| SecureRequestAction.java |
1 /**
2 * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20 * SOFTWARE.
21 */
22
23 package com.liferay.portal.events;
24
25 import com.liferay.portal.kernel.events.Action;
26 import com.liferay.portal.kernel.events.ActionException;
27 import com.liferay.portal.kernel.log.Log;
28 import com.liferay.portal.kernel.log.LogFactoryUtil;
29 import com.liferay.portal.kernel.util.Http;
30 import com.liferay.portal.kernel.util.HttpUtil;
31 import com.liferay.portal.kernel.util.StringUtil;
32
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
35
36 /**
37 * <a href="SecureRequestAction.java.html"><b><i>View Source</i></b></a>
38 *
39 * <p>
40 * This action ensures that all requests are secure. Extend this and override
41 * the <code>isRequiresSecure</code> method to programmatically decide when a
42 * request requires HTTPS.
43 * </p>
44 *
45 * @author Brian Wing Shun Chan
46 */
47 public class SecureRequestAction extends Action {
48
49 public void run(HttpServletRequest request, HttpServletResponse response)
50 throws ActionException {
51
52 try {
53 if (request.isSecure()) {
54 return;
55 }
56
57 if (!isRequiresSecure(request)) {
58 return;
59 }
60
61 if (response.isCommitted()) {
62 return;
63 }
64
65 String redirect = getRedirect(request);
66
67 if (_log.isDebugEnabled()) {
68 _log.debug("Redirect " + redirect);
69 }
70
71 if (redirect != null) {
72 response.sendRedirect(redirect);
73 }
74 }
75 catch (Exception e) {
76 throw new ActionException(e);
77 }
78 }
79
80 protected String getRedirect(HttpServletRequest request) {
81 String unsecureCompleteURL = HttpUtil.getCompleteURL(request);
82
83 if (_log.isDebugEnabled()) {
84 _log.debug("Unsecure URL " + unsecureCompleteURL);
85 }
86
87 String secureCompleteURL = StringUtil.replaceFirst(
88 unsecureCompleteURL, Http.HTTP_WITH_SLASH, Http.HTTPS_WITH_SLASH);
89
90 if (_log.isDebugEnabled()) {
91 _log.debug("Secure URL " + secureCompleteURL);
92 }
93
94 if (unsecureCompleteURL.equals(secureCompleteURL)) {
95 return null;
96 }
97 else {
98 return secureCompleteURL;
99 }
100 }
101
102 protected boolean isRequiresSecure(HttpServletRequest request) {
103 return _REQUIRES_SECURE;
104 }
105
106 private static final boolean _REQUIRES_SECURE = true;
107
108 private static Log _log = LogFactoryUtil.getLog(SecureRequestAction.class);
109
110 }