1
14
15 package com.liferay.portal.security.auth;
16
17 import com.liferay.portal.SystemException;
18 import com.liferay.portal.kernel.log.Log;
19 import com.liferay.portal.kernel.log.LogFactoryUtil;
20 import com.liferay.portal.kernel.util.ParamUtil;
21 import com.liferay.portal.kernel.util.PropsKeys;
22 import com.liferay.portal.kernel.util.StringPool;
23 import com.liferay.portal.kernel.util.StringUtil;
24 import com.liferay.portal.kernel.util.Validator;
25 import com.liferay.portal.model.CompanyConstants;
26 import com.liferay.portal.model.User;
27 import com.liferay.portal.security.ldap.PortalLDAPUtil;
28 import com.liferay.portal.service.UserLocalServiceUtil;
29 import com.liferay.portal.servlet.filters.sso.cas.CASFilter;
30 import com.liferay.portal.util.PortalUtil;
31 import com.liferay.portal.util.PrefsPropsUtil;
32 import com.liferay.portal.util.PropsValues;
33
34 import javax.naming.Binding;
35 import javax.naming.NamingEnumeration;
36 import javax.naming.directory.Attributes;
37 import javax.naming.directory.SearchControls;
38 import javax.naming.directory.SearchResult;
39 import javax.naming.ldap.LdapContext;
40
41 import javax.servlet.http.HttpServletRequest;
42 import javax.servlet.http.HttpServletResponse;
43 import javax.servlet.http.HttpSession;
44
45
53 public class CASAutoLogin implements AutoLogin {
54
55 public String[] login(
56 HttpServletRequest request, HttpServletResponse response)
57 throws AutoLoginException {
58
59 String[] credentials = null;
60
61 try {
62 long companyId = PortalUtil.getCompanyId(request);
63
64 if (!PrefsPropsUtil.getBoolean(
65 companyId, PropsKeys.CAS_AUTH_ENABLED,
66 PropsValues.CAS_AUTH_ENABLED)) {
67
68 return credentials;
69 }
70
71 HttpSession session = request.getSession();
72
73 String login = (String)session.getAttribute(CASFilter.LOGIN);
74
75 if (Validator.isNull(login)) {
76 return credentials;
77 }
78
79 String authType = PrefsPropsUtil.getString(
80 companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE,
81 PropsValues.COMPANY_SECURITY_AUTH_TYPE);
82
83 User user = null;
84
85 if (PrefsPropsUtil.getBoolean(
86 companyId, PropsKeys.CAS_IMPORT_FROM_LDAP,
87 PropsValues.CAS_IMPORT_FROM_LDAP)) {
88
89 try {
90 if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
91 user = importLDAPUser(
92 companyId, StringPool.BLANK, login);
93 }
94 else {
95 user = importLDAPUser(
96 companyId, login, StringPool.BLANK);
97 }
98 }
99 catch (SystemException se) {
100 }
101 }
102
103 if (user == null) {
104 if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
105 user = UserLocalServiceUtil.getUserByScreenName(
106 companyId, login);
107 }
108 else {
109 user = UserLocalServiceUtil.getUserByEmailAddress(
110 companyId, login);
111 }
112 }
113
114 String redirect = ParamUtil.getString(request, "redirect");
115
116 if (Validator.isNotNull(redirect)) {
117 request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
118 }
119
120 credentials = new String[3];
121
122 credentials[0] = String.valueOf(user.getUserId());
123 credentials[1] = user.getPassword();
124 credentials[2] = Boolean.TRUE.toString();
125
126 return credentials;
127 }
128 catch (Exception e) {
129 _log.error(e, e);
130 }
131
132 return credentials;
133 }
134
135
138 protected User addUser(long companyId, String screenName) throws Exception {
139 return importLDAPUser(companyId, StringPool.BLANK, screenName);
140 }
141
142 protected User importLDAPUser(
143 long companyId, String emailAddress, String screenName)
144 throws Exception {
145
146 LdapContext ctx = null;
147
148 try {
149 String baseDN = PrefsPropsUtil.getString(
150 companyId, PropsKeys.LDAP_BASE_DN);
151
152 ctx = PortalLDAPUtil.getContext(companyId);
153
154 if (ctx == null) {
155 throw new SystemException("Failed to bind to the LDAP server");
156 }
157
158 String filter = PrefsPropsUtil.getString(
159 companyId, PropsKeys.LDAP_AUTH_SEARCH_FILTER);
160
161 if (_log.isDebugEnabled()) {
162 _log.debug("Search filter before transformation " + filter);
163 }
164
165 filter = StringUtil.replace(
166 filter,
167 new String[] {
168 "@company_id@", "@email_address@", "@screen_name@"
169 },
170 new String[] {
171 String.valueOf(companyId), emailAddress, screenName
172 });
173
174 if (_log.isDebugEnabled()) {
175 _log.debug("Search filter after transformation " + filter);
176 }
177
178 SearchControls cons = new SearchControls(
179 SearchControls.SUBTREE_SCOPE, 1, 0, null, false, false);
180
181 NamingEnumeration<SearchResult> enu = ctx.search(
182 baseDN, filter, cons);
183
184 if (enu.hasMoreElements()) {
185 if (_log.isDebugEnabled()) {
186 _log.debug("Search filter returned at least one result");
187 }
188
189 Binding binding = enu.nextElement();
190
191 Attributes attrs = PortalLDAPUtil.getUserAttributes(
192 companyId, ctx,
193 PortalLDAPUtil.getNameInNamespace(companyId, binding));
194
195 return PortalLDAPUtil.importLDAPUser(
196 companyId, ctx, attrs, StringPool.BLANK, true);
197 }
198 else {
199 if (_log.isDebugEnabled()) {
200 if (Validator.isNotNull(emailAddress)) {
201 _log.debug(
202 "User with the email address " + emailAddress +
203 " was not found in the LDAP server");
204 }
205 else {
206 _log.debug(
207 "User with the screen name " + screenName +
208 " was not found in the LDAP server");
209 }
210 }
211
212 return null;
213 }
214 }
215 catch (Exception e) {
216 if (_log.isWarnEnabled()) {
217 _log.warn("Problem accessing LDAP server " + e.getMessage());
218 }
219
220 if (_log.isDebugEnabled()) {
221 _log.debug(e, e);
222 }
223
224 throw new SystemException(
225 "Problem accessing LDAP server " + e.getMessage());
226 }
227 finally {
228 if (ctx != null) {
229 ctx.close();
230 }
231 }
232 }
233
234 private static Log _log = LogFactoryUtil.getLog(CASAutoLogin.class);
235
236 }