
051                    return PortalLDAPImporterUtil.importLDAPUser(
052                            companyId, StringPool.BLANK, screenName);
053            }
054    
055            @Override
056            protected String[] doHandleException(
057                    HttpServletRequest request, HttpServletResponse response, Exception e) {
058    
059                    HttpSession session = request.getSession();
060    
061                    if (e instanceof NoSuchUserException) {
062                            session.removeAttribute(WebKeys.CAS_LOGIN);
063    
064                            session.setAttribute(
065                                    WebKeys.CAS_NO_SUCH_USER_EXCEPTION, Boolean.TRUE);
066                    }
067    
068                    _log.error(e, e);
069    
070                    return null;
071            }
072    
073            @Override
074            protected String[] doLogin(
075                            HttpServletRequest request, HttpServletResponse response)
076                    throws Exception {
077    
078                    HttpSession session = request.getSession();
079    
080                    long companyId = PortalUtil.getCompanyId(request);
081    
082                    if (!PrefsPropsUtil.getBoolean(
083                                    companyId, PropsKeys.CAS_AUTH_ENABLED,
084                                    PropsValues.CAS_AUTH_ENABLED)) {
085    
086                            return null;
087                    }
088    
089                    String login = (String)session.getAttribute(WebKeys.CAS_LOGIN);
090    
091                    if (Validator.isNull(login)) {
092                            Object noSuchUserException = session.getAttribute(
093                                    WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
094    
095                            if (noSuchUserException == null) {
096                                    return null;
097                            }
098    
099                            session.removeAttribute(WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
100    
101                            session.setAttribute(WebKeys.CAS_FORCE_LOGOUT, Boolean.TRUE);
102    
103                            String redirect = PrefsPropsUtil.getString(
104                                    companyId, PropsKeys.CAS_NO_SUCH_USER_REDIRECT_URL,
105                                    PropsValues.CAS_NO_SUCH_USER_REDIRECT_URL);
106    
107                            request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
108    
109                            return null;
110                    }
111    
112                    String authType = PrefsPropsUtil.getString(
113                            companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE,
114                            PropsValues.COMPANY_SECURITY_AUTH_TYPE);
115    
116                    User user = null;
117    
118                    if (PrefsPropsUtil.getBoolean(
119                                    companyId, PropsKeys.CAS_IMPORT_FROM_LDAP,
120                                    PropsValues.CAS_IMPORT_FROM_LDAP)) {
121    
122                            try {
123                                    if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
124                                            user = PortalLDAPImporterUtil.importLDAPUser(
125                                                    companyId, StringPool.BLANK, login);
126                                    }
127                                    else {
128                                            user = PortalLDAPImporterUtil.importLDAPUser(
129                                                    companyId, login, StringPool.BLANK);
130                                    }
131                            }
132                            catch (SystemException se) {
133                            }
134                    }
135    
136                    if (user == null) {
137                            if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
138                                    user = UserLocalServiceUtil.getUserByScreenName(
139                                            companyId, login);
140                            }
141                            else {
142                                    user = UserLocalServiceUtil.getUserByEmailAddress(
143                                            companyId, login);
144                            }
145                    }
146    
147                    String redirect = ParamUtil.getString(request, "redirect");
148    
149                    if (Validator.isNotNull(redirect)) {
150                            request.setAttribute(
151                                    AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE,
152                                    PortalUtil.escapeRedirect(redirect));
153                    }
154    
155                    String[] credentials = new String[3];
156    
157                    credentials[0] = String.valueOf(user.getUserId());
158                    credentials[1] = user.getPassword();
159                    credentials[2] = Boolean.TRUE.toString();
160    
161                    return credentials;
162            }
163    
164            private static Log _log = LogFactoryUtil.getLog(CASAutoLogin.class);
165    
166    }