001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.util.ParamUtil;
022 import com.liferay.portal.kernel.util.PropsKeys;
023 import com.liferay.portal.kernel.util.StringPool;
024 import com.liferay.portal.kernel.util.Validator;
025 import com.liferay.portal.model.CompanyConstants;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
028 import com.liferay.portal.service.UserLocalServiceUtil;
029 import com.liferay.portal.util.PortalUtil;
030 import com.liferay.portal.util.PrefsPropsUtil;
031 import com.liferay.portal.util.PropsValues;
032 import com.liferay.portal.util.WebKeys;
033
034 import javax.servlet.http.HttpServletRequest;
035 import javax.servlet.http.HttpServletResponse;
036 import javax.servlet.http.HttpSession;
037
038
044 public class CASAutoLogin implements AutoLogin {
045
046 public String[] login(
047 HttpServletRequest request, HttpServletResponse response) {
048
049 HttpSession session = request.getSession();
050
051 String[] credentials = null;
052
053 try {
054 long companyId = PortalUtil.getCompanyId(request);
055
056 if (!PrefsPropsUtil.getBoolean(
057 companyId, PropsKeys.CAS_AUTH_ENABLED,
058 PropsValues.CAS_AUTH_ENABLED)) {
059
060 return credentials;
061 }
062
063 String login = (String)session.getAttribute(WebKeys.CAS_LOGIN);
064
065 if (Validator.isNull(login)) {
066 Object noSuchUserException = session.getAttribute(
067 WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
068
069 if (noSuchUserException == null) {
070 return credentials;
071 }
072
073 session.removeAttribute(WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
074
075 session.setAttribute(WebKeys.CAS_FORCE_LOGOUT, Boolean.TRUE);
076
077 String redirect = PrefsPropsUtil.getString(
078 companyId, PropsKeys.CAS_NO_SUCH_USER_REDIRECT_URL,
079 PropsValues.CAS_NO_SUCH_USER_REDIRECT_URL);
080
081 request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
082
083 return credentials;
084 }
085
086 String authType = PrefsPropsUtil.getString(
087 companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE,
088 PropsValues.COMPANY_SECURITY_AUTH_TYPE);
089
090 User user = null;
091
092 if (PrefsPropsUtil.getBoolean(
093 companyId, PropsKeys.CAS_IMPORT_FROM_LDAP,
094 PropsValues.CAS_IMPORT_FROM_LDAP)) {
095
096 try {
097 if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
098 user = PortalLDAPImporterUtil.importLDAPUser(
099 companyId, StringPool.BLANK, login);
100 }
101 else {
102 user = PortalLDAPImporterUtil.importLDAPUser(
103 companyId, login, StringPool.BLANK);
104 }
105 }
106 catch (SystemException se) {
107 }
108 }
109
110 if (user == null) {
111 if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
112 user = UserLocalServiceUtil.getUserByScreenName(
113 companyId, login);
114 }
115 else {
116 user = UserLocalServiceUtil.getUserByEmailAddress(
117 companyId, login);
118 }
119 }
120
121 String redirect = ParamUtil.getString(request, "redirect");
122
123 if (Validator.isNotNull(redirect)) {
124 request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
125 }
126
127 credentials = new String[3];
128
129 credentials[0] = String.valueOf(user.getUserId());
130 credentials[1] = user.getPassword();
131 credentials[2] = Boolean.TRUE.toString();
132
133 return credentials;
134 }
135 catch (NoSuchUserException nsue) {
136 session.removeAttribute(WebKeys.CAS_LOGIN);
137
138 session.setAttribute(
139 WebKeys.CAS_NO_SUCH_USER_EXCEPTION, Boolean.TRUE);
140 }
141 catch (Exception e) {
142 _log.error(e, e);
143 }
144
145 return credentials;
146 }
147
148
151 protected User addUser(long companyId, String screenName) throws Exception {
152 return PortalLDAPImporterUtil.importLDAPUser(
153 companyId, StringPool.BLANK, screenName);
154 }
155
156 private static Log _log = LogFactoryUtil.getLog(CASAutoLogin.class);
157
158 }