1
22
23 package com.liferay.portal.servlet.filters.autologin;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.kernel.log.Log;
27 import com.liferay.portal.kernel.log.LogFactoryUtil;
28 import com.liferay.portal.kernel.servlet.BaseFilter;
29 import com.liferay.portal.kernel.util.GetterUtil;
30 import com.liferay.portal.kernel.util.InstancePool;
31 import com.liferay.portal.kernel.util.Validator;
32 import com.liferay.portal.model.User;
33 import com.liferay.portal.security.auth.AutoLogin;
34 import com.liferay.portal.security.pwd.PwdEncryptor;
35 import com.liferay.portal.service.UserLocalServiceUtil;
36 import com.liferay.portal.util.PortalUtil;
37 import com.liferay.portal.util.PropsValues;
38 import com.liferay.portal.util.WebKeys;
39 import com.liferay.util.servlet.ProtectedServletRequest;
40
41 import java.io.IOException;
42
43 import javax.servlet.FilterChain;
44 import javax.servlet.ServletException;
45 import javax.servlet.ServletRequest;
46 import javax.servlet.ServletResponse;
47 import javax.servlet.http.HttpServletRequest;
48 import javax.servlet.http.HttpServletResponse;
49 import javax.servlet.http.HttpSession;
50
51
58 public class AutoLoginFilter extends BaseFilter {
59
60 public void doFilter(
61 ServletRequest req, ServletResponse res, FilterChain chain)
62 throws IOException, ServletException {
63
64 HttpServletRequest httpReq = (HttpServletRequest)req;
65 HttpServletResponse httpRes = (HttpServletResponse)res;
66
67 HttpSession ses = httpReq.getSession();
68
69 String remoteUser = httpReq.getRemoteUser();
70 String jUserName = (String)ses.getAttribute("j_username");
71
72 if ((remoteUser == null) && (jUserName == null)) {
73 for (int i = 0; i < PropsValues.AUTO_LOGIN_HOOKS.length; i++) {
74 AutoLogin autoLogin = (AutoLogin)InstancePool.get(
75 PropsValues.AUTO_LOGIN_HOOKS[i]);
76
77 try {
78 String[] credentials = autoLogin.login(httpReq, httpRes);
79
80 String redirect = (String)req.getAttribute(
81 AutoLogin.AUTO_LOGIN_REDIRECT);
82
83 if (redirect != null) {
84 httpRes.sendRedirect(redirect);
85
86 return;
87 }
88
89 String loginRemoteUser = getLoginRemoteUser(
90 httpReq, httpRes, ses, credentials);
91
92 if (loginRemoteUser != null) {
93 req = new ProtectedServletRequest(
94 httpReq, loginRemoteUser);
95
96 if (PropsValues.PORTAL_JAAS_ENABLE) {
97 return;
98 }
99 }
100 }
101 catch (Exception e) {
102 _log.warn(e, e);
103 _log.error(e.getMessage());
104 }
105 }
106 }
107
108 doFilter(AutoLoginFilter.class, req, res, chain);
109 }
110
111 protected String getLoginRemoteUser(
112 HttpServletRequest req, HttpServletResponse res, HttpSession ses,
113 String[] credentials)
114 throws Exception {
115
116 if ((credentials != null) && (credentials.length == 3)) {
117 String jUsername = credentials[0];
118 String jPassword = credentials[1];
119 boolean encPwd = GetterUtil.getBoolean(credentials[2]);
120
121 if (Validator.isNotNull(jUsername) &&
122 Validator.isNotNull(jPassword)) {
123
124 try {
125 long userId = GetterUtil.getLong(jUsername);
126
127 if (userId > 0) {
128 User user = UserLocalServiceUtil.getUserById(userId);
129
130 if (user.isLockout()) {
131 return null;
132 }
133 }
134 else {
135 return null;
136 }
137 }
138 catch (NoSuchUserException nsue) {
139 return null;
140 }
141
142 ses.setAttribute("j_username", jUsername);
143
144
148 if (encPwd) {
149 ses.setAttribute("j_password", jPassword);
150 }
151 else {
152 ses.setAttribute(
153 "j_password", PwdEncryptor.encrypt(jPassword));
154
155 ses.setAttribute(WebKeys.USER_PASSWORD, jPassword);
156 }
157
158 if (PropsValues.PORTAL_JAAS_ENABLE) {
159 res.sendRedirect(
160 PortalUtil.getPathMain() + "/portal/touch_protected");
161 }
162
163 return jUsername;
164 }
165 }
166
167 return null;
168 }
169
170 private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
171
172 }