1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   * 
13   */
14  
15  package com.liferay.portal.struts;
16  
17  import com.liferay.portal.LayoutPermissionException;
18  import com.liferay.portal.PortletActiveException;
19  import com.liferay.portal.RequiredRoleException;
20  import com.liferay.portal.UserActiveException;
21  import com.liferay.portal.kernel.log.Log;
22  import com.liferay.portal.kernel.log.LogFactoryUtil;
23  import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
24  import com.liferay.portal.kernel.servlet.HttpMethods;
25  import com.liferay.portal.kernel.servlet.SessionErrors;
26  import com.liferay.portal.kernel.util.GetterUtil;
27  import com.liferay.portal.kernel.util.HttpUtil;
28  import com.liferay.portal.kernel.util.JavaConstants;
29  import com.liferay.portal.kernel.util.ParamUtil;
30  import com.liferay.portal.kernel.util.PropsKeys;
31  import com.liferay.portal.kernel.util.StringBundler;
32  import com.liferay.portal.kernel.util.StringPool;
33  import com.liferay.portal.kernel.util.Validator;
34  import com.liferay.portal.liveusers.LiveUsers;
35  import com.liferay.portal.model.Layout;
36  import com.liferay.portal.model.LayoutConstants;
37  import com.liferay.portal.model.Portlet;
38  import com.liferay.portal.model.PortletPreferencesIds;
39  import com.liferay.portal.model.User;
40  import com.liferay.portal.model.UserTracker;
41  import com.liferay.portal.model.UserTrackerPath;
42  import com.liferay.portal.security.auth.PrincipalException;
43  import com.liferay.portal.security.permission.ActionKeys;
44  import com.liferay.portal.security.permission.PermissionChecker;
45  import com.liferay.portal.service.LayoutLocalServiceUtil;
46  import com.liferay.portal.service.PortletLocalServiceUtil;
47  import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
48  import com.liferay.portal.service.permission.PortletPermissionUtil;
49  import com.liferay.portal.service.persistence.UserTrackerPathUtil;
50  import com.liferay.portal.theme.ThemeDisplay;
51  import com.liferay.portal.util.PortalUtil;
52  import com.liferay.portal.util.PropsUtil;
53  import com.liferay.portal.util.PropsValues;
54  import com.liferay.portal.util.WebKeys;
55  import com.liferay.portlet.InvokerPortlet;
56  import com.liferay.portlet.PortletConfigFactory;
57  import com.liferay.portlet.PortletInstanceFactory;
58  import com.liferay.portlet.PortletPreferencesFactoryUtil;
59  import com.liferay.portlet.PortletURLImpl;
60  import com.liferay.portlet.RenderRequestFactory;
61  import com.liferay.portlet.RenderRequestImpl;
62  import com.liferay.portlet.RenderResponseFactory;
63  import com.liferay.portlet.RenderResponseImpl;
64  
65  import java.io.IOException;
66  
67  import java.util.Date;
68  import java.util.HashSet;
69  import java.util.Iterator;
70  import java.util.Map.Entry;
71  import java.util.Map;
72  import java.util.Set;
73  
74  import javax.portlet.PortletConfig;
75  import javax.portlet.PortletContext;
76  import javax.portlet.PortletMode;
77  import javax.portlet.PortletPreferences;
78  import javax.portlet.PortletRequest;
79  import javax.portlet.WindowState;
80  
81  import javax.servlet.ServletContext;
82  import javax.servlet.ServletException;
83  import javax.servlet.http.HttpServletRequest;
84  import javax.servlet.http.HttpServletResponse;
85  import javax.servlet.http.HttpSession;
86  import javax.servlet.jsp.PageContext;
87  
88  import org.apache.struts.action.ActionMapping;
89  import org.apache.struts.config.ForwardConfig;
90  import org.apache.struts.tiles.TilesRequestProcessor;
91  
92  /**
93   * <a href="PortalRequestProcessor.java.html"><b><i>View Source</i></b></a>
94   *
95   * @author Brian Wing Shun Chan
96   * @author Jorge Ferrer
97   */
98  public class PortalRequestProcessor extends TilesRequestProcessor {
99  
100     public PortalRequestProcessor() {
101 
102         // auth.forward.last.path.
103 
104         _lastPaths = new HashSet<String>();
105 
106         _lastPaths.add(_PATH_PORTAL_LAYOUT);
107 
108         addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
109 
110         // auth.public.path.
111 
112         _publicPaths = new HashSet<String>();
113 
114         _publicPaths.add(_PATH_C);
115         _publicPaths.add(_PATH_PORTAL_FLASH);
116         _publicPaths.add(_PATH_PORTAL_J_LOGIN);
117         _publicPaths.add(_PATH_PORTAL_LAYOUT);
118         _publicPaths.add(_PATH_PORTAL_LOGIN);
119         _publicPaths.add(_PATH_PORTAL_LOGIN_CAPTCHA);
120         _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
121         _publicPaths.add(_PATH_PORTAL_TCK);
122 
123         addPaths(_publicPaths, PropsKeys.AUTH_PUBLIC_PATHS);
124 
125         _trackerIgnorePaths = new HashSet<String>();
126 
127         addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
128     }
129 
130     public void process(
131             HttpServletRequest request, HttpServletResponse response)
132         throws IOException, ServletException {
133 
134         String path = super.processPath(request, response);
135 
136         ActionMapping mapping = (ActionMapping)moduleConfig.findActionConfig(
137             path);
138 
139         if (mapping == null) {
140             String lastPath = getLastPath(request);
141 
142             if (_log.isDebugEnabled()) {
143                 _log.debug("Last path " + lastPath);
144             }
145 
146             response.sendRedirect(lastPath);
147 
148             return;
149         }
150 
151         super.process(request, response);
152 
153         try {
154             if (isPortletPath(path)) {
155                 cleanUp(request);
156             }
157         }
158         catch (Exception e) {
159             _log.error(e, e);
160         }
161     }
162 
163     protected void addPaths(Set<String> paths, String propsKey) {
164         String[] pathsArray = PropsUtil.getArray(propsKey);
165 
166         for (String path : pathsArray) {
167             paths.add(path);
168         }
169     }
170 
171     protected void callParentDoForward(
172             String uri, HttpServletRequest request,
173             HttpServletResponse response)
174         throws IOException, ServletException {
175 
176         super.doForward(uri, request, response);
177     }
178 
179     protected HttpServletRequest callParentProcessMultipart(
180         HttpServletRequest request) {
181 
182         return super.processMultipart(request);
183     }
184 
185     protected String callParentProcessPath(
186             HttpServletRequest request, HttpServletResponse response)
187         throws IOException {
188 
189         return super.processPath(request, response);
190     }
191 
192     protected boolean callParentProcessRoles(
193             HttpServletRequest request, HttpServletResponse response,
194             ActionMapping mapping)
195         throws IOException, ServletException {
196 
197         return super.processRoles(request, response, mapping);
198     }
199 
200     protected void cleanUp(HttpServletRequest request) throws Exception {
201 
202         // Clean up portlet objects that may have been created by defineObjects
203         // for portlets that are called directly from a Struts path
204 
205         RenderRequestImpl renderRequestImpl =
206             (RenderRequestImpl)request.getAttribute(
207                 JavaConstants.JAVAX_PORTLET_REQUEST);
208 
209         if (renderRequestImpl != null) {
210             RenderRequestFactory.recycle(renderRequestImpl);
211         }
212 
213         RenderResponseImpl renderResponseImpl =
214             (RenderResponseImpl)request.getAttribute(
215                 JavaConstants.JAVAX_PORTLET_RESPONSE);
216 
217         if (renderResponseImpl != null) {
218             RenderResponseFactory.recycle(renderResponseImpl);
219         }
220     }
221 
222     protected void defineObjects(
223             HttpServletRequest request, HttpServletResponse response,
224             Portlet portlet)
225         throws Exception {
226 
227         String portletId = portlet.getPortletId();
228 
229         ServletContext servletContext = (ServletContext)request.getAttribute(
230             WebKeys.CTX);
231 
232         InvokerPortlet invokerPortlet = PortletInstanceFactory.create(
233             portlet, servletContext);
234 
235         PortletPreferencesIds portletPreferencesIds =
236             PortletPreferencesFactoryUtil.getPortletPreferencesIds(
237                 request, portletId);
238 
239         PortletPreferences portletPreferences =
240             PortletPreferencesLocalServiceUtil.getPreferences(
241                 portletPreferencesIds);
242 
243         PortletConfig portletConfig = PortletConfigFactory.create(
244             portlet, servletContext);
245         PortletContext portletContext = portletConfig.getPortletContext();
246 
247         RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
248             request, portlet, invokerPortlet, portletContext,
249             WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
250 
251         RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
252             renderRequestImpl, response, portletId, portlet.getCompanyId());
253 
254         renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
255 
256         request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
257     }
258 
259     protected void doForward(
260             String uri, HttpServletRequest request,
261             HttpServletResponse response)
262         throws ServletException {
263 
264         StrutsUtil.forward(uri, getServletContext(), request, response);
265     }
266 
267     protected void doInclude(
268             String uri, HttpServletRequest request,
269             HttpServletResponse response)
270         throws ServletException {
271 
272         StrutsUtil.include(uri, getServletContext(), request, response);
273     }
274 
275     protected String getFriendlyTrackerPath(
276             String path, ThemeDisplay themeDisplay, HttpServletRequest request)
277         throws Exception {
278 
279         if (!path.equals(_PATH_PORTAL_LAYOUT)) {
280             return null;
281         }
282 
283         long plid = ParamUtil.getLong(request, "p_l_id");
284 
285         if (plid == 0) {
286             return null;
287         }
288 
289         Layout layout = LayoutLocalServiceUtil.getLayout(plid);
290 
291         String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
292             layout, themeDisplay);
293 
294         String portletId = ParamUtil.getString(request, "p_p_id");
295 
296         if (Validator.isNull(portletId)) {
297             return layoutFriendlyURL;
298         }
299 
300         long companyId = PortalUtil.getCompanyId(request);
301 
302         Portlet portlet = PortletLocalServiceUtil.getPortletById(
303             companyId, portletId);
304 
305         if (portlet == null) {
306             String strutsPath = path.substring(
307                 1, path.lastIndexOf(StringPool.SLASH));
308 
309             portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
310                 companyId, strutsPath);
311         }
312 
313         if ((portlet == null) || !portlet.isActive()) {
314             return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
315                 request.getQueryString());
316         }
317 
318         String namespace = PortalUtil.getPortletNamespace(portletId);
319 
320         FriendlyURLMapper friendlyURLMapper =
321             portlet.getFriendlyURLMapperInstance();
322 
323         if (friendlyURLMapper == null) {
324             return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
325                 request.getQueryString());
326         }
327 
328         PortletURLImpl portletURL = new PortletURLImpl(
329             request, portletId, plid, PortletRequest.RENDER_PHASE);
330 
331         Iterator<Map.Entry<String, String[]>> itr =
332             request.getParameterMap().entrySet().iterator();
333 
334         while (itr.hasNext()) {
335             Entry<String, String[]> entry = itr.next();
336 
337             String key = entry.getKey();
338 
339             if (key.startsWith(namespace)) {
340                 key = key.substring(namespace.length());
341 
342                 portletURL.setParameter(key, entry.getValue());
343             }
344         }
345 
346         String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
347 
348         if (portletFriendlyURL != null) {
349             return layoutFriendlyURL.concat(portletFriendlyURL);
350         }
351         else {
352             return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
353                 request.getQueryString());
354         }
355     }
356 
357     protected String getLastPath(HttpServletRequest request) {
358         HttpSession session = request.getSession();
359 
360         ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
361             WebKeys.THEME_DISPLAY);
362 
363         Boolean httpsInitial = (Boolean)session.getAttribute(
364             WebKeys.HTTPS_INITIAL);
365 
366         String portalURL = null;
367 
368         if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
369             (httpsInitial != null) && (!httpsInitial.booleanValue())) {
370 
371             portalURL = PortalUtil.getPortalURL(request, false);
372         }
373         else {
374             portalURL = PortalUtil.getPortalURL(request);
375         }
376 
377         StringBundler sb = new StringBundler();
378 
379         sb.append(portalURL);
380         sb.append(themeDisplay.getPathMain());
381         sb.append(_PATH_PORTAL_LAYOUT);
382 
383         if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
384             if (request.getRemoteUser() != null) {
385 
386                 // If we do not forward by last path and the user is logged in,
387                 // forward to the user's default layout to prevent a lagging
388                 // loop
389 
390                 sb.append(StringPool.QUESTION);
391                 sb.append("p_l_id");
392                 sb.append(StringPool.EQUAL);
393                 sb.append(LayoutConstants.DEFAULT_PLID);
394             }
395 
396             return sb.toString();
397         }
398 
399         LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
400 
401         if (lastPath == null) {
402             return sb.toString();
403         }
404 
405         Map<String, String[]> parameterMap = lastPath.getParameterMap();
406 
407         // Only test for existing mappings for last paths that were set when the
408         // user accessed a layout directly instead of through its friendly URL
409 
410         if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
411             ActionMapping mapping =
412                 (ActionMapping)moduleConfig.findActionConfig(
413                     lastPath.getPath());
414 
415             if ((mapping == null) || (parameterMap == null)) {
416                 return sb.toString();
417             }
418         }
419 
420         StringBundler lastPathSB = new StringBundler(4);
421 
422         lastPathSB.append(portalURL);
423         lastPathSB.append(lastPath.getContextPath());
424         lastPathSB.append(lastPath.getPath());
425         lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
426 
427         return lastPathSB.toString();
428     }
429 
430     protected boolean isPortletPath(String path) {
431         if ((path != null) &&
432             (!path.equals(_PATH_C)) &&
433             (!path.startsWith(_PATH_COMMON)) &&
434             (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
435             (!path.startsWith(_PATH_PORTAL))) {
436 
437             return true;
438         }
439         else {
440             return false;
441         }
442     }
443 
444     protected boolean isPublicPath(String path) {
445         if ((path != null) &&
446             (_publicPaths.contains(path)) ||
447             (path.startsWith(_PATH_COMMON))) {
448 
449             return true;
450         }
451         else {
452             return false;
453         }
454     }
455 
456     protected ActionMapping processMapping(
457             HttpServletRequest request, HttpServletResponse response,
458             String path)
459         throws IOException {
460 
461         if (path == null) {
462             return null;
463         }
464 
465         ActionMapping mapping = super.processMapping(request, response, path);
466 
467         if (mapping == null) {
468             String msg = getInternal().getMessage("processInvalid");
469 
470             _log.error("User ID " + request.getRemoteUser());
471             _log.error("Current URL " + PortalUtil.getCurrentURL(request));
472             _log.error("Referer " + request.getHeader("Referer"));
473             _log.error("Remote address " + request.getRemoteAddr());
474 
475             _log.error(msg + " " + path);
476         }
477 
478         return mapping;
479     }
480 
481     protected HttpServletRequest processMultipart(HttpServletRequest request) {
482 
483         // Disable Struts from automatically wrapping a multipart request
484 
485         return request;
486     }
487 
488     protected String processPath(
489             HttpServletRequest request, HttpServletResponse response)
490         throws IOException {
491 
492         String path = GetterUtil.getString(
493             super.processPath(request, response));
494 
495         HttpSession session = request.getSession();
496 
497         ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
498             WebKeys.THEME_DISPLAY);
499 
500         // Current users
501 
502         UserTracker userTracker = LiveUsers.getUserTracker(
503             themeDisplay.getCompanyId(), session.getId());
504 
505         if ((userTracker != null) && (!path.equals(_PATH_C)) &&
506             (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
507             (path.indexOf(_PATH_PORTAL_PROTECTED) == -1) &&
508             (!_trackerIgnorePaths.contains(path))) {
509 
510             String fullPath = path;
511 
512             try {
513                 if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
514                     fullPath = getFriendlyTrackerPath(
515                         path, themeDisplay, request);
516                 }
517             }
518             catch (Exception e) {
519                 _log.error(e, e);
520             }
521 
522             if (fullPath == null) {
523                 fullPath = path.concat(StringPool.QUESTION).concat(
524                     request.getQueryString());
525             }
526 
527             UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
528 
529             userTrackerPath.setUserTrackerId(userTracker.getUserTrackerId());
530             userTrackerPath.setPath(fullPath);
531             userTrackerPath.setPathDate(new Date());
532 
533             userTracker.addPath(userTrackerPath);
534         }
535 
536         String remoteUser = request.getRemoteUser();
537 
538         User user = null;
539 
540         try {
541             user = PortalUtil.getUser(request);
542         }
543         catch (Exception e) {
544         }
545 
546         // Last path
547 
548         if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
549             boolean saveLastPath = ParamUtil.getBoolean(
550                 request, "saveLastPath", true);
551 
552             if (themeDisplay.isLifecycleResource() ||
553                 themeDisplay.isStateExclusive() ||
554                 themeDisplay.isStatePopUp() ||
555                 !request.getMethod().equalsIgnoreCase(HttpMethods.GET)) {
556 
557                 saveLastPath = false;
558             }
559 
560             // Save last path
561 
562             if (saveLastPath) {
563 
564                 // Was a last path set by another servlet that dispatched to
565                 // the MainServlet? If so, use that last path instead.
566 
567                 LastPath lastPath = (LastPath)request.getAttribute(
568                     WebKeys.LAST_PATH);
569 
570                 if (lastPath == null) {
571                     lastPath = new LastPath(
572                         themeDisplay.getPathMain(), path,
573                         request.getParameterMap());
574                 }
575 
576                 session.setAttribute(WebKeys.LAST_PATH, lastPath);
577             }
578         }
579 
580         // Authenticated users can always log out
581 
582         if (((remoteUser != null) || (user != null)) &&
583             (path.equals(_PATH_PORTAL_LOGOUT))) {
584 
585             return path;
586         }
587 
588         // Authenticated users can always extend or confirm their session
589 
590         if (((remoteUser != null) || (user != null)) &&
591             (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
592              path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
593 
594             return path;
595         }
596 
597         // Authenticated users can always agree to terms of use
598 
599         if (((remoteUser != null) || (user != null)) &&
600             (path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE))) {
601 
602             return path;
603         }
604 
605         // Authenticated users must still exist in the system
606 
607         if ((remoteUser != null) && (user == null)) {
608             return _PATH_PORTAL_LOGOUT;
609         }
610 
611         // Authenticated users must be active
612 
613         if ((user != null) && !user.isActive()) {
614             SessionErrors.add(request, UserActiveException.class.getName());
615 
616             return _PATH_PORTAL_ERROR;
617         }
618 
619         if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
620             !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
621             !ParamUtil.getBoolean(request, "wsrp")) {
622 
623             // Authenticated users should agree to Terms of Use
624 
625             if ((user != null) && !user.isAgreedToTermsOfUse()) {
626                 if (PropsValues.TERMS_OF_USE_REQUIRED) {
627                     return _PATH_PORTAL_TERMS_OF_USE;
628                 }
629             }
630 
631             // Authenticated users must have a current password
632 
633             if ((user != null) && user.isPasswordReset()) {
634                 return _PATH_PORTAL_CHANGE_PASSWORD;
635             }
636         }
637 
638         // Users must sign in
639 
640         if (!isPublicPath(path)) {
641             if (user == null) {
642                 SessionErrors.add(request, PrincipalException.class.getName());
643 
644                 return _PATH_PORTAL_LOGIN;
645             }
646         }
647 
648         ActionMapping mapping =
649             (ActionMapping)moduleConfig.findActionConfig(path);
650 
651         path = mapping.getPath();
652 
653         // Authenticated users must have at least one role
654 
655         if (user != null) {
656             try {
657 
658                 // FIX ME
659 
660                 if (false) {
661                     SessionErrors.add(
662                         request, RequiredRoleException.class.getName());
663 
664                     return _PATH_PORTAL_ERROR;
665                 }
666             }
667             catch (Exception e) {
668                 e.printStackTrace();
669             }
670         }
671 
672         // Define the portlet objects
673 
674         if (isPortletPath(path)) {
675             try {
676                 Portlet portlet = null;
677 
678                 long companyId = PortalUtil.getCompanyId(request);
679                 String portletId = ParamUtil.getString(request, "p_p_id");
680 
681                 if (Validator.isNotNull(portletId)) {
682                     portlet = PortletLocalServiceUtil.getPortletById(
683                         companyId, portletId);
684                 }
685 
686                 if (portlet == null) {
687                     String strutsPath = path.substring(
688                         1, path.lastIndexOf(StringPool.SLASH));
689 
690                     portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
691                         companyId, strutsPath);
692                 }
693 
694                 if ((portlet != null) && portlet.isActive()) {
695                     defineObjects(request, response, portlet);
696                 }
697             }
698             catch (Exception e) {
699                 request.setAttribute(PageContext.EXCEPTION, e);
700 
701                 path = _PATH_COMMON_ERROR;
702             }
703         }
704 
705         // Authenticated users must have access to at least one layout
706 
707         if (SessionErrors.contains(
708                 request, LayoutPermissionException.class.getName())) {
709 
710             return _PATH_PORTAL_ERROR;
711         }
712 
713         return path;
714     }
715 
716     protected boolean processRoles(
717             HttpServletRequest request, HttpServletResponse response,
718             ActionMapping mapping)
719         throws IOException, ServletException {
720 
721         String path = mapping.getPath();
722 
723         if (isPublicPath(path)) {
724             return true;
725         }
726 
727         boolean authorized = true;
728 
729         User user = null;
730 
731         try {
732             user = PortalUtil.getUser(request);
733         }
734         catch (Exception e) {
735         }
736 
737         if ((user != null) && isPortletPath(path)) {
738             try {
739 
740                 // Authenticated users can always log out
741 
742                 if (path.equals(_PATH_PORTAL_LOGOUT)) {
743                     return true;
744                 }
745 
746                 Portlet portlet = null;
747 
748                 String portletId = ParamUtil.getString(request, "p_p_id");
749 
750                 if (Validator.isNotNull(portletId)) {
751                     portlet = PortletLocalServiceUtil.getPortletById(
752                         user.getCompanyId(), portletId);
753                 }
754 
755                 String strutsPath = path.substring(
756                     1, path.lastIndexOf(StringPool.SLASH));
757 
758                 if (portlet != null) {
759                     if (!strutsPath.equals(portlet.getStrutsPath())) {
760                         throw new PrincipalException();
761                     }
762                 }
763                 else {
764                     portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
765                         user.getCompanyId(), strutsPath);
766                 }
767 
768                 if ((portlet != null) && portlet.isActive()) {
769                     ThemeDisplay themeDisplay =
770                         (ThemeDisplay)request.getAttribute(
771                             WebKeys.THEME_DISPLAY);
772 
773                     Layout layout = themeDisplay.getLayout();
774                     PermissionChecker permissionChecker =
775                         themeDisplay.getPermissionChecker();
776 
777                     if (!PortletPermissionUtil.contains(
778                             permissionChecker, layout.getPlid(), portlet,
779                             ActionKeys.VIEW)) {
780 
781                         throw new PrincipalException();
782                     }
783                 }
784                 else if (portlet != null && !portlet.isActive()) {
785                     SessionErrors.add(
786                         request, PortletActiveException.class.getName());
787 
788                     authorized = false;
789                 }
790             }
791             catch (Exception e) {
792                 SessionErrors.add(request, PrincipalException.class.getName());
793 
794                 authorized = false;
795             }
796         }
797 
798         if (!authorized) {
799             ForwardConfig forwardConfig =
800                 mapping.findForward(_PATH_PORTAL_ERROR);
801 
802             processForwardConfig(request, response, forwardConfig);
803 
804             return false;
805         }
806         else {
807             return true;
808         }
809     }
810 
811     private static String _PATH_C = "/c";
812 
813     private static String _PATH_COMMON = "/common";
814 
815     private static String _PATH_COMMON_ERROR = "/common/error";
816 
817     private static String _PATH_J_SECURITY_CHECK = "/j_security_check";
818 
819     private static String _PATH_PORTAL = "/portal";
820 
821     private static String _PATH_PORTAL_CHANGE_PASSWORD =
822         "/portal/change_password";
823 
824     private static String _PATH_PORTAL_ERROR = "/portal/error";
825 
826     private static String _PATH_PORTAL_EXPIRE_SESSION =
827         "/portal/expire_session";
828 
829     private static String _PATH_PORTAL_EXTEND_SESSION =
830         "/portal/extend_session";
831 
832     private static String _PATH_PORTAL_FLASH = "/portal/flash";
833 
834     private static String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
835 
836     private static String _PATH_PORTAL_JSON_SERVICE = "/portal/json_service";
837 
838     private static String _PATH_PORTAL_LAYOUT = "/portal/layout";
839 
840     private static String _PATH_PORTAL_LOGIN = "/portal/login";
841 
842     private static String _PATH_PORTAL_LOGIN_CAPTCHA = "/portal/login_captcha";
843 
844     private static String _PATH_PORTAL_LOGOUT = "/portal/logout";
845 
846     private static String _PATH_PORTAL_PROTECTED = "/portal/protected";
847 
848     private static String _PATH_PORTAL_RENDER_PORTLET =
849         "/portal/render_portlet";
850 
851     private static String _PATH_PORTAL_TCK = "/portal/tck";
852 
853     private static String _PATH_PORTAL_TERMS_OF_USE = "/portal/terms_of_use";
854 
855     private static String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
856         "/portal/update_terms_of_use";
857 
858     private static Log _log = LogFactoryUtil.getLog(
859         PortalRequestProcessor.class);
860 
861     private Set<String> _lastPaths;
862     private Set<String> _publicPaths;
863     private Set<String> _trackerIgnorePaths;
864 
865 }