2 * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
\r
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
\r
5 * of this software and associated documentation files (the "Software"), to deal
\r
6 * in the Software without restriction, including without limitation the rights
\r
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
\r
8 * copies of the Software, and to permit persons to whom the Software is
\r
9 * furnished to do so, subject to the following conditions:
\r
11 * The above copyright notice and this permission notice shall be included in
\r
12 * all copies or substantial portions of the Software.
\r
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
\r
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
\r
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
\r
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
\r
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
\r
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
\r
23 package com.liferay.portal.security.auth;
\r
25 import java.util.StringTokenizer;
\r
27 import javax.servlet.http.HttpServletRequest;
\r
28 import javax.servlet.http.HttpServletResponse;
\r
30 import com.liferay.portal.kernel.log.Log;
\r
31 import com.liferay.portal.kernel.log.LogFactoryUtil;
\r
32 import com.liferay.portal.kernel.util.Base64;
\r
33 import com.liferay.portal.kernel.util.StringPool;
\r
34 import com.liferay.portal.model.Company;
\r
35 import com.liferay.portal.service.UserLocalServiceUtil;
\r
36 import com.liferay.portal.util.PortalUtil;
\r
39 * <a href="BasicAuthHeaderAutoLogin.java.html"><b><i>View Source</i></b></a>
\r
42 * 1. Install Firefox. These instructions assume you have Firefox 2.0.0.1.
\r
43 * Previous version of Firefox have been tested and are known to work.
\r
47 * 2. Install the Modify Headers 0.5.4 Add-on. Tools > Add Ons. Click the get
\r
48 * extensions link at the bottom of the window. Type in "Modify Headers" in the
\r
49 * Search box. Find Modify Headers in the results page and click on it. Then
\r
50 * click the install now link.
\r
54 * 3. Configure Modify Headers to add a basic authentication header. Tools >
\r
55 * Modify Headers. In the Modify Headers window select the Add drop down. Type
\r
56 * in "Authorization" in the next box. Type in "Basic bGlmZXJheS5jb20uMTp0ZXN0"
\r
57 * in the next box. Click the Add button.
\r
61 * 4. Make sure your header modification is enabled and point your browser to
\r
62 * the Liferay portal.
\r
66 * 5. You should now be authenticated as Joe Bloggs.
\r
69 * @author Britt Courtney
\r
70 * @author Brian Wing Shun Chan
\r
73 public class BasicEntAuthHeaderAutoLogin implements AutoLogin {
\r
75 public String[] login(
\r
76 HttpServletRequest request, HttpServletResponse response)
\r
77 throws AutoLoginException {
\r
80 String[] credentials = null;
\r
82 // Get the Authorization header, if one was supplied
\r
84 String authorization = request.getHeader("Authorization");
\r
85 if (authorization == null) {
\r
89 StringTokenizer st = new StringTokenizer(authorization);
\r
91 if (!st.hasMoreTokens()) {
\r
95 String basic = st.nextToken();
\r
97 // We only handle HTTP Basic authentication
\r
98 if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
\r
102 String encodedCredentials = st.nextToken();
\r
103 if (_log.isDebugEnabled()) {
\r
104 _log.debug("Encoded credentials are " + encodedCredentials);
\r
107 String decodedCredentials = new String(
\r
108 Base64.decode(encodedCredentials));
\r
109 if (_log.isDebugEnabled()) {
\r
110 _log.debug("Decoded credentials are " + decodedCredentials);
\r
113 int pos = decodedCredentials.indexOf(StringPool.COLON);
\r
116 return credentials;
\r
119 String login = decodedCredentials.substring(0, pos);
\r
121 Company company = PortalUtil.getCompany(request);
\r
123 String authType = company.getAuthType();
\r
127 // ENT Nero --> uniquement login
\r
128 // if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
\r
129 // userId = UserLocalServiceUtil.getUserIdByEmailAddress(
\r
130 // company.getCompanyId(), login);
\r
132 // else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
\r
133 userId = UserLocalServiceUtil.getUserIdByScreenName(
\r
134 company.getCompanyId(), login);
\r
136 // else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
\r
137 // userId = GetterUtil.getLong(login);
\r
140 // return credentials;
\r
145 return credentials;
\r
148 String password = decodedCredentials.substring(pos + 1);
\r
150 LDAPAuth myAuthLDAPConnector = new LDAPAuth();
\r
152 int resultAuth = myAuthLDAPConnector.FAILURE;
\r
154 resultAuth= myAuthLDAPConnector.authenticate(
\r
155 company.getCompanyId(), StringPool.BLANK, login, 0, password);
\r
156 _log.debug("LDAP auth return: " + resultAuth);
\r
158 catch (Exception e) {
\r
159 _log.error("erreur authenticate LDAP",e);
\r
160 return credentials;
\r
162 if (resultAuth==myAuthLDAPConnector.SUCCESS) {
\r
163 credentials = new String[3];
\r
164 credentials[0] = String.valueOf(userId);
\r
165 credentials[1] = password;
\r
166 credentials[2] = Boolean.TRUE.toString();
\r
168 return credentials;
\r
170 catch (Exception e) {
\r
171 throw new AutoLoginException(e);
\r
177 private static Log _log =
\r
178 LogFactoryUtil.getLog(BasicEntAuthHeaderAutoLogin.class);
\r