001
014
015 package com.liferay.portal.struts;
016
017 import com.liferay.portal.LayoutPermissionException;
018 import com.liferay.portal.PortletActiveException;
019 import com.liferay.portal.UserActiveException;
020 import com.liferay.portal.kernel.exception.SystemException;
021 import com.liferay.portal.kernel.log.Log;
022 import com.liferay.portal.kernel.log.LogFactoryUtil;
023 import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
024 import com.liferay.portal.kernel.servlet.HttpMethods;
025 import com.liferay.portal.kernel.servlet.SessionErrors;
026 import com.liferay.portal.kernel.struts.LastPath;
027 import com.liferay.portal.kernel.util.CharPool;
028 import com.liferay.portal.kernel.util.GetterUtil;
029 import com.liferay.portal.kernel.util.HttpUtil;
030 import com.liferay.portal.kernel.util.JavaConstants;
031 import com.liferay.portal.kernel.util.ParamUtil;
032 import com.liferay.portal.kernel.util.PropsKeys;
033 import com.liferay.portal.kernel.util.StringBundler;
034 import com.liferay.portal.kernel.util.StringPool;
035 import com.liferay.portal.kernel.util.Validator;
036 import com.liferay.portal.liveusers.LiveUsers;
037 import com.liferay.portal.model.Company;
038 import com.liferay.portal.model.Layout;
039 import com.liferay.portal.model.LayoutConstants;
040 import com.liferay.portal.model.Portlet;
041 import com.liferay.portal.model.PortletPreferencesIds;
042 import com.liferay.portal.model.User;
043 import com.liferay.portal.model.UserTracker;
044 import com.liferay.portal.model.UserTrackerPath;
045 import com.liferay.portal.security.auth.PrincipalException;
046 import com.liferay.portal.security.permission.ActionKeys;
047 import com.liferay.portal.security.permission.PermissionChecker;
048 import com.liferay.portal.service.LayoutLocalServiceUtil;
049 import com.liferay.portal.service.PortletLocalServiceUtil;
050 import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
051 import com.liferay.portal.service.permission.PortletPermissionUtil;
052 import com.liferay.portal.service.persistence.UserTrackerPathUtil;
053 import com.liferay.portal.setup.SetupWizardUtil;
054 import com.liferay.portal.theme.ThemeDisplay;
055 import com.liferay.portal.util.PortalUtil;
056 import com.liferay.portal.util.PrefsPropsUtil;
057 import com.liferay.portal.util.PropsUtil;
058 import com.liferay.portal.util.PropsValues;
059 import com.liferay.portal.util.WebKeys;
060 import com.liferay.portlet.InvokerPortlet;
061 import com.liferay.portlet.PortletConfigFactoryUtil;
062 import com.liferay.portlet.PortletInstanceFactoryUtil;
063 import com.liferay.portlet.PortletPreferencesFactoryUtil;
064 import com.liferay.portlet.PortletURLImpl;
065 import com.liferay.portlet.RenderRequestFactory;
066 import com.liferay.portlet.RenderRequestImpl;
067 import com.liferay.portlet.RenderResponseFactory;
068 import com.liferay.portlet.RenderResponseImpl;
069
070 import java.io.IOException;
071
072 import java.util.Date;
073 import java.util.HashSet;
074 import java.util.Iterator;
075 import java.util.Map.Entry;
076 import java.util.Map;
077 import java.util.Set;
078
079 import javax.portlet.PortletConfig;
080 import javax.portlet.PortletContext;
081 import javax.portlet.PortletMode;
082 import javax.portlet.PortletPreferences;
083 import javax.portlet.PortletRequest;
084 import javax.portlet.WindowState;
085
086 import javax.servlet.ServletContext;
087 import javax.servlet.ServletException;
088 import javax.servlet.http.HttpServletRequest;
089 import javax.servlet.http.HttpServletResponse;
090 import javax.servlet.http.HttpSession;
091 import javax.servlet.jsp.PageContext;
092
093 import org.apache.struts.Globals;
094 import org.apache.struts.action.Action;
095 import org.apache.struts.action.ActionMapping;
096 import org.apache.struts.config.ActionConfig;
097 import org.apache.struts.config.ForwardConfig;
098 import org.apache.struts.tiles.TilesRequestProcessor;
099 import org.apache.struts.util.MessageResources;
100
101
107 public class PortalRequestProcessor extends TilesRequestProcessor {
108
109 public PortalRequestProcessor() {
110
111
112
113 _lastPaths = new HashSet<String>();
114
115 _lastPaths.add(_PATH_PORTAL_LAYOUT);
116
117 addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
118
119
120
121 _publicPaths = new HashSet<String>();
122
123 _publicPaths.add(_PATH_C);
124 _publicPaths.add(_PATH_PORTAL_API_JSONWS);
125 _publicPaths.add(_PATH_PORTAL_FLASH);
126 _publicPaths.add(_PATH_PORTAL_J_LOGIN);
127 _publicPaths.add(_PATH_PORTAL_LAYOUT);
128 _publicPaths.add(_PATH_PORTAL_LICENSE);
129 _publicPaths.add(_PATH_PORTAL_LOGIN);
130 _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
131 _publicPaths.add(_PATH_PORTAL_TCK);
132 _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
133 _publicPaths.add(_PATH_PORTAL_VERIFY_EMAIL_ADDRESS);
134 _publicPaths.add(PropsValues.AUTH_LOGIN_DISABLED_PATH);
135
136 _trackerIgnorePaths = new HashSet<String>();
137
138 addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
139 }
140
141 @Override
142 public void process(
143 HttpServletRequest request, HttpServletResponse response)
144 throws IOException, ServletException {
145
146 HttpSession session = request.getSession();
147
148 Boolean basicAuthEnabled = (Boolean)session.getAttribute(
149 WebKeys.BASIC_AUTH_ENABLED);
150
151 session.removeAttribute(WebKeys.BASIC_AUTH_ENABLED);
152
153 String path = super.processPath(request, response);
154
155 ActionMapping actionMapping =
156 (ActionMapping)moduleConfig.findActionConfig(path);
157
158 Action action = StrutsActionRegistryUtil.getAction(path);
159
160 if (((basicAuthEnabled != null) && basicAuthEnabled.booleanValue()) ||
161 ((actionMapping == null) && (action == null))) {
162
163 String lastPath = getLastPath(request);
164
165 if (_log.isDebugEnabled()) {
166 _log.debug("Last path " + lastPath);
167 }
168
169 response.sendRedirect(lastPath);
170
171 return;
172 }
173
174 super.process(request, response);
175
176 try {
177 if (isPortletPath(path)) {
178 cleanUp(request);
179 }
180 }
181 catch (Exception e) {
182 _log.error(e, e);
183 }
184 }
185
186 protected void addPaths(Set<String> paths, String propsKey) {
187 String[] pathsArray = PropsUtil.getArray(propsKey);
188
189 for (String path : pathsArray) {
190 paths.add(path);
191 }
192 }
193
194 protected void callParentDoForward(
195 String uri, HttpServletRequest request,
196 HttpServletResponse response)
197 throws IOException, ServletException {
198
199 super.doForward(uri, request, response);
200 }
201
202 protected HttpServletRequest callParentProcessMultipart(
203 HttpServletRequest request) {
204
205 return super.processMultipart(request);
206 }
207
208 protected String callParentProcessPath(
209 HttpServletRequest request, HttpServletResponse response)
210 throws IOException {
211
212 return super.processPath(request, response);
213 }
214
215 protected boolean callParentProcessRoles(
216 HttpServletRequest request, HttpServletResponse response,
217 ActionMapping actionMapping)
218 throws IOException, ServletException {
219
220 return super.processRoles(request, response, actionMapping);
221 }
222
223 protected void cleanUp(HttpServletRequest request) throws Exception {
224
225
226
227
228 RenderRequestImpl renderRequestImpl =
229 (RenderRequestImpl)request.getAttribute(
230 JavaConstants.JAVAX_PORTLET_REQUEST);
231
232 if (renderRequestImpl != null) {
233 renderRequestImpl.cleanUp();
234 }
235 }
236
237 protected void defineObjects(
238 HttpServletRequest request, HttpServletResponse response,
239 Portlet portlet)
240 throws Exception {
241
242 String portletId = portlet.getPortletId();
243
244 ServletContext servletContext = (ServletContext)request.getAttribute(
245 WebKeys.CTX);
246
247 InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
248 portlet, servletContext);
249
250 PortletPreferencesIds portletPreferencesIds =
251 PortletPreferencesFactoryUtil.getPortletPreferencesIds(
252 request, portletId);
253
254 PortletPreferences portletPreferences =
255 PortletPreferencesLocalServiceUtil.getPreferences(
256 portletPreferencesIds);
257
258 PortletConfig portletConfig = PortletConfigFactoryUtil.create(
259 portlet, servletContext);
260 PortletContext portletContext = portletConfig.getPortletContext();
261
262 RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
263 request, portlet, invokerPortlet, portletContext,
264 WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
265
266 RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
267 renderRequestImpl, response, portletId, portlet.getCompanyId());
268
269 renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
270
271 request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
272 }
273
274 @Override
275 protected void doForward(
276 String uri, HttpServletRequest request,
277 HttpServletResponse response)
278 throws ServletException {
279
280 StrutsUtil.forward(uri, getServletContext(), request, response);
281 }
282
283 @Override
284 protected void doInclude(
285 String uri, HttpServletRequest request,
286 HttpServletResponse response)
287 throws ServletException {
288
289 StrutsUtil.include(uri, getServletContext(), request, response);
290 }
291
292 protected String getFriendlyTrackerPath(
293 String path, ThemeDisplay themeDisplay, HttpServletRequest request)
294 throws Exception {
295
296 if (!path.equals(_PATH_PORTAL_LAYOUT)) {
297 return null;
298 }
299
300 long plid = ParamUtil.getLong(request, "p_l_id");
301
302 if (plid == 0) {
303 return null;
304 }
305
306 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
307
308 String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
309 layout, themeDisplay);
310
311 String portletId = ParamUtil.getString(request, "p_p_id");
312
313 if (Validator.isNull(portletId)) {
314 return layoutFriendlyURL;
315 }
316
317 long companyId = PortalUtil.getCompanyId(request);
318
319 Portlet portlet = PortletLocalServiceUtil.getPortletById(
320 companyId, portletId);
321
322 if (portlet == null) {
323 String strutsPath = path.substring(
324 1, path.lastIndexOf(CharPool.SLASH));
325
326 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
327 companyId, strutsPath);
328 }
329
330 if ((portlet == null) || !portlet.isActive()) {
331 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
332 request.getQueryString());
333 }
334
335 String namespace = PortalUtil.getPortletNamespace(portletId);
336
337 FriendlyURLMapper friendlyURLMapper =
338 portlet.getFriendlyURLMapperInstance();
339
340 if (friendlyURLMapper == null) {
341 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
342 request.getQueryString());
343 }
344
345 PortletURLImpl portletURL = new PortletURLImpl(
346 request, portletId, plid, PortletRequest.RENDER_PHASE);
347
348 Iterator<Map.Entry<String, String[]>> itr =
349 request.getParameterMap().entrySet().iterator();
350
351 while (itr.hasNext()) {
352 Entry<String, String[]> entry = itr.next();
353
354 String key = entry.getKey();
355
356 if (key.startsWith(namespace)) {
357 key = key.substring(namespace.length());
358
359 portletURL.setParameter(key, entry.getValue());
360 }
361 }
362
363 String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
364
365 if (portletFriendlyURL != null) {
366 return layoutFriendlyURL.concat(portletFriendlyURL);
367 }
368 else {
369 return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
370 request.getQueryString());
371 }
372 }
373
374 protected String getLastPath(HttpServletRequest request) {
375 HttpSession session = request.getSession();
376
377 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
378 WebKeys.THEME_DISPLAY);
379
380 Boolean httpsInitial = (Boolean)session.getAttribute(
381 WebKeys.HTTPS_INITIAL);
382
383 String portalURL = null;
384
385 if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
386 (!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&
387 (httpsInitial != null) && (!httpsInitial.booleanValue())) {
388
389 portalURL = PortalUtil.getPortalURL(request, false);
390 }
391 else {
392 portalURL = PortalUtil.getPortalURL(request);
393 }
394
395 StringBundler sb = new StringBundler();
396
397 sb.append(portalURL);
398 sb.append(themeDisplay.getPathMain());
399 sb.append(_PATH_PORTAL_LAYOUT);
400
401 if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
402 if (request.getRemoteUser() != null) {
403
404
405
406
407
408 sb.append(StringPool.QUESTION);
409 sb.append("p_l_id");
410 sb.append(StringPool.EQUAL);
411 sb.append(LayoutConstants.DEFAULT_PLID);
412 }
413
414 return sb.toString();
415 }
416
417 LastPath lastPath = (LastPath)request.getAttribute(WebKeys.LAST_PATH);
418
419 if (lastPath == null) {
420 lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
421 }
422
423 if (lastPath == null) {
424 return sb.toString();
425 }
426
427 Map<String, String[]> parameterMap = lastPath.getParameterMap();
428
429
430
431
432 if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
433 ActionMapping actionMapping =
434 (ActionMapping)moduleConfig.findActionConfig(
435 lastPath.getPath());
436
437 if ((actionMapping == null) || (parameterMap == null)) {
438 return sb.toString();
439 }
440 }
441
442 StringBundler lastPathSB = new StringBundler(4);
443
444 lastPathSB.append(portalURL);
445 lastPathSB.append(lastPath.getContextPath());
446 lastPathSB.append(lastPath.getPath());
447 lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
448
449 return lastPathSB.toString();
450 }
451
452 protected boolean isPortletPath(String path) {
453 if ((path != null) &&
454 (!path.equals(_PATH_C)) &&
455 (!path.startsWith(_PATH_COMMON)) &&
456 (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
457 (!path.startsWith(_PATH_PORTAL))) {
458
459 return true;
460 }
461 else {
462 return false;
463 }
464 }
465
466 protected boolean isPublicPath(String path) {
467 if ((path != null) &&
468 (_publicPaths.contains(path) || path.startsWith(_PATH_COMMON) ||
469 AuthPublicPathRegistry.contains(path))) {
470
471 return true;
472 }
473 else {
474 return false;
475 }
476 }
477
478 @Override
479 protected Action processActionCreate(
480 HttpServletRequest request, HttpServletResponse response,
481 ActionMapping actionMapping)
482 throws IOException {
483
484 ActionAdapter actionAdapter =
485 (ActionAdapter)StrutsActionRegistryUtil.getAction(
486 actionMapping.getPath());
487
488 if (actionAdapter != null) {
489 ActionConfig actionConfig = moduleConfig.findActionConfig(
490 actionMapping.getPath());
491
492 if (actionConfig != null) {
493 Action originalAction = super.processActionCreate(
494 request, response, actionMapping);
495
496 actionAdapter.setOriginalAction(originalAction);
497 }
498
499 return actionAdapter;
500 }
501
502 return super.processActionCreate(request, response, actionMapping);
503 }
504
505 @Override
506 protected ActionMapping processMapping(
507 HttpServletRequest request, HttpServletResponse response,
508 String path)
509 throws IOException {
510
511 if (path == null) {
512 return null;
513 }
514
515 Action action = StrutsActionRegistryUtil.getAction(path);
516
517 if (action != null) {
518 ActionMapping actionMapping =
519 (ActionMapping)moduleConfig.findActionConfig(path);
520
521 if (actionMapping == null) {
522 actionMapping = new ActionMapping();
523
524 actionMapping.setModuleConfig(moduleConfig);
525 actionMapping.setPath(path);
526
527 request.setAttribute(Globals.MAPPING_KEY, actionMapping);
528 }
529
530 return actionMapping;
531 }
532
533 ActionMapping actionMapping = super.processMapping(
534 request, response, path);
535
536 if (actionMapping == null) {
537 MessageResources messageResources = getInternal();
538
539 String msg = messageResources.getMessage("processInvalid");
540
541 _log.error("User ID " + request.getRemoteUser());
542 _log.error("Current URL " + PortalUtil.getCurrentURL(request));
543 _log.error("Referer " + request.getHeader("Referer"));
544 _log.error("Remote address " + request.getRemoteAddr());
545
546 _log.error(msg + " " + path);
547 }
548
549 return actionMapping;
550 }
551
552 @Override
553 protected HttpServletRequest processMultipart(HttpServletRequest request) {
554
555
556
557 return request;
558 }
559
560 @Override
561 protected String processPath(
562 HttpServletRequest request, HttpServletResponse response)
563 throws IOException {
564
565 String path = GetterUtil.getString(
566 super.processPath(request, response));
567
568 HttpSession session = request.getSession();
569
570 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
571 WebKeys.THEME_DISPLAY);
572
573
574
575 UserTracker userTracker = LiveUsers.getUserTracker(
576 themeDisplay.getCompanyId(), session.getId());
577
578 if ((userTracker != null) && (!path.equals(_PATH_C)) &&
579 (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
580 (path.indexOf(_PATH_PORTAL_PROTECTED) == -1) &&
581 (!_trackerIgnorePaths.contains(path))) {
582
583 String fullPath = null;
584
585 try {
586 if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
587 fullPath = getFriendlyTrackerPath(
588 path, themeDisplay, request);
589 }
590 }
591 catch (Exception e) {
592 _log.error(e, e);
593 }
594
595 String fullPathWithoutQueryString = fullPath;
596
597 if (Validator.isNull(fullPath)) {
598 String queryString = request.getQueryString();
599
600 fullPathWithoutQueryString = path;
601
602 if (Validator.isNotNull(queryString)) {
603 fullPath = path.concat(StringPool.QUESTION).concat(
604 queryString);
605 }
606 else {
607 fullPath = path;
608 }
609 }
610
611 int pos = fullPathWithoutQueryString.indexOf(StringPool.QUESTION);
612
613 if (pos != -1) {
614 fullPathWithoutQueryString =
615 fullPathWithoutQueryString.substring(0, pos);
616 }
617
618 if (!_trackerIgnorePaths.contains(fullPathWithoutQueryString)) {
619 UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
620
621 userTrackerPath.setUserTrackerId(
622 userTracker.getUserTrackerId());
623 userTrackerPath.setPath(fullPath);
624 userTrackerPath.setPathDate(new Date());
625
626 userTracker.addPath(userTrackerPath);
627 }
628 }
629
630 String remoteUser = request.getRemoteUser();
631
632 User user = null;
633
634 try {
635 user = PortalUtil.getUser(request);
636 }
637 catch (Exception e) {
638 }
639
640
641
642 if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
643 boolean saveLastPath = ParamUtil.getBoolean(
644 request, "saveLastPath", true);
645
646 if (themeDisplay.isLifecycleResource() ||
647 themeDisplay.isStateExclusive() ||
648 themeDisplay.isStatePopUp() ||
649 !request.getMethod().equalsIgnoreCase(HttpMethods.GET)) {
650
651 saveLastPath = false;
652 }
653
654
655
656 if (saveLastPath) {
657
658
659
660
661 LastPath lastPath = (LastPath)request.getAttribute(
662 WebKeys.LAST_PATH);
663
664 if (lastPath == null) {
665 lastPath = new LastPath(
666 themeDisplay.getPathMain(), path,
667 request.getParameterMap());
668 }
669
670 session.setAttribute(WebKeys.LAST_PATH, lastPath);
671 }
672 }
673
674
675
676 if (!SetupWizardUtil.isSetupFinished()) {
677 if (!path.equals(_PATH_PORTAL_LICENSE)) {
678 return _PATH_PORTAL_SETUP_WIZARD;
679 }
680 }
681 else if (path.equals(_PATH_PORTAL_SETUP_WIZARD)) {
682 return _PATH_PORTAL_LAYOUT;
683 }
684
685
686
687 if (((remoteUser != null) || (user != null)) &&
688 (path.equals(_PATH_PORTAL_LOGOUT))) {
689
690 return path;
691 }
692
693
694
695 if (((remoteUser != null) || (user != null)) &&
696 (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
697 path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
698
699 return path;
700 }
701
702
703
704 if (((remoteUser != null) || (user != null)) &&
705 (path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE))) {
706
707 return path;
708 }
709
710
711
712 if ((remoteUser != null) && (user == null)) {
713 return _PATH_PORTAL_LOGOUT;
714 }
715
716
717
718 if ((user != null) && !user.isActive()) {
719 SessionErrors.add(request, UserActiveException.class.getName());
720
721 return _PATH_PORTAL_ERROR;
722 }
723
724 if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
725 !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
726 !ParamUtil.getBoolean(request, "wsrp") &&
727 !themeDisplay.isImpersonated()) {
728
729
730
731 if ((user != null) && !user.isAgreedToTermsOfUse()) {
732 boolean termsOfUseRequired = false;
733
734 try {
735 termsOfUseRequired = PrefsPropsUtil.getBoolean(
736 user.getCompanyId(), PropsKeys.TERMS_OF_USE_REQUIRED);
737 }
738 catch (SystemException se) {
739 termsOfUseRequired = PropsValues.TERMS_OF_USE_REQUIRED;
740 }
741
742 if (termsOfUseRequired) {
743 return _PATH_PORTAL_TERMS_OF_USE;
744 }
745 }
746
747
748
749 boolean emailAddressVerificationRequired = false;
750
751 try {
752 Company company = PortalUtil.getCompany(request);
753
754 emailAddressVerificationRequired = company.isStrangersVerify();
755 }
756 catch (Exception e) {
757 _log.error(e, e);
758 }
759
760 if ((user != null) && !user.isEmailAddressVerified() &&
761 emailAddressVerificationRequired &&
762 !path.equals(_PATH_PORTAL_UPDATE_EMAIL_ADDRESS)) {
763
764 return _PATH_PORTAL_VERIFY_EMAIL_ADDRESS;
765 }
766
767
768
769 if ((user != null) && user.isPasswordReset()) {
770 return _PATH_PORTAL_UPDATE_PASSWORD;
771 }
772
773
774
775 if ((user != null) &&
776 (Validator.isNull(user.getEmailAddress()) ||
777 (PropsValues.USERS_EMAIL_ADDRESS_REQUIRED &&
778 Validator.isNull(user.getDisplayEmailAddress())))) {
779
780 return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
781 }
782
783
784
785 if ((user != null) &&
786 (Validator.isNull(user.getReminderQueryQuestion()) ||
787 Validator.isNull(user.getReminderQueryAnswer()))) {
788
789 if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
790 return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
791 }
792 }
793 }
794
795
796
797 if (!isPublicPath(path)) {
798 if (user == null) {
799 SessionErrors.add(request, PrincipalException.class.getName());
800
801 return _PATH_PORTAL_LOGIN;
802 }
803 }
804
805 ActionMapping actionMapping =
806 (ActionMapping)moduleConfig.findActionConfig(path);
807
808 if (actionMapping == null) {
809 Action strutsAction = StrutsActionRegistryUtil.getAction(path);
810
811 if (strutsAction == null) {
812 return null;
813 }
814 }
815 else {
816 path = actionMapping.getPath();
817 }
818
819
820
821 if (isPortletPath(path)) {
822 try {
823 Portlet portlet = null;
824
825 long companyId = PortalUtil.getCompanyId(request);
826 String portletId = ParamUtil.getString(request, "p_p_id");
827
828 if (Validator.isNotNull(portletId)) {
829 portlet = PortletLocalServiceUtil.getPortletById(
830 companyId, portletId);
831 }
832
833 if (portlet == null) {
834 String strutsPath = path.substring(
835 1, path.lastIndexOf(CharPool.SLASH));
836
837 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
838 companyId, strutsPath);
839 }
840
841 if ((portlet != null) && portlet.isActive()) {
842 defineObjects(request, response, portlet);
843 }
844 }
845 catch (Exception e) {
846 request.setAttribute(PageContext.EXCEPTION, e);
847
848 path = _PATH_COMMON_ERROR;
849 }
850 }
851
852
853
854 if (SessionErrors.contains(
855 request, LayoutPermissionException.class.getName())) {
856
857 return _PATH_PORTAL_ERROR;
858 }
859
860 return path;
861 }
862
863 @Override
864 protected boolean processRoles(
865 HttpServletRequest request, HttpServletResponse response,
866 ActionMapping actionMapping)
867 throws IOException, ServletException {
868
869 String path = actionMapping.getPath();
870
871 if (isPublicPath(path)) {
872 return true;
873 }
874
875 boolean authorized = true;
876
877 User user = null;
878
879 try {
880 user = PortalUtil.getUser(request);
881 }
882 catch (Exception e) {
883 }
884
885 if ((user != null) && isPortletPath(path)) {
886 try {
887
888
889
890 if (path.equals(_PATH_PORTAL_LOGOUT)) {
891 return true;
892 }
893
894 Portlet portlet = null;
895
896 String portletId = ParamUtil.getString(request, "p_p_id");
897
898 if (Validator.isNotNull(portletId)) {
899 portlet = PortletLocalServiceUtil.getPortletById(
900 user.getCompanyId(), portletId);
901 }
902
903 String strutsPath = path.substring(
904 1, path.lastIndexOf(CharPool.SLASH));
905
906 if (portlet != null) {
907 if (!strutsPath.equals(portlet.getStrutsPath())) {
908 throw new PrincipalException();
909 }
910 }
911 else {
912 portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
913 user.getCompanyId(), strutsPath);
914 }
915
916 if ((portlet != null) && portlet.isActive()) {
917 ThemeDisplay themeDisplay =
918 (ThemeDisplay)request.getAttribute(
919 WebKeys.THEME_DISPLAY);
920
921 Layout layout = themeDisplay.getLayout();
922 PermissionChecker permissionChecker =
923 themeDisplay.getPermissionChecker();
924
925 if (!PortletPermissionUtil.contains(
926 permissionChecker, layout.getPlid(), portlet,
927 ActionKeys.VIEW)) {
928
929 throw new PrincipalException();
930 }
931 }
932 else if (portlet != null && !portlet.isActive()) {
933 SessionErrors.add(
934 request, PortletActiveException.class.getName());
935
936 authorized = false;
937 }
938 }
939 catch (Exception e) {
940 SessionErrors.add(request, PrincipalException.class.getName());
941
942 authorized = false;
943 }
944 }
945
946 if (!authorized) {
947 ForwardConfig forwardConfig = actionMapping.findForward(
948 _PATH_PORTAL_ERROR);
949
950 processForwardConfig(request, response, forwardConfig);
951
952 return false;
953 }
954 else {
955 return true;
956 }
957 }
958
959 private static final String _PATH_C = "/c";
960
961 private static final String _PATH_COMMON = "/common";
962
963 private static final String _PATH_COMMON_ERROR = "/common/error";
964
965 private static final String _PATH_J_SECURITY_CHECK = "/j_security_check";
966
967 private static final String _PATH_PORTAL = "/portal";
968
969 private static final String _PATH_PORTAL_API_JSONWS = "/portal/api/jsonws";
970
971 private static final String _PATH_PORTAL_ERROR = "/portal/error";
972
973 private static final String _PATH_PORTAL_EXPIRE_SESSION =
974 "/portal/expire_session";
975
976 private static final String _PATH_PORTAL_EXTEND_SESSION =
977 "/portal/extend_session";
978
979 private static final String _PATH_PORTAL_FLASH = "/portal/flash";
980
981 private static final String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
982
983 private static final String _PATH_PORTAL_JSON_SERVICE =
984 "/portal/json_service";
985
986 private static final String _PATH_PORTAL_LAYOUT = "/portal/layout";
987
988 private static final String _PATH_PORTAL_LICENSE = "/portal/license";
989
990 private static final String _PATH_PORTAL_LOGIN = "/portal/login";
991
992 private static final String _PATH_PORTAL_LOGOUT = "/portal/logout";
993
994 private static final String _PATH_PORTAL_PROTECTED = "/portal/protected";
995
996 private static final String _PATH_PORTAL_RENDER_PORTLET =
997 "/portal/render_portlet";
998
999 private static final String _PATH_PORTAL_SETUP_WIZARD =
1000 "/portal/setup_wizard";
1001
1002 private static final String _PATH_PORTAL_TCK = "/portal/tck";
1003
1004 private static final String _PATH_PORTAL_TERMS_OF_USE =
1005 "/portal/terms_of_use";
1006
1007 private static final String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
1008 "/portal/update_email_address";
1009
1010 private static final String _PATH_PORTAL_UPDATE_PASSWORD =
1011 "/portal/update_password";
1012
1013 private static final String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
1014 "/portal/update_reminder_query";
1015
1016 private static final String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
1017 "/portal/update_terms_of_use";
1018
1019 private static final String _PATH_PORTAL_VERIFY_EMAIL_ADDRESS =
1020 "/portal/verify_email_address";
1021
1022 private static Log _log = LogFactoryUtil.getLog(
1023 PortalRequestProcessor.class);
1024
1025 private Set<String> _lastPaths;
1026 private Set<String> _publicPaths;
1027 private Set<String> _trackerIgnorePaths;
1028
1029 }