001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.kernel.util.KeyValuePair;
021 import com.liferay.portal.kernel.util.StringPool;
022 import com.liferay.portal.kernel.util.Validator;
023 import com.liferay.portal.model.Company;
024 import com.liferay.portal.model.User;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026 import com.liferay.portal.util.CookieKeys;
027 import com.liferay.portal.util.PortalUtil;
028
029 import javax.servlet.http.Cookie;
030 import javax.servlet.http.HttpServletRequest;
031 import javax.servlet.http.HttpServletResponse;
032
033
036 public class RememberMeAutoLogin implements AutoLogin {
037
038 public String[] login(
039 HttpServletRequest request, HttpServletResponse response)
040 throws AutoLoginException {
041
042 try {
043 String[] credentials = null;
044
045 String autoUserId = CookieKeys.getCookie(
046 request, CookieKeys.ID, false);
047 String autoPassword = CookieKeys.getCookie(
048 request, CookieKeys.PASSWORD, false);
049 String rememberMe = CookieKeys.getCookie(
050 request, CookieKeys.REMEMBER_ME, false);
051
052
053
054 String proxyPath = PortalUtil.getPathProxy();
055 String contextPath = PortalUtil.getPathContext();
056
057 if (proxyPath.equals(contextPath)) {
058 if (Validator.isNotNull(request.getContextPath())) {
059 rememberMe = Boolean.TRUE.toString();
060 }
061 }
062 else {
063 if (!contextPath.equals(request.getContextPath())) {
064 rememberMe = Boolean.TRUE.toString();
065 }
066 }
067
068 if (Validator.isNotNull(autoUserId) &&
069 Validator.isNotNull(autoPassword) &&
070 Validator.isNotNull(rememberMe)) {
071
072 Company company = PortalUtil.getCompany(request);
073
074 KeyValuePair kvp = null;
075
076 if (company.isAutoLogin()) {
077 kvp = UserLocalServiceUtil.decryptUserId(
078 company.getCompanyId(), autoUserId, autoPassword);
079
080 credentials = new String[3];
081
082 credentials[0] = kvp.getKey();
083 credentials[1] = kvp.getValue();
084 credentials[2] = Boolean.FALSE.toString();
085 }
086 }
087
088
089
090 if (credentials != null) {
091 Company company = PortalUtil.getCompany(request);
092
093 User defaultUser = UserLocalServiceUtil.getDefaultUser(
094 company.getCompanyId());
095
096 long userId = GetterUtil.getLong(credentials[0]);
097
098 if (defaultUser.getUserId() == userId) {
099 credentials = null;
100
101 removeCookies(request, response);
102 }
103 }
104
105 return credentials;
106 }
107 catch (Exception e) {
108 _log.warn(e, e);
109
110 removeCookies(request, response);
111
112 throw new AutoLoginException(e);
113 }
114 }
115
116 protected void removeCookies(
117 HttpServletRequest request, HttpServletResponse response) {
118
119 Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
120
121 cookie.setMaxAge(0);
122 cookie.setPath(StringPool.SLASH);
123
124 CookieKeys.addCookie(request, response, cookie);
125
126 cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
127
128 cookie.setMaxAge(0);
129 cookie.setPath(StringPool.SLASH);
130
131 CookieKeys.addCookie(request, response, cookie);
132 }
133
134 private static Log _log = LogFactoryUtil.getLog(RememberMeAutoLogin.class);
135
136 }