001
014
015 package com.liferay.portlet.login.action;
016
017 import com.liferay.portal.CompanyMaxUsersException;
018 import com.liferay.portal.CookieNotSupportedException;
019 import com.liferay.portal.NoSuchUserException;
020 import com.liferay.portal.PasswordExpiredException;
021 import com.liferay.portal.UserEmailAddressException;
022 import com.liferay.portal.UserIdException;
023 import com.liferay.portal.UserLockoutException;
024 import com.liferay.portal.UserPasswordException;
025 import com.liferay.portal.UserScreenNameException;
026 import com.liferay.portal.kernel.log.Log;
027 import com.liferay.portal.kernel.log.LogFactoryUtil;
028 import com.liferay.portal.kernel.servlet.SessionErrors;
029 import com.liferay.portal.kernel.util.Http;
030 import com.liferay.portal.kernel.util.HttpUtil;
031 import com.liferay.portal.kernel.util.ParamUtil;
032 import com.liferay.portal.kernel.util.Validator;
033 import com.liferay.portal.model.Layout;
034 import com.liferay.portal.security.auth.AuthException;
035 import com.liferay.portal.struts.PortletAction;
036 import com.liferay.portal.theme.ThemeDisplay;
037 import com.liferay.portal.util.PortalUtil;
038 import com.liferay.portal.util.PortletKeys;
039 import com.liferay.portal.util.PropsValues;
040 import com.liferay.portal.util.WebKeys;
041 import com.liferay.portlet.PortletPreferencesFactoryUtil;
042 import com.liferay.portlet.PortletURLImpl;
043 import com.liferay.portlet.login.util.LoginUtil;
044
045 import javax.portlet.ActionRequest;
046 import javax.portlet.ActionResponse;
047 import javax.portlet.PortletConfig;
048 import javax.portlet.PortletPreferences;
049 import javax.portlet.PortletRequest;
050 import javax.portlet.PortletURL;
051 import javax.portlet.RenderRequest;
052 import javax.portlet.RenderResponse;
053 import javax.portlet.WindowState;
054
055 import javax.servlet.http.HttpServletRequest;
056 import javax.servlet.http.HttpServletResponse;
057 import javax.servlet.http.HttpSession;
058
059 import org.apache.struts.action.ActionForm;
060 import org.apache.struts.action.ActionForward;
061 import org.apache.struts.action.ActionMapping;
062
063
066 public class LoginAction extends PortletAction {
067
068 @Override
069 public void processAction(
070 ActionMapping actionMapping, ActionForm actionForm,
071 PortletConfig portletConfig, ActionRequest actionRequest,
072 ActionResponse actionResponse)
073 throws Exception {
074
075 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
076 WebKeys.THEME_DISPLAY);
077
078 if (PropsValues.AUTH_LOGIN_DISABLED) {
079 actionResponse.sendRedirect(
080 themeDisplay.getPathMain() +
081 PropsValues.AUTH_LOGIN_DISABLED_PATH);
082
083 return;
084 }
085
086
091
092 try {
093 login(themeDisplay, actionRequest, actionResponse);
094
095 boolean doActionAfterLogin = ParamUtil.getBoolean(
096 actionRequest, "doActionAfterLogin");
097
098 if (doActionAfterLogin) {
099 setForward(actionRequest, "portlet.login.login_redirect");
100 }
101 }
102 catch (Exception e) {
103 if (e instanceof AuthException) {
104 Throwable cause = e.getCause();
105
106 if (cause instanceof PasswordExpiredException ||
107 cause instanceof UserLockoutException) {
108
109 SessionErrors.add(actionRequest, cause.getClass());
110 }
111 else {
112 if (_log.isInfoEnabled()) {
113 _log.info("Authentication failed");
114 }
115
116 SessionErrors.add(actionRequest, e.getClass());
117 }
118 }
119 else if (e instanceof CompanyMaxUsersException ||
120 e instanceof CookieNotSupportedException ||
121 e instanceof NoSuchUserException ||
122 e instanceof PasswordExpiredException ||
123 e instanceof UserEmailAddressException ||
124 e instanceof UserIdException ||
125 e instanceof UserLockoutException ||
126 e instanceof UserPasswordException ||
127 e instanceof UserScreenNameException) {
128
129 SessionErrors.add(actionRequest, e.getClass());
130 }
131 else {
132 _log.error(e, e);
133
134 PortalUtil.sendError(e, actionRequest, actionResponse);
135
136 return;
137 }
138
139 postProcessAuthFailure(actionRequest, actionResponse);
140 }
141 }
142
143 @Override
144 public ActionForward render(
145 ActionMapping actionMapping, ActionForm actionForm,
146 PortletConfig portletConfig, RenderRequest renderRequest,
147 RenderResponse renderResponse)
148 throws Exception {
149
150 return actionMapping.findForward(
151 getForward(renderRequest, "portlet.login.login"));
152 }
153
154 protected String getCompleteRedirectURL(
155 HttpServletRequest request, String redirect) {
156
157 HttpSession session = request.getSession();
158
159 Boolean httpsInitial = (Boolean)session.getAttribute(
160 WebKeys.HTTPS_INITIAL);
161
162 String portalURL = null;
163
164 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
165 !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
166 (httpsInitial != null) && !httpsInitial.booleanValue()) {
167
168 portalURL = PortalUtil.getPortalURL(request, false);
169 }
170 else {
171 portalURL = PortalUtil.getPortalURL(request);
172 }
173
174 return portalURL.concat(redirect);
175 }
176
177 @Override
178 protected boolean isCheckMethodOnProcessAction() {
179 return _CHECK_METHOD_ON_PROCESS_ACTION;
180 }
181
182 protected void login(
183 ThemeDisplay themeDisplay, ActionRequest actionRequest,
184 ActionResponse actionResponse)
185 throws Exception {
186
187 HttpServletRequest request = PortalUtil.getHttpServletRequest(
188 actionRequest);
189 HttpServletResponse response = PortalUtil.getHttpServletResponse(
190 actionResponse);
191
192 String login = ParamUtil.getString(actionRequest, "login");
193 String password = actionRequest.getParameter("password");
194 boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
195
196 if (!themeDisplay.isSignedIn()) {
197 String portletId = PortalUtil.getPortletId(actionRequest);
198
199 PortletPreferences portletPreferences =
200 PortletPreferencesFactoryUtil.getStrictPortletSetup(
201 themeDisplay.getLayout(), portletId);
202
203 String authType = portletPreferences.getValue("authType", null);
204
205 LoginUtil.login(
206 request, response, login, password, rememberMe, authType);
207 }
208
209 String redirect = ParamUtil.getString(actionRequest, "redirect");
210
211 if (Validator.isNotNull(redirect)) {
212 redirect = PortalUtil.escapeRedirect(redirect);
213
214 if (Validator.isNotNull(redirect) &&
215 !redirect.startsWith(Http.HTTP)) {
216
217 redirect = getCompleteRedirectURL(request, redirect);
218 }
219 }
220
221 String mainPath = themeDisplay.getPathMain();
222
223 if (PropsValues.PORTAL_JAAS_ENABLE) {
224 if (Validator.isNotNull(redirect)) {
225 redirect = mainPath.concat(
226 "/portal/protected?redirect=").concat(
227 HttpUtil.encodeURL(redirect));
228 }
229 else {
230 redirect = mainPath.concat("/portal/protected");
231 }
232
233 actionResponse.sendRedirect(redirect);
234 }
235 else {
236 if (Validator.isNotNull(redirect)) {
237 actionResponse.sendRedirect(redirect);
238 }
239 else {
240 boolean doActionAfterLogin = ParamUtil.getBoolean(
241 actionRequest, "doActionAfterLogin");
242
243 if (doActionAfterLogin) {
244 return;
245 }
246 else {
247 actionResponse.sendRedirect(mainPath);
248 }
249 }
250 }
251 }
252
253 protected void postProcessAuthFailure(
254 ActionRequest actionRequest, ActionResponse actionResponse)
255 throws Exception {
256
257 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
258
259 PortletURL portletURL = new PortletURLImpl(
260 actionRequest, PortletKeys.LOGIN, layout.getPlid(),
261 PortletRequest.RENDER_PHASE);
262
263 portletURL.setParameter("saveLastPath", Boolean.FALSE.toString());
264
265 String redirect = ParamUtil.getString(actionRequest, "redirect");
266
267 if (Validator.isNotNull(redirect)) {
268 portletURL.setParameter("redirect", redirect);
269 }
270
271 String login = ParamUtil.getString(actionRequest, "login");
272
273 if (Validator.isNotNull(login)) {
274 portletURL.setParameter("login", login);
275 }
276
277 portletURL.setWindowState(WindowState.MAXIMIZED);
278
279 actionResponse.sendRedirect(portletURL.toString());
280 }
281
282 private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
283
284 private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
285
286 }