1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   * 
13   */
14  
15  package com.liferay.portal.security.auth;
16  
17  import com.liferay.portal.SystemException;
18  import com.liferay.portal.kernel.log.Log;
19  import com.liferay.portal.kernel.log.LogFactoryUtil;
20  import com.liferay.portal.kernel.util.ParamUtil;
21  import com.liferay.portal.kernel.util.PropsKeys;
22  import com.liferay.portal.kernel.util.StringPool;
23  import com.liferay.portal.kernel.util.StringUtil;
24  import com.liferay.portal.kernel.util.Validator;
25  import com.liferay.portal.model.CompanyConstants;
26  import com.liferay.portal.model.User;
27  import com.liferay.portal.security.ldap.PortalLDAPUtil;
28  import com.liferay.portal.service.UserLocalServiceUtil;
29  import com.liferay.portal.servlet.filters.sso.cas.CASFilter;
30  import com.liferay.portal.util.PortalUtil;
31  import com.liferay.portal.util.PrefsPropsUtil;
32  import com.liferay.portal.util.PropsValues;
33  
34  import javax.naming.Binding;
35  import javax.naming.NamingEnumeration;
36  import javax.naming.directory.Attributes;
37  import javax.naming.directory.SearchControls;
38  import javax.naming.directory.SearchResult;
39  import javax.naming.ldap.LdapContext;
40  
41  import javax.servlet.http.HttpServletRequest;
42  import javax.servlet.http.HttpServletResponse;
43  import javax.servlet.http.HttpSession;
44  
45  /**
46   * <a href="CASAutoLogin.java.html"><b><i>View Source</i></b></a>
47   *
48   * @author Brian Wing Shun Chan
49   * @author Jorge Ferrer
50   * @author Wesley Gong
51   * @author Daeyoung Song
52   */
53  public class CASAutoLogin implements AutoLogin {
54  
55      public String[] login(
56              HttpServletRequest request, HttpServletResponse response)
57          throws AutoLoginException {
58  
59          String[] credentials = null;
60  
61          try {
62              long companyId = PortalUtil.getCompanyId(request);
63  
64              if (!PrefsPropsUtil.getBoolean(
65                      companyId, PropsKeys.CAS_AUTH_ENABLED,
66                      PropsValues.CAS_AUTH_ENABLED)) {
67  
68                  return credentials;
69              }
70  
71              HttpSession session = request.getSession();
72  
73              String login = (String)session.getAttribute(CASFilter.LOGIN);
74  
75              if (Validator.isNull(login)) {
76                  return credentials;
77              }
78  
79              String authType = PrefsPropsUtil.getString(
80                  companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE,
81                  PropsValues.COMPANY_SECURITY_AUTH_TYPE);
82  
83              User user = null;
84  
85              if (PrefsPropsUtil.getBoolean(
86                      companyId, PropsKeys.CAS_IMPORT_FROM_LDAP,
87                      PropsValues.CAS_IMPORT_FROM_LDAP)) {
88  
89                  try {
90                      if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
91                          user = importLDAPUser(
92                              companyId, StringPool.BLANK, login);
93                      }
94                      else {
95                          user = importLDAPUser(
96                              companyId, login, StringPool.BLANK);
97                      }
98                  }
99                  catch (SystemException se) {
100                 }
101             }
102 
103             if (user == null) {
104                 if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
105                     user = UserLocalServiceUtil.getUserByScreenName(
106                         companyId, login);
107                 }
108                 else {
109                     user = UserLocalServiceUtil.getUserByEmailAddress(
110                         companyId, login);
111                 }
112             }
113 
114             String redirect = ParamUtil.getString(request, "redirect");
115 
116             if (Validator.isNotNull(redirect)) {
117                 request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
118             }
119 
120             credentials = new String[3];
121 
122             credentials[0] = String.valueOf(user.getUserId());
123             credentials[1] = user.getPassword();
124             credentials[2] = Boolean.TRUE.toString();
125 
126             return credentials;
127         }
128         catch (Exception e) {
129             _log.error(e, e);
130         }
131 
132         return credentials;
133     }
134 
135     /**
136      * @deprecated Use <code>importLDAPUser</code>.
137      */
138     protected User addUser(long companyId, String screenName) throws Exception {
139         return importLDAPUser(companyId, StringPool.BLANK, screenName);
140     }
141 
142     protected User importLDAPUser(
143             long companyId, String emailAddress, String screenName)
144         throws Exception {
145 
146         LdapContext ctx = null;
147 
148         try {
149             String baseDN = PrefsPropsUtil.getString(
150                 companyId, PropsKeys.LDAP_BASE_DN);
151 
152             ctx = PortalLDAPUtil.getContext(companyId);
153 
154             if (ctx == null) {
155                 throw new SystemException("Failed to bind to the LDAP server");
156             }
157 
158             String filter = PrefsPropsUtil.getString(
159                 companyId, PropsKeys.LDAP_AUTH_SEARCH_FILTER);
160 
161             if (_log.isDebugEnabled()) {
162                 _log.debug("Search filter before transformation " + filter);
163             }
164 
165             filter = StringUtil.replace(
166                 filter,
167                 new String[] {
168                     "@company_id@", "@email_address@", "@screen_name@"
169                 },
170                 new String[] {
171                     String.valueOf(companyId), emailAddress, screenName
172                 });
173 
174             if (_log.isDebugEnabled()) {
175                 _log.debug("Search filter after transformation " + filter);
176             }
177 
178             SearchControls cons = new SearchControls(
179                 SearchControls.SUBTREE_SCOPE, 1, 0, null, false, false);
180 
181             NamingEnumeration<SearchResult> enu = ctx.search(
182                 baseDN, filter, cons);
183 
184             if (enu.hasMoreElements()) {
185                 if (_log.isDebugEnabled()) {
186                     _log.debug("Search filter returned at least one result");
187                 }
188 
189                 Binding binding = enu.nextElement();
190 
191                 Attributes attrs = PortalLDAPUtil.getUserAttributes(
192                     companyId, ctx,
193                     PortalLDAPUtil.getNameInNamespace(companyId, binding));
194 
195                 return PortalLDAPUtil.importLDAPUser(
196                     companyId, ctx, attrs, StringPool.BLANK, true);
197             }
198             else {
199                 if (_log.isDebugEnabled()) {
200                     if (Validator.isNotNull(emailAddress)) {
201                         _log.debug(
202                             "User with the email address " + emailAddress +
203                                 " was not found in the LDAP server");
204                     }
205                     else {
206                         _log.debug(
207                             "User with the screen name " + screenName +
208                                 " was not found in the LDAP server");
209                     }
210                 }
211 
212                 return null;
213             }
214         }
215         catch (Exception e) {
216             if (_log.isWarnEnabled()) {
217                 _log.warn("Problem accessing LDAP server " + e.getMessage());
218             }
219 
220             if (_log.isDebugEnabled()) {
221                 _log.debug(e, e);
222             }
223 
224             throw new SystemException(
225                 "Problem accessing LDAP server " + e.getMessage());
226         }
227         finally {
228             if (ctx != null) {
229                 ctx.close();
230             }
231         }
232     }
233 
234     private static Log _log = LogFactoryUtil.getLog(CASAutoLogin.class);
235 
236 }