001
014
015 package com.liferay.taglib.security;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.CharPool;
020 import com.liferay.portal.kernel.util.Http;
021 import com.liferay.portal.kernel.util.HttpUtil;
022 import com.liferay.portal.kernel.util.StringBundler;
023 import com.liferay.portal.kernel.util.StringPool;
024 import com.liferay.portal.kernel.util.StringUtil;
025 import com.liferay.portal.kernel.util.Validator;
026 import com.liferay.portal.model.Company;
027 import com.liferay.portal.util.PortalUtil;
028 import com.liferay.util.Encryptor;
029 import com.liferay.util.EncryptorException;
030
031 import java.security.Key;
032
033 import java.util.HashSet;
034 import java.util.Set;
035 import java.util.StringTokenizer;
036
037 import javax.servlet.http.HttpServletRequest;
038 import javax.servlet.jsp.JspException;
039 import javax.servlet.jsp.JspWriter;
040 import javax.servlet.jsp.tagext.TagSupport;
041
042
045 public class EncryptTag extends TagSupport {
046
047 @Override
048 public int doEndTag() throws JspException {
049 try {
050 JspWriter jspWriter = pageContext.getOut();
051
052 jspWriter.write("</a>");
053
054 return EVAL_PAGE;
055 }
056 catch (Exception e) {
057 throw new JspException(e);
058 }
059 }
060
061 @Override
062 public int doStartTag() throws JspException {
063 try {
064 StringBundler sb = new StringBundler();
065
066
067
068 sb.append("<a ");
069
070
071
072 if (Validator.isNotNull(_className)) {
073 sb.append("class=\"");
074 sb.append(_className);
075 sb.append("\" ");
076 }
077
078
079
080 sb.append("href=\"");
081 sb.append(_protocol);
082 sb.append(Http.PROTOCOL_DELIMITER);
083
084 int pos = _url.indexOf(CharPool.QUESTION);
085
086 if (pos == -1) {
087 sb.append(_url);
088 }
089 else {
090 sb.append(_url.substring(0, pos));
091 sb.append(StringPool.QUESTION);
092
093 Company company = PortalUtil.getCompany(
094 (HttpServletRequest)pageContext.getRequest());
095
096 Key key = company.getKeyObj();
097
098 StringTokenizer st = new StringTokenizer(
099 _url.substring(pos + 1, _url.length()),
100 StringPool.AMPERSAND);
101
102 while (st.hasMoreTokens()) {
103 String paramAndValue = st.nextToken();
104
105 int x = paramAndValue.indexOf(CharPool.EQUAL);
106
107 String param = paramAndValue.substring(0, x);
108 String value = paramAndValue.substring(x + 1);
109
110 sb.append(param).append(StringPool.EQUAL);
111
112 if (_unencryptedParamsSet.contains(param)) {
113 sb.append(HttpUtil.encodeURL(value));
114 }
115 else {
116 try {
117 sb.append(HttpUtil.encodeURL(
118 Encryptor.encrypt(key, value)));
119 }
120 catch (EncryptorException ee) {
121 _log.error(ee.getMessage());
122 }
123
124 if (st.hasMoreTokens()) {
125 sb.append(StringPool.AMPERSAND);
126 }
127 }
128 }
129
130 sb.append("&shuo=1");
131 }
132
133 sb.append("\" ");
134
135
136
137 if (Validator.isNotNull(_style)) {
138 sb.append("style=\"");
139 sb.append(_style);
140 sb.append("\" ");
141 }
142
143
144
145 if (Validator.isNotNull(_target)) {
146 sb.append("target=\"" + _target + "\"");
147 }
148
149
150
151 sb.append(">");
152
153 JspWriter jspWriter = pageContext.getOut();
154
155 jspWriter.write(sb.toString());
156
157 return EVAL_BODY_INCLUDE;
158 }
159 catch (Exception e) {
160 throw new JspException(e);
161 }
162 }
163
164 public void setClassName(String className) {
165 _className = className;
166 }
167
168 public void setProtocol(String protocol) {
169 _protocol = protocol;
170 }
171
172 public void setStyle(String style) {
173 _style = style;
174 }
175
176 public void setTarget(String target) {
177 _target = target;
178 }
179
180 public void setUnencryptedParams(String unencryptedParams) {
181 _unencryptedParamsSet.clear();
182
183 String[] unencryptedParamsArray = StringUtil.split(unencryptedParams);
184
185 for (int i = 0; i < unencryptedParamsArray.length; i++) {
186 _unencryptedParamsSet.add(unencryptedParamsArray[i]);
187 }
188 }
189
190 public void setUrl(String url) {
191 _url = url;
192 }
193
194 private static Log _log = LogFactoryUtil.getLog(EncryptTag.class);
195
196 private String _className;
197 private String _protocol;
198 private String _style;
199 private String _target;
200 private Set<String> _unencryptedParamsSet = new HashSet<String>();
201 private String _url;
202
203 }