1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.struts;
16  
17  import com.liferay.portal.LayoutPermissionException;
18  import com.liferay.portal.PortletActiveException;
19  import com.liferay.portal.RequiredRoleException;
20  import com.liferay.portal.UserActiveException;
21  import com.liferay.portal.kernel.exception.SystemException;
22  import com.liferay.portal.kernel.log.Log;
23  import com.liferay.portal.kernel.log.LogFactoryUtil;
24  import com.liferay.portal.kernel.portlet.FriendlyURLMapper;
25  import com.liferay.portal.kernel.servlet.HttpMethods;
26  import com.liferay.portal.kernel.servlet.SessionErrors;
27  import com.liferay.portal.kernel.struts.LastPath;
28  import com.liferay.portal.kernel.util.GetterUtil;
29  import com.liferay.portal.kernel.util.HttpUtil;
30  import com.liferay.portal.kernel.util.JavaConstants;
31  import com.liferay.portal.kernel.util.ParamUtil;
32  import com.liferay.portal.kernel.util.PropsKeys;
33  import com.liferay.portal.kernel.util.StringBundler;
34  import com.liferay.portal.kernel.util.StringPool;
35  import com.liferay.portal.kernel.util.Validator;
36  import com.liferay.portal.liveusers.LiveUsers;
37  import com.liferay.portal.model.Layout;
38  import com.liferay.portal.model.LayoutConstants;
39  import com.liferay.portal.model.Portlet;
40  import com.liferay.portal.model.PortletPreferencesIds;
41  import com.liferay.portal.model.User;
42  import com.liferay.portal.model.UserTracker;
43  import com.liferay.portal.model.UserTrackerPath;
44  import com.liferay.portal.security.auth.PrincipalException;
45  import com.liferay.portal.security.permission.ActionKeys;
46  import com.liferay.portal.security.permission.PermissionChecker;
47  import com.liferay.portal.service.LayoutLocalServiceUtil;
48  import com.liferay.portal.service.PortletLocalServiceUtil;
49  import com.liferay.portal.service.PortletPreferencesLocalServiceUtil;
50  import com.liferay.portal.service.permission.PortletPermissionUtil;
51  import com.liferay.portal.service.persistence.UserTrackerPathUtil;
52  import com.liferay.portal.theme.ThemeDisplay;
53  import com.liferay.portal.util.PortalUtil;
54  import com.liferay.portal.util.PrefsPropsUtil;
55  import com.liferay.portal.util.PropsUtil;
56  import com.liferay.portal.util.PropsValues;
57  import com.liferay.portal.util.WebKeys;
58  import com.liferay.portlet.InvokerPortlet;
59  import com.liferay.portlet.PortletConfigFactory;
60  import com.liferay.portlet.PortletInstanceFactoryUtil;
61  import com.liferay.portlet.PortletPreferencesFactoryUtil;
62  import com.liferay.portlet.PortletURLImpl;
63  import com.liferay.portlet.RenderRequestFactory;
64  import com.liferay.portlet.RenderRequestImpl;
65  import com.liferay.portlet.RenderResponseFactory;
66  import com.liferay.portlet.RenderResponseImpl;
67  
68  import java.io.IOException;
69  
70  import java.util.Date;
71  import java.util.HashSet;
72  import java.util.Iterator;
73  import java.util.Map.Entry;
74  import java.util.Map;
75  import java.util.Set;
76  
77  import javax.portlet.PortletConfig;
78  import javax.portlet.PortletContext;
79  import javax.portlet.PortletMode;
80  import javax.portlet.PortletPreferences;
81  import javax.portlet.PortletRequest;
82  import javax.portlet.WindowState;
83  
84  import javax.servlet.ServletContext;
85  import javax.servlet.ServletException;
86  import javax.servlet.http.HttpServletRequest;
87  import javax.servlet.http.HttpServletResponse;
88  import javax.servlet.http.HttpSession;
89  import javax.servlet.jsp.PageContext;
90  
91  import org.apache.struts.action.ActionMapping;
92  import org.apache.struts.config.ForwardConfig;
93  import org.apache.struts.tiles.TilesRequestProcessor;
94  
95  /**
96   * <a href="PortalRequestProcessor.java.html"><b><i>View Source</i></b></a>
97   *
98   * @author Brian Wing Shun Chan
99   * @author Jorge Ferrer
100  */
101 public class PortalRequestProcessor extends TilesRequestProcessor {
102 
103     public PortalRequestProcessor() {
104 
105         // auth.forward.last.path.
106 
107         _lastPaths = new HashSet<String>();
108 
109         _lastPaths.add(_PATH_PORTAL_LAYOUT);
110 
111         addPaths(_lastPaths, PropsKeys.AUTH_FORWARD_LAST_PATHS);
112 
113         // auth.public.path.
114 
115         _publicPaths = new HashSet<String>();
116 
117         _publicPaths.add(_PATH_C);
118         _publicPaths.add(_PATH_PORTAL_FLASH);
119         _publicPaths.add(_PATH_PORTAL_J_LOGIN);
120         _publicPaths.add(_PATH_PORTAL_LAYOUT);
121         _publicPaths.add(_PATH_PORTAL_LOGIN);
122         _publicPaths.add(_PATH_PORTAL_RENDER_PORTLET);
123         _publicPaths.add(_PATH_PORTAL_TCK);
124         _publicPaths.add(_PATH_PORTAL_UPDATE_PASSWORD);
125 
126         addPaths(_publicPaths, PropsKeys.AUTH_PUBLIC_PATHS);
127 
128         _trackerIgnorePaths = new HashSet<String>();
129 
130         addPaths(_trackerIgnorePaths, PropsKeys.SESSION_TRACKER_IGNORE_PATHS);
131     }
132 
133     public void process(
134             HttpServletRequest request, HttpServletResponse response)
135         throws IOException, ServletException {
136 
137         String path = super.processPath(request, response);
138 
139         ActionMapping mapping = (ActionMapping)moduleConfig.findActionConfig(
140             path);
141 
142         if (mapping == null) {
143             String lastPath = getLastPath(request);
144 
145             if (_log.isDebugEnabled()) {
146                 _log.debug("Last path " + lastPath);
147             }
148 
149             response.sendRedirect(lastPath);
150 
151             return;
152         }
153 
154         super.process(request, response);
155 
156         try {
157             if (isPortletPath(path)) {
158                 cleanUp(request);
159             }
160         }
161         catch (Exception e) {
162             _log.error(e, e);
163         }
164     }
165 
166     protected void addPaths(Set<String> paths, String propsKey) {
167         String[] pathsArray = PropsUtil.getArray(propsKey);
168 
169         for (String path : pathsArray) {
170             paths.add(path);
171         }
172     }
173 
174     protected void callParentDoForward(
175             String uri, HttpServletRequest request,
176             HttpServletResponse response)
177         throws IOException, ServletException {
178 
179         super.doForward(uri, request, response);
180     }
181 
182     protected HttpServletRequest callParentProcessMultipart(
183         HttpServletRequest request) {
184 
185         return super.processMultipart(request);
186     }
187 
188     protected String callParentProcessPath(
189             HttpServletRequest request, HttpServletResponse response)
190         throws IOException {
191 
192         return super.processPath(request, response);
193     }
194 
195     protected boolean callParentProcessRoles(
196             HttpServletRequest request, HttpServletResponse response,
197             ActionMapping mapping)
198         throws IOException, ServletException {
199 
200         return super.processRoles(request, response, mapping);
201     }
202 
203     protected void cleanUp(HttpServletRequest request) throws Exception {
204 
205         // Clean up portlet objects that may have been created by defineObjects
206         // for portlets that are called directly from a Struts path
207 
208         RenderRequestImpl renderRequestImpl =
209             (RenderRequestImpl)request.getAttribute(
210                 JavaConstants.JAVAX_PORTLET_REQUEST);
211 
212         if (renderRequestImpl != null) {
213             renderRequestImpl.cleanUp();
214         }
215     }
216 
217     protected void defineObjects(
218             HttpServletRequest request, HttpServletResponse response,
219             Portlet portlet)
220         throws Exception {
221 
222         String portletId = portlet.getPortletId();
223 
224         ServletContext servletContext = (ServletContext)request.getAttribute(
225             WebKeys.CTX);
226 
227         InvokerPortlet invokerPortlet = PortletInstanceFactoryUtil.create(
228             portlet, servletContext);
229 
230         PortletPreferencesIds portletPreferencesIds =
231             PortletPreferencesFactoryUtil.getPortletPreferencesIds(
232                 request, portletId);
233 
234         PortletPreferences portletPreferences =
235             PortletPreferencesLocalServiceUtil.getPreferences(
236                 portletPreferencesIds);
237 
238         PortletConfig portletConfig = PortletConfigFactory.create(
239             portlet, servletContext);
240         PortletContext portletContext = portletConfig.getPortletContext();
241 
242         RenderRequestImpl renderRequestImpl = RenderRequestFactory.create(
243             request, portlet, invokerPortlet, portletContext,
244             WindowState.MAXIMIZED, PortletMode.VIEW, portletPreferences);
245 
246         RenderResponseImpl renderResponseImpl = RenderResponseFactory.create(
247             renderRequestImpl, response, portletId, portlet.getCompanyId());
248 
249         renderRequestImpl.defineObjects(portletConfig, renderResponseImpl);
250 
251         request.setAttribute(WebKeys.PORTLET_STRUTS_EXECUTE, Boolean.TRUE);
252     }
253 
254     protected void doForward(
255             String uri, HttpServletRequest request,
256             HttpServletResponse response)
257         throws ServletException {
258 
259         StrutsUtil.forward(uri, getServletContext(), request, response);
260     }
261 
262     protected void doInclude(
263             String uri, HttpServletRequest request,
264             HttpServletResponse response)
265         throws ServletException {
266 
267         StrutsUtil.include(uri, getServletContext(), request, response);
268     }
269 
270     protected String getFriendlyTrackerPath(
271             String path, ThemeDisplay themeDisplay, HttpServletRequest request)
272         throws Exception {
273 
274         if (!path.equals(_PATH_PORTAL_LAYOUT)) {
275             return null;
276         }
277 
278         long plid = ParamUtil.getLong(request, "p_l_id");
279 
280         if (plid == 0) {
281             return null;
282         }
283 
284         Layout layout = LayoutLocalServiceUtil.getLayout(plid);
285 
286         String layoutFriendlyURL = PortalUtil.getLayoutFriendlyURL(
287             layout, themeDisplay);
288 
289         String portletId = ParamUtil.getString(request, "p_p_id");
290 
291         if (Validator.isNull(portletId)) {
292             return layoutFriendlyURL;
293         }
294 
295         long companyId = PortalUtil.getCompanyId(request);
296 
297         Portlet portlet = PortletLocalServiceUtil.getPortletById(
298             companyId, portletId);
299 
300         if (portlet == null) {
301             String strutsPath = path.substring(
302                 1, path.lastIndexOf(StringPool.SLASH));
303 
304             portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
305                 companyId, strutsPath);
306         }
307 
308         if ((portlet == null) || !portlet.isActive()) {
309             return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
310                 request.getQueryString());
311         }
312 
313         String namespace = PortalUtil.getPortletNamespace(portletId);
314 
315         FriendlyURLMapper friendlyURLMapper =
316             portlet.getFriendlyURLMapperInstance();
317 
318         if (friendlyURLMapper == null) {
319             return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
320                 request.getQueryString());
321         }
322 
323         PortletURLImpl portletURL = new PortletURLImpl(
324             request, portletId, plid, PortletRequest.RENDER_PHASE);
325 
326         Iterator<Map.Entry<String, String[]>> itr =
327             request.getParameterMap().entrySet().iterator();
328 
329         while (itr.hasNext()) {
330             Entry<String, String[]> entry = itr.next();
331 
332             String key = entry.getKey();
333 
334             if (key.startsWith(namespace)) {
335                 key = key.substring(namespace.length());
336 
337                 portletURL.setParameter(key, entry.getValue());
338             }
339         }
340 
341         String portletFriendlyURL = friendlyURLMapper.buildPath(portletURL);
342 
343         if (portletFriendlyURL != null) {
344             return layoutFriendlyURL.concat(portletFriendlyURL);
345         }
346         else {
347             return layoutFriendlyURL.concat(StringPool.QUESTION).concat(
348                 request.getQueryString());
349         }
350     }
351 
352     protected String getLastPath(HttpServletRequest request) {
353         HttpSession session = request.getSession();
354 
355         ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
356             WebKeys.THEME_DISPLAY);
357 
358         Boolean httpsInitial = (Boolean)session.getAttribute(
359             WebKeys.HTTPS_INITIAL);
360 
361         String portalURL = null;
362 
363         if ((PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS) &&
364             (!PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) &&
365             (httpsInitial != null) && (!httpsInitial.booleanValue())) {
366 
367             portalURL = PortalUtil.getPortalURL(request, false);
368         }
369         else {
370             portalURL = PortalUtil.getPortalURL(request);
371         }
372 
373         StringBundler sb = new StringBundler();
374 
375         sb.append(portalURL);
376         sb.append(themeDisplay.getPathMain());
377         sb.append(_PATH_PORTAL_LAYOUT);
378 
379         if (!PropsValues.AUTH_FORWARD_BY_LAST_PATH) {
380             if (request.getRemoteUser() != null) {
381 
382                 // If we do not forward by last path and the user is logged in,
383                 // forward to the user's default layout to prevent a lagging
384                 // loop
385 
386                 sb.append(StringPool.QUESTION);
387                 sb.append("p_l_id");
388                 sb.append(StringPool.EQUAL);
389                 sb.append(LayoutConstants.DEFAULT_PLID);
390             }
391 
392             return sb.toString();
393         }
394 
395         LastPath lastPath = (LastPath)session.getAttribute(WebKeys.LAST_PATH);
396 
397         if (lastPath == null) {
398             return sb.toString();
399         }
400 
401         Map<String, String[]> parameterMap = lastPath.getParameterMap();
402 
403         // Only test for existing mappings for last paths that were set when the
404         // user accessed a layout directly instead of through its friendly URL
405 
406         if (lastPath.getContextPath().equals(themeDisplay.getPathMain())) {
407             ActionMapping mapping =
408                 (ActionMapping)moduleConfig.findActionConfig(
409                     lastPath.getPath());
410 
411             if ((mapping == null) || (parameterMap == null)) {
412                 return sb.toString();
413             }
414         }
415 
416         StringBundler lastPathSB = new StringBundler(4);
417 
418         lastPathSB.append(portalURL);
419         lastPathSB.append(lastPath.getContextPath());
420         lastPathSB.append(lastPath.getPath());
421         lastPathSB.append(HttpUtil.parameterMapToString(parameterMap));
422 
423         return lastPathSB.toString();
424     }
425 
426     protected boolean isPortletPath(String path) {
427         if ((path != null) &&
428             (!path.equals(_PATH_C)) &&
429             (!path.startsWith(_PATH_COMMON)) &&
430             (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
431             (!path.startsWith(_PATH_PORTAL))) {
432 
433             return true;
434         }
435         else {
436             return false;
437         }
438     }
439 
440     protected boolean isPublicPath(String path) {
441         if ((path != null) &&
442             (_publicPaths.contains(path)) ||
443             (path.startsWith(_PATH_COMMON))) {
444 
445             return true;
446         }
447         else {
448             return false;
449         }
450     }
451 
452     protected ActionMapping processMapping(
453             HttpServletRequest request, HttpServletResponse response,
454             String path)
455         throws IOException {
456 
457         if (path == null) {
458             return null;
459         }
460 
461         ActionMapping mapping = super.processMapping(request, response, path);
462 
463         if (mapping == null) {
464             String msg = getInternal().getMessage("processInvalid");
465 
466             _log.error("User ID " + request.getRemoteUser());
467             _log.error("Current URL " + PortalUtil.getCurrentURL(request));
468             _log.error("Referer " + request.getHeader("Referer"));
469             _log.error("Remote address " + request.getRemoteAddr());
470 
471             _log.error(msg + " " + path);
472         }
473 
474         return mapping;
475     }
476 
477     protected HttpServletRequest processMultipart(HttpServletRequest request) {
478 
479         // Disable Struts from automatically wrapping a multipart request
480 
481         return request;
482     }
483 
484     protected String processPath(
485             HttpServletRequest request, HttpServletResponse response)
486         throws IOException {
487 
488         String path = GetterUtil.getString(
489             super.processPath(request, response));
490 
491         HttpSession session = request.getSession();
492 
493         ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
494             WebKeys.THEME_DISPLAY);
495 
496         // Current users
497 
498         UserTracker userTracker = LiveUsers.getUserTracker(
499             themeDisplay.getCompanyId(), session.getId());
500 
501         if ((userTracker != null) && (!path.equals(_PATH_C)) &&
502             (path.indexOf(_PATH_J_SECURITY_CHECK) == -1) &&
503             (path.indexOf(_PATH_PORTAL_PROTECTED) == -1) &&
504             (!_trackerIgnorePaths.contains(path))) {
505 
506             String fullPath = path;
507 
508             try {
509                 if (PropsValues.SESSION_TRACKER_FRIENDLY_PATHS_ENABLED) {
510                     fullPath = getFriendlyTrackerPath(
511                         path, themeDisplay, request);
512                 }
513             }
514             catch (Exception e) {
515                 _log.error(e, e);
516             }
517 
518             if (fullPath == null) {
519                 fullPath = path.concat(StringPool.QUESTION).concat(
520                     request.getQueryString());
521             }
522 
523             UserTrackerPath userTrackerPath = UserTrackerPathUtil.create(0);
524 
525             userTrackerPath.setUserTrackerId(userTracker.getUserTrackerId());
526             userTrackerPath.setPath(fullPath);
527             userTrackerPath.setPathDate(new Date());
528 
529             userTracker.addPath(userTrackerPath);
530         }
531 
532         String remoteUser = request.getRemoteUser();
533 
534         User user = null;
535 
536         try {
537             user = PortalUtil.getUser(request);
538         }
539         catch (Exception e) {
540         }
541 
542         // Last path
543 
544         if (_lastPaths.contains(path) && !_trackerIgnorePaths.contains(path)) {
545             boolean saveLastPath = ParamUtil.getBoolean(
546                 request, "saveLastPath", true);
547 
548             if (themeDisplay.isLifecycleResource() ||
549                 themeDisplay.isStateExclusive() ||
550                 themeDisplay.isStatePopUp() ||
551                 !request.getMethod().equalsIgnoreCase(HttpMethods.GET)) {
552 
553                 saveLastPath = false;
554             }
555 
556             // Save last path
557 
558             if (saveLastPath) {
559 
560                 // Was a last path set by another servlet that dispatched to
561                 // the MainServlet? If so, use that last path instead.
562 
563                 LastPath lastPath = (LastPath)request.getAttribute(
564                     WebKeys.LAST_PATH);
565 
566                 if (lastPath == null) {
567                     lastPath = new LastPath(
568                         themeDisplay.getPathMain(), path,
569                         request.getParameterMap());
570                 }
571 
572                 session.setAttribute(WebKeys.LAST_PATH, lastPath);
573             }
574         }
575 
576         // Authenticated users can always log out
577 
578         if (((remoteUser != null) || (user != null)) &&
579             (path.equals(_PATH_PORTAL_LOGOUT))) {
580 
581             return path;
582         }
583 
584         // Authenticated users can always extend or confirm their session
585 
586         if (((remoteUser != null) || (user != null)) &&
587             (path.equals(_PATH_PORTAL_EXPIRE_SESSION) ||
588              path.equals(_PATH_PORTAL_EXTEND_SESSION))) {
589 
590             return path;
591         }
592 
593         // Authenticated users can always agree to terms of use
594 
595         if (((remoteUser != null) || (user != null)) &&
596             (path.equals(_PATH_PORTAL_UPDATE_TERMS_OF_USE))) {
597 
598             return path;
599         }
600 
601         // Authenticated users must still exist in the system
602 
603         if ((remoteUser != null) && (user == null)) {
604             return _PATH_PORTAL_LOGOUT;
605         }
606 
607         // Authenticated users must be active
608 
609         if ((user != null) && !user.isActive()) {
610             SessionErrors.add(request, UserActiveException.class.getName());
611 
612             return _PATH_PORTAL_ERROR;
613         }
614 
615         if (!path.equals(_PATH_PORTAL_JSON_SERVICE) &&
616             !path.equals(_PATH_PORTAL_RENDER_PORTLET) &&
617             !ParamUtil.getBoolean(request, "wsrp")) {
618 
619             // Authenticated users should agree to Terms of Use
620 
621             if ((user != null) && !user.isAgreedToTermsOfUse()) {
622                 boolean termsOfUseRequired = false;
623 
624                 try {
625                     termsOfUseRequired = PrefsPropsUtil.getBoolean(
626                         user.getCompanyId(), PropsKeys.TERMS_OF_USE_REQUIRED);
627                 }
628                 catch (SystemException se) {
629                     termsOfUseRequired = PropsValues.TERMS_OF_USE_REQUIRED;
630                 }
631 
632                 if (termsOfUseRequired) {
633                     return _PATH_PORTAL_TERMS_OF_USE;
634                 }
635             }
636 
637             // Authenticated users must have a current password
638 
639             if ((user != null) && user.isPasswordReset()) {
640                 return _PATH_PORTAL_UPDATE_PASSWORD;
641             }
642 
643             // Authenticated users must have an email address
644 
645             if ((user != null) &&
646                 Validator.isNull(user.getDisplayEmailAddress())) {
647 
648                 return _PATH_PORTAL_UPDATE_EMAIL_ADDRESS;
649             }
650 
651             // Authenticated users should have a reminder query
652 
653             if ((user != null) &&
654                 (Validator.isNull(user.getReminderQueryQuestion()) ||
655                  Validator.isNull(user.getReminderQueryAnswer()))) {
656 
657                 if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
658                     return _PATH_PORTAL_UPDATE_REMINDER_QUERY;
659                 }
660             }
661         }
662 
663         // Users must sign in
664 
665         if (!isPublicPath(path)) {
666             if (user == null) {
667                 SessionErrors.add(request, PrincipalException.class.getName());
668 
669                 return _PATH_PORTAL_LOGIN;
670             }
671         }
672 
673         ActionMapping mapping =
674             (ActionMapping)moduleConfig.findActionConfig(path);
675 
676         path = mapping.getPath();
677 
678         // Authenticated users must have at least one role
679 
680         if (user != null) {
681             try {
682 
683                 // FIX ME
684 
685                 if (false) {
686                     SessionErrors.add(
687                         request, RequiredRoleException.class.getName());
688 
689                     return _PATH_PORTAL_ERROR;
690                 }
691             }
692             catch (Exception e) {
693                 e.printStackTrace();
694             }
695         }
696 
697         // Define the portlet objects
698 
699         if (isPortletPath(path)) {
700             try {
701                 Portlet portlet = null;
702 
703                 long companyId = PortalUtil.getCompanyId(request);
704                 String portletId = ParamUtil.getString(request, "p_p_id");
705 
706                 if (Validator.isNotNull(portletId)) {
707                     portlet = PortletLocalServiceUtil.getPortletById(
708                         companyId, portletId);
709                 }
710 
711                 if (portlet == null) {
712                     String strutsPath = path.substring(
713                         1, path.lastIndexOf(StringPool.SLASH));
714 
715                     portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
716                         companyId, strutsPath);
717                 }
718 
719                 if ((portlet != null) && portlet.isActive()) {
720                     defineObjects(request, response, portlet);
721                 }
722             }
723             catch (Exception e) {
724                 request.setAttribute(PageContext.EXCEPTION, e);
725 
726                 path = _PATH_COMMON_ERROR;
727             }
728         }
729 
730         // Authenticated users must have access to at least one layout
731 
732         if (SessionErrors.contains(
733                 request, LayoutPermissionException.class.getName())) {
734 
735             return _PATH_PORTAL_ERROR;
736         }
737 
738         return path;
739     }
740 
741     protected boolean processRoles(
742             HttpServletRequest request, HttpServletResponse response,
743             ActionMapping mapping)
744         throws IOException, ServletException {
745 
746         String path = mapping.getPath();
747 
748         if (isPublicPath(path)) {
749             return true;
750         }
751 
752         boolean authorized = true;
753 
754         User user = null;
755 
756         try {
757             user = PortalUtil.getUser(request);
758         }
759         catch (Exception e) {
760         }
761 
762         if ((user != null) && isPortletPath(path)) {
763             try {
764 
765                 // Authenticated users can always log out
766 
767                 if (path.equals(_PATH_PORTAL_LOGOUT)) {
768                     return true;
769                 }
770 
771                 Portlet portlet = null;
772 
773                 String portletId = ParamUtil.getString(request, "p_p_id");
774 
775                 if (Validator.isNotNull(portletId)) {
776                     portlet = PortletLocalServiceUtil.getPortletById(
777                         user.getCompanyId(), portletId);
778                 }
779 
780                 String strutsPath = path.substring(
781                     1, path.lastIndexOf(StringPool.SLASH));
782 
783                 if (portlet != null) {
784                     if (!strutsPath.equals(portlet.getStrutsPath())) {
785                         throw new PrincipalException();
786                     }
787                 }
788                 else {
789                     portlet = PortletLocalServiceUtil.getPortletByStrutsPath(
790                         user.getCompanyId(), strutsPath);
791                 }
792 
793                 if ((portlet != null) && portlet.isActive()) {
794                     ThemeDisplay themeDisplay =
795                         (ThemeDisplay)request.getAttribute(
796                             WebKeys.THEME_DISPLAY);
797 
798                     Layout layout = themeDisplay.getLayout();
799                     PermissionChecker permissionChecker =
800                         themeDisplay.getPermissionChecker();
801 
802                     if (!PortletPermissionUtil.contains(
803                             permissionChecker, layout.getPlid(), portlet,
804                             ActionKeys.VIEW)) {
805 
806                         throw new PrincipalException();
807                     }
808                 }
809                 else if (portlet != null && !portlet.isActive()) {
810                     SessionErrors.add(
811                         request, PortletActiveException.class.getName());
812 
813                     authorized = false;
814                 }
815             }
816             catch (Exception e) {
817                 SessionErrors.add(request, PrincipalException.class.getName());
818 
819                 authorized = false;
820             }
821         }
822 
823         if (!authorized) {
824             ForwardConfig forwardConfig =
825                 mapping.findForward(_PATH_PORTAL_ERROR);
826 
827             processForwardConfig(request, response, forwardConfig);
828 
829             return false;
830         }
831         else {
832             return true;
833         }
834     }
835 
836     private static String _PATH_C = "/c";
837 
838     private static String _PATH_COMMON = "/common";
839 
840     private static String _PATH_COMMON_ERROR = "/common/error";
841 
842     private static String _PATH_J_SECURITY_CHECK = "/j_security_check";
843 
844     private static String _PATH_PORTAL = "/portal";
845 
846     private static String _PATH_PORTAL_ERROR = "/portal/error";
847 
848     private static String _PATH_PORTAL_EXPIRE_SESSION =
849         "/portal/expire_session";
850 
851     private static String _PATH_PORTAL_EXTEND_SESSION =
852         "/portal/extend_session";
853 
854     private static String _PATH_PORTAL_FLASH = "/portal/flash";
855 
856     private static String _PATH_PORTAL_J_LOGIN = "/portal/j_login";
857 
858     private static String _PATH_PORTAL_JSON_SERVICE = "/portal/json_service";
859 
860     private static String _PATH_PORTAL_LAYOUT = "/portal/layout";
861 
862     private static String _PATH_PORTAL_LOGIN = "/portal/login";
863 
864     private static String _PATH_PORTAL_LOGOUT = "/portal/logout";
865 
866     private static String _PATH_PORTAL_PROTECTED = "/portal/protected";
867 
868     private static String _PATH_PORTAL_RENDER_PORTLET =
869         "/portal/render_portlet";
870 
871     private static String _PATH_PORTAL_TCK = "/portal/tck";
872 
873     private static String _PATH_PORTAL_TERMS_OF_USE = "/portal/terms_of_use";
874 
875     private static String _PATH_PORTAL_UPDATE_EMAIL_ADDRESS =
876         "/portal/update_email_address";
877 
878     private static String _PATH_PORTAL_UPDATE_PASSWORD =
879         "/portal/update_password";
880 
881     private static String _PATH_PORTAL_UPDATE_REMINDER_QUERY =
882         "/portal/update_reminder_query";
883 
884     private static String _PATH_PORTAL_UPDATE_TERMS_OF_USE =
885         "/portal/update_terms_of_use";
886 
887     private static Log _log = LogFactoryUtil.getLog(
888         PortalRequestProcessor.class);
889 
890     private Set<String> _lastPaths;
891     private Set<String> _publicPaths;
892     private Set<String> _trackerIgnorePaths;
893 
894 }