| SecureRequestAction.java |
1 /**
2 * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20 * SOFTWARE.
21 */
22
23 package com.liferay.portal.events;
24
25 import com.liferay.portal.kernel.events.Action;
26 import com.liferay.portal.kernel.events.ActionException;
27 import com.liferay.portal.kernel.log.Log;
28 import com.liferay.portal.kernel.log.LogFactoryUtil;
29 import com.liferay.portal.kernel.util.Http;
30 import com.liferay.portal.kernel.util.HttpUtil;
31 import com.liferay.portal.kernel.util.StringUtil;
32
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
35
36 /**
37 * <a href="SecureRequestAction.java.html"><b><i>View Source</i></b></a>
38 *
39 * <p>
40 * This action ensures that all requests are secure. Extend this and override
41 * the <code>isRequiresSecure</code> method to programmatically decide when a
42 * request requires HTTPS.
43 * </p>
44 *
45 * @author Brian Wing Shun Chan
46 *
47 */
48 public class SecureRequestAction extends Action {
49
50 public void run(HttpServletRequest request, HttpServletResponse response)
51 throws ActionException {
52
53 try {
54 if (request.isSecure()) {
55 return;
56 }
57
58 if (!isRequiresSecure(request)) {
59 return;
60 }
61
62 if (response.isCommitted()) {
63 return;
64 }
65
66 String redirect = getRedirect(request);
67
68 if (_log.isDebugEnabled()) {
69 _log.debug("Redirect " + redirect);
70 }
71
72 if (redirect != null) {
73 response.sendRedirect(redirect);
74 }
75 }
76 catch (Exception e) {
77 throw new ActionException(e);
78 }
79 }
80
81 protected String getRedirect(HttpServletRequest request) {
82 String unsecureCompleteURL = HttpUtil.getCompleteURL(request);
83
84 if (_log.isDebugEnabled()) {
85 _log.debug("Unsecure URL " + unsecureCompleteURL);
86 }
87
88 String secureCompleteURL = StringUtil.replaceFirst(
89 unsecureCompleteURL, Http.HTTP_WITH_SLASH, Http.HTTPS_WITH_SLASH);
90
91 if (_log.isDebugEnabled()) {
92 _log.debug("Secure URL " + secureCompleteURL);
93 }
94
95 if (unsecureCompleteURL.equals(secureCompleteURL)) {
96 return null;
97 }
98 else {
99 return secureCompleteURL;
100 }
101 }
102
103 protected boolean isRequiresSecure(HttpServletRequest request) {
104 return _REQUIRES_SECURE;
105 }
106
107 private static final boolean _REQUIRES_SECURE = true;
108
109 private static Log _log = LogFactoryUtil.getLog(SecureRequestAction.class);
110
111 }