2 * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
\r
4 * This library is free software; you can redistribute it and/or modify it under
\r
5 * the terms of the GNU Lesser General Public License as published by the Free
\r
6 * Software Foundation; either version 2.1 of the License, or (at your option)
\r
9 * This library is distributed in the hope that it will be useful, but WITHOUT
\r
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
\r
11 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
\r
15 package com.liferay.portal.security.auth;
\r
17 import javax.servlet.http.HttpServletRequest;
\r
18 import javax.servlet.http.HttpServletResponse;
\r
19 import javax.servlet.http.HttpSession;
\r
21 import com.liferay.portal.NoSuchUserException;
\r
22 import com.liferay.portal.kernel.exception.SystemException;
\r
23 import com.liferay.portal.kernel.log.Log;
\r
24 import com.liferay.portal.kernel.log.LogFactoryUtil;
\r
25 import com.liferay.portal.kernel.util.ParamUtil;
\r
26 import com.liferay.portal.kernel.util.PropsKeys;
\r
27 import com.liferay.portal.kernel.util.StringPool;
\r
28 import com.liferay.portal.kernel.util.Validator;
\r
29 import com.liferay.portal.model.CompanyConstants;
\r
30 import com.liferay.portal.model.User;
\r
31 import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
\r
32 import com.liferay.portal.service.UserLocalServiceUtil;
\r
33 import com.liferay.portal.util.PortalUtil;
\r
34 import com.liferay.portal.util.PrefsPropsUtil;
\r
35 import com.liferay.portal.util.PropsValues;
\r
36 import com.liferay.portal.util.WebKeys;
\r
39 * @author Brian Wing Shun Chan
\r
40 * @author Jorge Ferrer
\r
41 * @author Wesley Gong
\r
42 * @author Daeyoung Song
\r
44 public class CASAutoLogin implements AutoLogin {
\r
46 public String[] login (
\r
47 HttpServletRequest request, HttpServletResponse response) throws AutoLoginException{
\r
48 _log.debug("Launch CASAutoLogin");
\r
50 HttpSession session = request.getSession();
\r
51 String[] credentials = null;
\r
54 long companyId = PortalUtil.getCompanyId(request);
\r
56 * remove filter on Cas Login Enable which terminate the login function. Cas login always needed
\r
57 * see previoux version for more information
\r
60 String login = (String)session.getAttribute(WebKeys.CAS_LOGIN);
\r
62 if (Validator.isNull(login)) {
\r
63 Object noSuchUserException = session.getAttribute(
\r
64 WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
\r
66 if (noSuchUserException == null) {
\r
70 session.removeAttribute(WebKeys.CAS_NO_SUCH_USER_EXCEPTION);
\r
72 session.setAttribute(WebKeys.CAS_FORCE_LOGOUT, Boolean.TRUE);
\r
74 String redirect = PrefsPropsUtil.getString(
\r
75 companyId, PropsKeys.CAS_NO_SUCH_USER_REDIRECT_URL,
\r
76 PropsValues.CAS_NO_SUCH_USER_REDIRECT_URL);
\r
78 request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
\r
83 String authType = PrefsPropsUtil.getString(
\r
84 companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE,
\r
85 PropsValues.COMPANY_SECURITY_AUTH_TYPE);
\r
88 if (PrefsPropsUtil.getBoolean(
\r
89 companyId, PropsKeys.CAS_IMPORT_FROM_LDAP,
\r
90 PropsValues.CAS_IMPORT_FROM_LDAP)) {
\r
93 if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
\r
94 user = PortalLDAPImporterUtil.importLDAPUser(
\r
95 companyId, StringPool.BLANK, login);
\r
98 user = PortalLDAPImporterUtil.importLDAPUser(
\r
99 companyId, login, StringPool.BLANK);
\r
102 catch (SystemException se) {
\r
106 if (user == null) {
\r
107 if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
\r
108 user = UserLocalServiceUtil.getUserByScreenName(
\r
112 user = UserLocalServiceUtil.getUserByEmailAddress(
\r
117 String redirect = ParamUtil.getString(request, "redirect");
\r
119 if (Validator.isNotNull(redirect)) {
\r
120 request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
\r
123 credentials = new String[3];
\r
125 credentials[0] = String.valueOf(user.getUserId());
\r
126 credentials[1] = user.getPassword();
\r
127 credentials[2] = Boolean.TRUE.toString();
\r
129 return credentials;
\r
131 catch (NoSuchUserException nsue) {
\r
132 session.removeAttribute(WebKeys.CAS_LOGIN);
\r
134 session.setAttribute(
\r
135 WebKeys.CAS_NO_SUCH_USER_EXCEPTION, Boolean.TRUE);
\r
137 throw new AutoLoginException(nsue);
\r
139 catch (Exception e) {
\r
141 throw new AutoLoginException(e);
\r
146 * @deprecated Use <code>importLDAPUser</code>.
\r
148 protected User addUser(long companyId, String screenName) throws Exception {
\r
149 return PortalLDAPImporterUtil.importLDAPUser(
\r
150 companyId, StringPool.BLANK, screenName);
\r
153 private static Log _log = LogFactoryUtil.getLog(CASAutoLogin.class);
\r