001
014
015 package com.liferay.portlet.login.action;
016
017 import com.liferay.portal.CompanyMaxUsersException;
018 import com.liferay.portal.CookieNotSupportedException;
019 import com.liferay.portal.NoSuchUserException;
020 import com.liferay.portal.PasswordExpiredException;
021 import com.liferay.portal.UserEmailAddressException;
022 import com.liferay.portal.UserIdException;
023 import com.liferay.portal.UserLockoutException;
024 import com.liferay.portal.UserPasswordException;
025 import com.liferay.portal.UserScreenNameException;
026 import com.liferay.portal.kernel.log.Log;
027 import com.liferay.portal.kernel.log.LogFactoryUtil;
028 import com.liferay.portal.kernel.servlet.SessionErrors;
029 import com.liferay.portal.kernel.util.Http;
030 import com.liferay.portal.kernel.util.ParamUtil;
031 import com.liferay.portal.kernel.util.Validator;
032 import com.liferay.portal.security.auth.AuthException;
033 import com.liferay.portal.struts.PortletAction;
034 import com.liferay.portal.theme.ThemeDisplay;
035 import com.liferay.portal.util.PortalUtil;
036 import com.liferay.portal.util.PropsValues;
037 import com.liferay.portal.util.WebKeys;
038 import com.liferay.portlet.PortletPreferencesFactoryUtil;
039 import com.liferay.portlet.login.util.LoginUtil;
040
041 import javax.portlet.ActionRequest;
042 import javax.portlet.ActionResponse;
043 import javax.portlet.PortletConfig;
044 import javax.portlet.PortletPreferences;
045 import javax.portlet.RenderRequest;
046 import javax.portlet.RenderResponse;
047
048 import javax.servlet.http.HttpServletRequest;
049 import javax.servlet.http.HttpServletResponse;
050 import javax.servlet.http.HttpSession;
051
052 import org.apache.struts.action.ActionForm;
053 import org.apache.struts.action.ActionForward;
054 import org.apache.struts.action.ActionMapping;
055
056
059 public class LoginAction extends PortletAction {
060
061 @Override
062 public void processAction(
063 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
064 ActionRequest actionRequest, ActionResponse actionResponse)
065 throws Exception {
066
067 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
068 WebKeys.THEME_DISPLAY);
069
070 if (PropsValues.AUTH_LOGIN_DISABLED) {
071 actionResponse.sendRedirect(
072 themeDisplay.getPathMain() +
073 PropsValues.AUTH_LOGIN_DISABLED_PATH);
074
075 return;
076 }
077
078
083
084 try {
085 PortletPreferences preferences =
086 PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
087
088 login(themeDisplay, actionRequest, actionResponse, preferences);
089
090 boolean doActionAfterLogin = ParamUtil.getBoolean(
091 actionRequest, "doActionAfterLogin");
092
093 if (doActionAfterLogin) {
094 setForward(actionRequest, "portlet.login.login_redirect");
095 }
096 }
097 catch (Exception e) {
098 if (e instanceof AuthException) {
099 Throwable cause = e.getCause();
100
101 if (cause instanceof PasswordExpiredException ||
102 cause instanceof UserLockoutException) {
103
104 SessionErrors.add(
105 actionRequest, cause.getClass().getName());
106 }
107 else {
108 if (_log.isInfoEnabled()) {
109 _log.info("Authentication failed");
110 }
111
112 SessionErrors.add(actionRequest, e.getClass().getName());
113 }
114 }
115 else if (e instanceof CompanyMaxUsersException ||
116 e instanceof CookieNotSupportedException ||
117 e instanceof NoSuchUserException ||
118 e instanceof PasswordExpiredException ||
119 e instanceof UserEmailAddressException ||
120 e instanceof UserIdException ||
121 e instanceof UserLockoutException ||
122 e instanceof UserPasswordException ||
123 e instanceof UserScreenNameException) {
124
125 SessionErrors.add(actionRequest, e.getClass().getName());
126 }
127 else {
128 _log.error(e, e);
129
130 PortalUtil.sendError(e, actionRequest, actionResponse);
131 }
132 }
133 }
134
135 @Override
136 public ActionForward render(
137 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
138 RenderRequest renderRequest, RenderResponse renderResponse)
139 throws Exception {
140
141 return mapping.findForward(
142 getForward(renderRequest, "portlet.login.login"));
143 }
144
145 protected String getCompleteRedirectURL(
146 HttpServletRequest request, String redirect) {
147
148 HttpSession session = request.getSession();
149
150 Boolean httpsInitial = (Boolean)session.getAttribute(
151 WebKeys.HTTPS_INITIAL);
152
153 String portalURL = null;
154
155 if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
156 (!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&
157 (httpsInitial != null) && (!httpsInitial.booleanValue())) {
158
159 portalURL = PortalUtil.getPortalURL(request, false);
160 }
161 else {
162 portalURL = PortalUtil.getPortalURL(request);
163 }
164
165 return portalURL.concat(redirect);
166 }
167
168 @Override
169 protected boolean isCheckMethodOnProcessAction() {
170 return _CHECK_METHOD_ON_PROCESS_ACTION;
171 }
172
173 protected void login(
174 ThemeDisplay themeDisplay, ActionRequest actionRequest,
175 ActionResponse actionResponse, PortletPreferences preferences)
176 throws Exception {
177
178 HttpServletRequest request = PortalUtil.getHttpServletRequest(
179 actionRequest);
180 HttpServletResponse response = PortalUtil.getHttpServletResponse(
181 actionResponse);
182
183 String login = ParamUtil.getString(actionRequest, "login");
184 String password = actionRequest.getParameter("password");
185 boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
186
187 String authType = preferences.getValue("authType", null);
188
189 LoginUtil.login(
190 request, response, login, password, rememberMe, authType);
191
192 if (PropsValues.PORTAL_JAAS_ENABLE) {
193 actionResponse.sendRedirect(
194 themeDisplay.getPathMain() + "/portal/protected");
195 }
196 else {
197 String redirect = ParamUtil.getString(actionRequest, "redirect");
198
199 if (Validator.isNotNull(redirect)) {
200 redirect = PortalUtil.escapeRedirect(redirect);
201
202 if (!redirect.startsWith(Http.HTTP)) {
203 redirect = getCompleteRedirectURL(request, redirect);
204 }
205
206 actionResponse.sendRedirect(redirect);
207 }
208 else {
209 boolean doActionAfterLogin = ParamUtil.getBoolean(
210 actionRequest, "doActionAfterLogin");
211
212 if (doActionAfterLogin) {
213 return;
214 }
215 else {
216 actionResponse.sendRedirect(themeDisplay.getPathMain());
217 }
218 }
219 }
220 }
221
222 private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
223
224 private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
225
226 }