001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.CompanyMaxUsersException;
018    import com.liferay.portal.CookieNotSupportedException;
019    import com.liferay.portal.NoSuchUserException;
020    import com.liferay.portal.PasswordExpiredException;
021    import com.liferay.portal.UserEmailAddressException;
022    import com.liferay.portal.UserIdException;
023    import com.liferay.portal.UserLockoutException;
024    import com.liferay.portal.UserPasswordException;
025    import com.liferay.portal.UserScreenNameException;
026    import com.liferay.portal.kernel.log.Log;
027    import com.liferay.portal.kernel.log.LogFactoryUtil;
028    import com.liferay.portal.kernel.servlet.SessionErrors;
029    import com.liferay.portal.kernel.util.Http;
030    import com.liferay.portal.kernel.util.HttpUtil;
031    import com.liferay.portal.kernel.util.ParamUtil;
032    import com.liferay.portal.kernel.util.Validator;
033    import com.liferay.portal.model.Layout;
034    import com.liferay.portal.security.auth.AuthException;
035    import com.liferay.portal.struts.PortletAction;
036    import com.liferay.portal.theme.ThemeDisplay;
037    import com.liferay.portal.util.PortalUtil;
038    import com.liferay.portal.util.PortletKeys;
039    import com.liferay.portal.util.PropsValues;
040    import com.liferay.portal.util.WebKeys;
041    import com.liferay.portlet.PortletPreferencesFactoryUtil;
042    import com.liferay.portlet.PortletURLImpl;
043    import com.liferay.portlet.login.util.LoginUtil;
044    
045    import javax.portlet.ActionRequest;
046    import javax.portlet.ActionResponse;
047    import javax.portlet.PortletConfig;
048    import javax.portlet.PortletPreferences;
049    import javax.portlet.PortletRequest;
050    import javax.portlet.PortletURL;
051    import javax.portlet.RenderRequest;
052    import javax.portlet.RenderResponse;
053    import javax.portlet.WindowState;
054    
055    import javax.servlet.http.HttpServletRequest;
056    import javax.servlet.http.HttpServletResponse;
057    import javax.servlet.http.HttpSession;
058    
059    import org.apache.struts.action.ActionForm;
060    import org.apache.struts.action.ActionForward;
061    import org.apache.struts.action.ActionMapping;
062    
063    /**
064     * @author Brian Wing Shun Chan
065     */
066    public class LoginAction extends PortletAction {
067    
068            @Override
069            public void processAction(
070                            ActionMapping actionMapping, ActionForm actionForm,
071                            PortletConfig portletConfig, ActionRequest actionRequest,
072                            ActionResponse actionResponse)
073                    throws Exception {
074    
075                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
076                            WebKeys.THEME_DISPLAY);
077    
078                    if (PropsValues.AUTH_LOGIN_DISABLED) {
079                            actionResponse.sendRedirect(
080                                    themeDisplay.getPathMain() +
081                                            PropsValues.AUTH_LOGIN_DISABLED_PATH);
082    
083                            return;
084                    }
085    
086                    /*if (actionRequest.getRemoteUser() != null) {
087                            actionResponse.sendRedirect(themeDisplay.getPathMain());
088    
089                            return;
090                    }*/
091    
092                    try {
093                            login(themeDisplay, actionRequest, actionResponse);
094    
095                            boolean doActionAfterLogin = ParamUtil.getBoolean(
096                                    actionRequest, "doActionAfterLogin");
097    
098                            if (doActionAfterLogin) {
099                                    setForward(actionRequest, "portlet.login.login_redirect");
100                            }
101                    }
102                    catch (Exception e) {
103                            if (e instanceof AuthException) {
104                                    Throwable cause = e.getCause();
105    
106                                    if (cause instanceof PasswordExpiredException ||
107                                            cause instanceof UserLockoutException) {
108    
109                                            SessionErrors.add(actionRequest, cause.getClass());
110                                    }
111                                    else {
112                                            if (_log.isInfoEnabled()) {
113                                                    _log.info("Authentication failed");
114                                            }
115    
116                                            SessionErrors.add(actionRequest, e.getClass());
117                                    }
118                            }
119                            else if (e instanceof CompanyMaxUsersException ||
120                                             e instanceof CookieNotSupportedException ||
121                                             e instanceof NoSuchUserException ||
122                                             e instanceof PasswordExpiredException ||
123                                             e instanceof UserEmailAddressException ||
124                                             e instanceof UserIdException ||
125                                             e instanceof UserLockoutException ||
126                                             e instanceof UserPasswordException ||
127                                             e instanceof UserScreenNameException) {
128    
129                                    SessionErrors.add(actionRequest, e.getClass());
130                            }
131                            else {
132                                    _log.error(e, e);
133    
134                                    PortalUtil.sendError(e, actionRequest, actionResponse);
135    
136                                    return;
137                            }
138    
139                            postProcessAuthFailure(actionRequest, actionResponse);
140                    }
141            }
142    
143            @Override
144            public ActionForward render(
145                            ActionMapping actionMapping, ActionForm actionForm,
146                            PortletConfig portletConfig, RenderRequest renderRequest,
147                            RenderResponse renderResponse)
148                    throws Exception {
149    
150                    return actionMapping.findForward(
151                            getForward(renderRequest, "portlet.login.login"));
152            }
153    
154            protected String getCompleteRedirectURL(
155                    HttpServletRequest request, String redirect) {
156    
157                    HttpSession session = request.getSession();
158    
159                    Boolean httpsInitial = (Boolean)session.getAttribute(
160                            WebKeys.HTTPS_INITIAL);
161    
162                    String portalURL = null;
163    
164                    if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
165                            !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
166                            (httpsInitial != null) && !httpsInitial.booleanValue()) {
167    
168                            portalURL = PortalUtil.getPortalURL(request, false);
169                    }
170                    else {
171                            portalURL = PortalUtil.getPortalURL(request);
172                    }
173    
174                    return portalURL.concat(redirect);
175            }
176    
177            @Override
178            protected boolean isCheckMethodOnProcessAction() {
179                    return _CHECK_METHOD_ON_PROCESS_ACTION;
180            }
181    
182            protected void login(
183                            ThemeDisplay themeDisplay, ActionRequest actionRequest,
184                            ActionResponse actionResponse)
185                    throws Exception {
186    
187                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
188                            actionRequest);
189                    HttpServletResponse response = PortalUtil.getHttpServletResponse(
190                            actionResponse);
191    
192                    String login = ParamUtil.getString(actionRequest, "login");
193                    String password = actionRequest.getParameter("password");
194                    boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
195    
196                    if (!themeDisplay.isSignedIn()) {
197                            String portletId = PortalUtil.getPortletId(actionRequest);
198    
199                            PortletPreferences portletPreferences =
200                                    PortletPreferencesFactoryUtil.getStrictPortletSetup(
201                                            themeDisplay.getLayout(), portletId);
202    
203                            String authType = portletPreferences.getValue("authType", null);
204    
205                            LoginUtil.login(
206                                    request, response, login, password, rememberMe, authType);
207                    }
208    
209                    String redirect = ParamUtil.getString(actionRequest, "redirect");
210    
211                    if (Validator.isNotNull(redirect)) {
212                            redirect = PortalUtil.escapeRedirect(redirect);
213    
214                            if (Validator.isNotNull(redirect) &&
215                                    !redirect.startsWith(Http.HTTP)) {
216    
217                                    redirect = getCompleteRedirectURL(request, redirect);
218                            }
219                    }
220    
221                    String mainPath = themeDisplay.getPathMain();
222    
223                    if (PropsValues.PORTAL_JAAS_ENABLE) {
224                            if (Validator.isNotNull(redirect)) {
225                                    redirect = mainPath.concat(
226                                            "/portal/protected?redirect=").concat(
227                                                    HttpUtil.encodeURL(redirect));
228                            }
229                            else {
230                                    redirect = mainPath.concat("/portal/protected");
231                            }
232    
233                            actionResponse.sendRedirect(redirect);
234                    }
235                    else {
236                            if (Validator.isNotNull(redirect)) {
237                                    actionResponse.sendRedirect(redirect);
238                            }
239                            else {
240                                    boolean doActionAfterLogin = ParamUtil.getBoolean(
241                                            actionRequest, "doActionAfterLogin");
242    
243                                    if (doActionAfterLogin) {
244                                            return;
245                                    }
246                                    else {
247                                            actionResponse.sendRedirect(mainPath);
248                                    }
249                            }
250                    }
251            }
252    
253            protected void postProcessAuthFailure(
254                            ActionRequest actionRequest, ActionResponse actionResponse)
255                    throws Exception {
256    
257                    Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
258    
259                    PortletURL portletURL = new PortletURLImpl(
260                            actionRequest, PortletKeys.LOGIN, layout.getPlid(),
261                            PortletRequest.RENDER_PHASE);
262    
263                    portletURL.setParameter("saveLastPath", Boolean.FALSE.toString());
264    
265                    String redirect = ParamUtil.getString(actionRequest, "redirect");
266    
267                    if (Validator.isNotNull(redirect)) {
268                            portletURL.setParameter("redirect", redirect);
269                    }
270    
271                    String login = ParamUtil.getString(actionRequest, "login");
272    
273                    if (Validator.isNotNull(login)) {
274                            portletURL.setParameter("login", login);
275                    }
276    
277                    portletURL.setWindowState(WindowState.MAXIMIZED);
278    
279                    actionResponse.sendRedirect(portletURL.toString());
280            }
281    
282            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
283    
284            private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
285    
286    }