001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.CompanyMaxUsersException;
018    import com.liferay.portal.CookieNotSupportedException;
019    import com.liferay.portal.NoSuchUserException;
020    import com.liferay.portal.PasswordExpiredException;
021    import com.liferay.portal.UserEmailAddressException;
022    import com.liferay.portal.UserIdException;
023    import com.liferay.portal.UserLockoutException;
024    import com.liferay.portal.UserPasswordException;
025    import com.liferay.portal.UserScreenNameException;
026    import com.liferay.portal.kernel.log.Log;
027    import com.liferay.portal.kernel.log.LogFactoryUtil;
028    import com.liferay.portal.kernel.servlet.SessionErrors;
029    import com.liferay.portal.kernel.util.Http;
030    import com.liferay.portal.kernel.util.ParamUtil;
031    import com.liferay.portal.kernel.util.Validator;
032    import com.liferay.portal.security.auth.AuthException;
033    import com.liferay.portal.struts.PortletAction;
034    import com.liferay.portal.theme.ThemeDisplay;
035    import com.liferay.portal.util.PortalUtil;
036    import com.liferay.portal.util.PropsValues;
037    import com.liferay.portal.util.WebKeys;
038    import com.liferay.portlet.PortletPreferencesFactoryUtil;
039    import com.liferay.portlet.login.util.LoginUtil;
040    
041    import javax.portlet.ActionRequest;
042    import javax.portlet.ActionResponse;
043    import javax.portlet.PortletConfig;
044    import javax.portlet.PortletPreferences;
045    import javax.portlet.RenderRequest;
046    import javax.portlet.RenderResponse;
047    
048    import javax.servlet.http.HttpServletRequest;
049    import javax.servlet.http.HttpServletResponse;
050    import javax.servlet.http.HttpSession;
051    
052    import org.apache.struts.action.ActionForm;
053    import org.apache.struts.action.ActionForward;
054    import org.apache.struts.action.ActionMapping;
055    
056    /**
057     * @author Brian Wing Shun Chan
058     */
059    public class LoginAction extends PortletAction {
060    
061            @Override
062            public void processAction(
063                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
064                            ActionRequest actionRequest, ActionResponse actionResponse)
065                    throws Exception {
066    
067                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
068                            WebKeys.THEME_DISPLAY);
069    
070                    if (PropsValues.AUTH_LOGIN_DISABLED) {
071                            actionResponse.sendRedirect(
072                                    themeDisplay.getPathMain() +
073                                            PropsValues.AUTH_LOGIN_DISABLED_PATH);
074    
075                            return;
076                    }
077    
078                    /*if (actionRequest.getRemoteUser() != null) {
079                            actionResponse.sendRedirect(themeDisplay.getPathMain());
080    
081                            return;
082                    }*/
083    
084                    try {
085                            PortletPreferences preferences =
086                                    PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
087    
088                            login(themeDisplay, actionRequest, actionResponse, preferences);
089    
090                            boolean doActionAfterLogin = ParamUtil.getBoolean(
091                                    actionRequest, "doActionAfterLogin");
092    
093                            if (doActionAfterLogin) {
094                                    setForward(actionRequest, "portlet.login.login_redirect");
095                            }
096                    }
097                    catch (Exception e) {
098                            if (e instanceof AuthException) {
099                                    Throwable cause = e.getCause();
100    
101                                    if (cause instanceof PasswordExpiredException ||
102                                            cause instanceof UserLockoutException) {
103    
104                                            SessionErrors.add(
105                                                    actionRequest, cause.getClass().getName());
106                                    }
107                                    else {
108                                            if (_log.isInfoEnabled()) {
109                                                    _log.info("Authentication failed");
110                                            }
111    
112                                            SessionErrors.add(actionRequest, e.getClass().getName());
113                                    }
114                            }
115                            else if (e instanceof CompanyMaxUsersException ||
116                                             e instanceof CookieNotSupportedException ||
117                                             e instanceof NoSuchUserException ||
118                                             e instanceof PasswordExpiredException ||
119                                             e instanceof UserEmailAddressException ||
120                                             e instanceof UserIdException ||
121                                             e instanceof UserLockoutException ||
122                                             e instanceof UserPasswordException ||
123                                             e instanceof UserScreenNameException) {
124    
125                                    SessionErrors.add(actionRequest, e.getClass().getName());
126                            }
127                            else {
128                                    _log.error(e, e);
129    
130                                    PortalUtil.sendError(e, actionRequest, actionResponse);
131                            }
132                    }
133            }
134    
135            @Override
136            public ActionForward render(
137                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
138                            RenderRequest renderRequest, RenderResponse renderResponse)
139                    throws Exception {
140    
141                    return mapping.findForward(
142                            getForward(renderRequest, "portlet.login.login"));
143            }
144    
145            protected String getCompleteRedirectURL(
146                    HttpServletRequest request, String redirect) {
147    
148                    HttpSession session = request.getSession();
149    
150                    Boolean httpsInitial = (Boolean)session.getAttribute(
151                            WebKeys.HTTPS_INITIAL);
152    
153                    String portalURL = null;
154    
155                    if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
156                            (!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&
157                            (httpsInitial != null) && (!httpsInitial.booleanValue())) {
158    
159                            portalURL = PortalUtil.getPortalURL(request, false);
160                    }
161                    else {
162                            portalURL = PortalUtil.getPortalURL(request);
163                    }
164    
165                    return portalURL.concat(redirect);
166            }
167    
168            @Override
169            protected boolean isCheckMethodOnProcessAction() {
170                    return _CHECK_METHOD_ON_PROCESS_ACTION;
171            }
172    
173            protected void login(
174                            ThemeDisplay themeDisplay, ActionRequest actionRequest,
175                            ActionResponse actionResponse, PortletPreferences preferences)
176                    throws Exception {
177    
178                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
179                            actionRequest);
180                    HttpServletResponse response = PortalUtil.getHttpServletResponse(
181                            actionResponse);
182    
183                    String login = ParamUtil.getString(actionRequest, "login");
184                    String password = actionRequest.getParameter("password");
185                    boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
186    
187                    String authType = preferences.getValue("authType", null);
188    
189                    LoginUtil.login(
190                            request, response, login, password, rememberMe, authType);
191    
192                    if (PropsValues.PORTAL_JAAS_ENABLE) {
193                            actionResponse.sendRedirect(
194                                    themeDisplay.getPathMain() + "/portal/protected");
195                    }
196                    else {
197                            String redirect = ParamUtil.getString(actionRequest, "redirect");
198    
199                            if (Validator.isNotNull(redirect)) {
200                                    redirect = PortalUtil.escapeRedirect(redirect);
201    
202                                    if (!redirect.startsWith(Http.HTTP)) {
203                                            redirect = getCompleteRedirectURL(request, redirect);
204                                    }
205    
206                                    actionResponse.sendRedirect(redirect);
207                            }
208                            else {
209                                    boolean doActionAfterLogin = ParamUtil.getBoolean(
210                                            actionRequest, "doActionAfterLogin");
211    
212                                    if (doActionAfterLogin) {
213                                            return;
214                                    }
215                                    else {
216                                            actionResponse.sendRedirect(themeDisplay.getPathMain());
217                                    }
218                            }
219                    }
220            }
221    
222            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
223    
224            private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
225    
226    }