public static String getLogin(HttpServletRequest request, String paramName, Company company)
throws SystemException {
String login = request.getParameter(paramName);
if ((login == null) || (login.equals(StringPool.NULL))) {
login = GetterUtil.getString(CookieKeys.getCookie(request, CookieKeys.LOGIN));
if (PropsValues.COMPANY_LOGIN_PREPOPULATE_DOMAIN
&& Validator.isNull(login)
&& company.getAuthType().equals(CompanyConstants.AUTH_TYPE_EA)) {
login = "******" + company.getMx();
}
}
return login;
}
@Override
public void sendRedirect(String redirect) throws IOException {
String portalURL = PortalUtil.getPortalURL(_request);
if (redirect.charAt(0) == CharPool.SLASH) {
if (Validator.isNotNull(portalURL)) {
redirect = portalURL.concat(redirect);
}
}
if (!CookieKeys.hasSessionId(_request) && redirect.startsWith(portalURL)) {
redirect = PortalUtil.getURLWithSessionId(redirect, _request.getSession().getId());
}
_request.setAttribute(AbsoluteRedirectsResponse.class.getName(), redirect);
super.sendRedirect(redirect);
}
public static void login(
HttpServletRequest request,
HttpServletResponse response,
String login,
String password,
boolean rememberMe,
String authType)
throws Exception {
CookieKeys.validateSupportCookie(request);
HttpSession session = request.getSession();
Company company = PortalUtil.getCompany(request);
long userId = getAuthenticatedUserId(request, login, password, authType);
if (!PropsValues.AUTH_SIMULTANEOUS_LOGINS) {
Map<String, UserTracker> sessionUsers = LiveUsers.getSessionUsers(company.getCompanyId());
List<UserTracker> userTrackers = new ArrayList<UserTracker>(sessionUsers.values());
for (UserTracker userTracker : userTrackers) {
if (userId == userTracker.getUserId()) {
HttpSession userTrackerSession = PortalSessionContext.get(userTracker.getSessionId());
if (userTrackerSession != null) {
userTrackerSession.invalidate();
}
}
}
}
if (PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) {
// Invalidate the previous session to prevent phishing
String[] protectedAttributeNames = PropsValues.SESSION_PHISHING_PROTECTED_ATTRIBUTES;
Map<String, Object> protectedAttributes = new HashMap<String, Object>();
for (String protectedAttributeName : protectedAttributeNames) {
Object protectedAttributeValue = session.getAttribute(protectedAttributeName);
if (protectedAttributeValue == null) {
continue;
}
protectedAttributes.put(protectedAttributeName, protectedAttributeValue);
}
try {
session.invalidate();
} catch (IllegalStateException ise) {
// This only happens in Geronimo
if (_log.isWarnEnabled()) {
_log.warn(ise.getMessage());
}
}
session = request.getSession(true);
for (String protectedAttributeName : protectedAttributeNames) {
Object protectedAttributeValue = protectedAttributes.get(protectedAttributeName);
if (protectedAttributeValue == null) {
continue;
}
session.setAttribute(protectedAttributeName, protectedAttributeValue);
}
}
// Set cookies
String domain = CookieKeys.getDomain(request);
User user = UserLocalServiceUtil.getUserById(userId);
String userIdString = String.valueOf(userId);
session.setAttribute("j_username", userIdString);
session.setAttribute("j_password", user.getPassword());
session.setAttribute("j_remoteuser", userIdString);
if (PropsValues.SESSION_STORE_PASSWORD) {
session.setAttribute(WebKeys.USER_PASSWORD, password);
}
Cookie companyIdCookie =
new Cookie(CookieKeys.COMPANY_ID, String.valueOf(company.getCompanyId()));
if (Validator.isNotNull(domain)) {
companyIdCookie.setDomain(domain);
}
companyIdCookie.setPath(StringPool.SLASH);
Cookie idCookie =
new Cookie(CookieKeys.ID, Encryptor.encrypt(company.getKeyObj(), userIdString));
if (Validator.isNotNull(domain)) {
idCookie.setDomain(domain);
}
idCookie.setPath(StringPool.SLASH);
Cookie passwordCookie =
new Cookie(CookieKeys.PASSWORD, Encryptor.encrypt(company.getKeyObj(), password));
if (Validator.isNotNull(domain)) {
passwordCookie.setDomain(domain);
}
passwordCookie.setPath(StringPool.SLASH);
Cookie rememberMeCookie = new Cookie(CookieKeys.REMEMBER_ME, Boolean.TRUE.toString());
if (Validator.isNotNull(domain)) {
rememberMeCookie.setDomain(domain);
}
rememberMeCookie.setPath(StringPool.SLASH);
int loginMaxAge = PropsValues.COMPANY_SECURITY_AUTO_LOGIN_MAX_AGE;
if (PropsValues.SESSION_DISABLED) {
rememberMe = true;
}
if (rememberMe) {
companyIdCookie.setMaxAge(loginMaxAge);
idCookie.setMaxAge(loginMaxAge);
passwordCookie.setMaxAge(loginMaxAge);
rememberMeCookie.setMaxAge(loginMaxAge);
} else {
// This was explicitly changed from 0 to -1 so that the cookie lasts
// as long as the browser. This allows an external servlet wrapped
// in AutoLoginFilter to work throughout the client connection. The
// cookies ARE removed on an actual logout, so there is no security
// issue. See LEP-4678 and LEP-5177.
companyIdCookie.setMaxAge(-1);
idCookie.setMaxAge(-1);
passwordCookie.setMaxAge(-1);
rememberMeCookie.setMaxAge(0);
}
Cookie loginCookie = new Cookie(CookieKeys.LOGIN, login);
if (Validator.isNotNull(domain)) {
loginCookie.setDomain(domain);
}
loginCookie.setMaxAge(loginMaxAge);
loginCookie.setPath(StringPool.SLASH);
Cookie screenNameCookie =
new Cookie(
CookieKeys.SCREEN_NAME, Encryptor.encrypt(company.getKeyObj(), user.getScreenName()));
if (Validator.isNotNull(domain)) {
screenNameCookie.setDomain(domain);
}
screenNameCookie.setMaxAge(loginMaxAge);
screenNameCookie.setPath(StringPool.SLASH);
boolean secure = request.isSecure();
if (secure) {
Boolean httpsInitial = (Boolean) session.getAttribute(WebKeys.HTTPS_INITIAL);
if ((httpsInitial == null) || !httpsInitial.booleanValue()) {
secure = false;
}
}
CookieKeys.addCookie(request, response, companyIdCookie, secure);
CookieKeys.addCookie(request, response, idCookie, secure);
if (rememberMe) {
CookieKeys.addCookie(request, response, passwordCookie, secure);
CookieKeys.addCookie(request, response, rememberMeCookie, secure);
CookieKeys.addCookie(request, response, loginCookie, secure);
CookieKeys.addCookie(request, response, screenNameCookie, secure);
}
}
protected String getRedirect(HttpServletRequest request) throws Exception {
if (PropsValues.LOCALE_PREPEND_FRIENDLY_URL_STYLE == 0) {
return null;
}
String contextPath = PortalUtil.getPathContext();
String requestURI = request.getRequestURI();
if ((Validator.isNotNull(contextPath)) && (requestURI.indexOf(contextPath) != -1)) {
requestURI = requestURI.substring(contextPath.length());
}
requestURI = StringUtil.replace(requestURI, StringPool.DOUBLE_SLASH, StringPool.SLASH);
String i18nLanguageId = requestURI.substring(1);
int pos = requestURI.indexOf(CharPool.SLASH, 1);
if (pos != -1) {
i18nLanguageId = i18nLanguageId.substring(0, pos - 1);
}
if (_languageIds.contains(i18nLanguageId)) {
return null;
}
String defaultLanguageId = LocaleUtil.toLanguageId(LocaleUtil.getDefault());
String guestLanguageId = CookieKeys.getCookie(request, CookieKeys.GUEST_LANGUAGE_ID, false);
if (Validator.isNull(guestLanguageId)) {
guestLanguageId = defaultLanguageId;
}
if (PropsValues.LOCALE_PREPEND_FRIENDLY_URL_STYLE == 1) {
if (!defaultLanguageId.equals(guestLanguageId)) {
i18nLanguageId = guestLanguageId;
} else {
return null;
}
} else if (PropsValues.LOCALE_PREPEND_FRIENDLY_URL_STYLE == 2) {
i18nLanguageId = guestLanguageId;
}
if (i18nLanguageId == null) {
return null;
}
String i18nPathLanguageId = i18nLanguageId;
Locale locale = LocaleUtil.fromLanguageId(i18nLanguageId);
if (!LanguageUtil.isDuplicateLanguageCode(locale.getLanguage())) {
i18nPathLanguageId = locale.getLanguage();
} else {
Locale priorityLocale = LanguageUtil.getLocale(locale.getLanguage());
if (locale.equals(priorityLocale)) {
i18nPathLanguageId = locale.getLanguage();
}
}
Locale i18nPathLocale = LocaleUtil.fromLanguageId(i18nPathLanguageId);
if (!LanguageUtil.isAvailableLocale(i18nPathLocale)) {
return null;
}
String i18nPath = StringPool.SLASH.concat(i18nPathLanguageId);
if (requestURI.contains(i18nPath.concat(StringPool.SLASH))) {
return null;
}
String redirect = contextPath + i18nPath + requestURI;
LayoutSet layoutSet = (LayoutSet) request.getAttribute(WebKeys.VIRTUAL_HOST_LAYOUT_SET);
if ((layoutSet != null)
&& (requestURI.startsWith(_PRIVATE_GROUP_SERVLET_MAPPING)
|| requestURI.startsWith(_PRIVATE_USER_SERVLET_MAPPING)
|| requestURI.startsWith(_PUBLIC_GROUP_SERVLET_MAPPING))) {
int x = requestURI.indexOf(StringPool.SLASH, 1);
if (x == -1) {
// /web
requestURI += StringPool.SLASH;
x = requestURI.indexOf(CharPool.SLASH, 1);
}
int y = requestURI.indexOf(CharPool.SLASH, x + 1);
if (y == -1) {
// /web/alpha
requestURI += StringPool.SLASH;
y = requestURI.indexOf(CharPool.SLASH, x + 1);
}
String groupFriendlyURL = requestURI.substring(x, y);
Group group = layoutSet.getGroup();
if (group.getFriendlyURL().equals(groupFriendlyURL)) {
redirect = contextPath + i18nPath + requestURI.substring(y);
}
}
String queryString = request.getQueryString();
if (Validator.isNotNull(queryString)) {
redirect += StringPool.QUESTION + request.getQueryString();
}
return redirect;
}
private String _getURL(
HttpServletRequest request, boolean resetMaxState, boolean resetRenderParameters)
throws PortalException, SystemException {
ThemeDisplay themeDisplay = (ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY);
if (resetMaxState) {
Layout layout = themeDisplay.getLayout();
LayoutTypePortlet layoutTypePortlet = null;
if (layout.equals(this)) {
layoutTypePortlet = themeDisplay.getLayoutTypePortlet();
} else {
try {
layoutTypePortlet = _getLayoutTypePortletClone(request);
} catch (IOException ioe) {
_log.error("Unable to clone layout settings", ioe);
layoutTypePortlet = (LayoutTypePortlet) getLayoutType();
}
}
if (layoutTypePortlet.hasStateMax()) {
String portletId = StringUtil.split(layoutTypePortlet.getStateMax())[0];
PortletURLImpl portletURLImpl =
new PortletURLImpl(request, portletId, getPlid(), PortletRequest.ACTION_PHASE);
try {
portletURLImpl.setWindowState(WindowState.NORMAL);
portletURLImpl.setPortletMode(PortletMode.VIEW);
} catch (PortletException pe) {
throw new SystemException(pe);
}
portletURLImpl.setAnchor(false);
if (PropsValues.LAYOUT_DEFAULT_P_L_RESET && !resetRenderParameters) {
portletURLImpl.setParameter("p_l_reset", "0");
} else if (!PropsValues.LAYOUT_DEFAULT_P_L_RESET && resetRenderParameters) {
portletURLImpl.setParameter("p_l_reset", "1");
}
return portletURLImpl.toString();
}
}
String url = PortalUtil.getLayoutURL(this, themeDisplay);
if (!CookieKeys.hasSessionId(request)) {
url = PortalUtil.getURLWithSessionId(url, request.getSession().getId());
}
if (!resetMaxState) {
return url;
}
if (PropsValues.LAYOUT_DEFAULT_P_L_RESET && !resetRenderParameters) {
url = HttpUtil.addParameter(url, "p_l_reset", 0);
} else if (!PropsValues.LAYOUT_DEFAULT_P_L_RESET && resetRenderParameters) {
url = HttpUtil.addParameter(url, "p_l_reset", 1);
}
return url;
}