1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   * 
13   */
14  
15  package com.liferay.portal.security.auth;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.util.ParamUtil;
20  import com.liferay.portal.kernel.util.StringPool;
21  import com.liferay.portal.kernel.util.Validator;
22  import com.liferay.portal.model.User;
23  import com.liferay.portal.security.ldap.PortalLDAPUtil;
24  import com.liferay.portal.util.PortalUtil;
25  import com.liferay.portal.util.WebKeys;
26  
27  import javax.naming.directory.SearchResult;
28  import javax.naming.ldap.LdapContext;
29  
30  import javax.servlet.http.HttpServletRequest;
31  import javax.servlet.http.HttpServletResponse;
32  
33  /**
34   * <a href="NtlmAutoLogin.java.html"><b><i>View Source</i></b></a>
35   *
36   * @author Bruno Farache
37   */
38  public class NtlmAutoLogin implements AutoLogin {
39  
40      public String[] login(
41          HttpServletRequest request, HttpServletResponse response) {
42  
43          String[] credentials = null;
44  
45          try {
46              long companyId = PortalUtil.getCompanyId(request);
47  
48              if (!PortalLDAPUtil.isNtlmEnabled(companyId)) {
49                  return credentials;
50              }
51  
52              String screenName = (String)request.getAttribute(
53                  WebKeys.NTLM_REMOTE_USER);
54  
55              if (screenName == null) {
56                  return credentials;
57              }
58  
59              request.removeAttribute(WebKeys.NTLM_REMOTE_USER);
60  
61              User user = getUser(companyId, screenName);
62  
63              if (user != null) {
64                  String redirect = ParamUtil.getString(request, "redirect");
65  
66                  if (Validator.isNotNull(redirect)) {
67                      request.setAttribute(
68                          AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE, redirect);
69                  }
70  
71                  credentials = new String[3];
72  
73                  credentials[0] = String.valueOf(user.getUserId());
74                  credentials[1] = user.getPassword();
75                  credentials[2] = Boolean.TRUE.toString();
76              }
77          }
78          catch (Exception e) {
79              _log.error(e, e);
80          }
81  
82          return credentials;
83      }
84  
85      protected User getUser(long companyId, String screenName) throws Exception {
86          SearchResult result = (SearchResult)PortalLDAPUtil.getUser(
87              companyId, screenName);
88  
89          if (result == null) {
90              if (_log.isWarnEnabled()) {
91                  _log.warn(
92                      "No user was found in LDAP with screenName " + screenName);
93              }
94  
95              return null;
96          }
97  
98          LdapContext ctx = PortalLDAPUtil.getContext(companyId);
99  
100         User user = PortalLDAPUtil.importLDAPUser(
101             companyId, ctx, result.getAttributes(), StringPool.BLANK, false);
102 
103         ctx.close();
104 
105         return user;
106     }
107 
108     private static Log _log = LogFactoryUtil.getLog(NtlmAutoLogin.class);
109 
110 }