001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.util;
016    
017    import com.liferay.portal.CookieNotSupportedException;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.util.StringPool;
021    import com.liferay.portal.kernel.util.Validator;
022    import com.liferay.util.CookieUtil;
023    
024    import javax.servlet.http.Cookie;
025    import javax.servlet.http.HttpServletRequest;
026    import javax.servlet.http.HttpServletResponse;
027    
028    import org.apache.commons.codec.binary.Hex;
029    
030    /**
031     * @author Brian Wing Shun Chan
032     * @author Minhchau Dang
033     */
034    public class CookieKeys {
035    
036            public static final String COOKIE_SUPPORT = "COOKIE_SUPPORT";
037    
038            public static final String COMPANY_ID = "COMPANY_ID";
039    
040            public static final String GUEST_LANGUAGE_ID = "GUEST_LANGUAGE_ID";
041    
042            public static final String ID = "ID";
043    
044            public static final String JSESSIONID = "jsessionid";
045    
046            public static final String LOGIN = "LOGIN";
047    
048            public static final String PASSWORD = "PASSWORD";
049    
050            public static final String REMEMBER_ME = "REMEMBER_ME";
051    
052            public static final String SCREEN_NAME = "SCREEN_NAME";
053    
054            public static final int MAX_AGE = 31536000;
055    
056            public static final int VERSION = 0;
057    
058            public static void addCookie(
059                    HttpServletRequest request, HttpServletResponse response,
060                    Cookie cookie) {
061    
062                    addCookie(request, response, cookie, request.isSecure());
063            }
064    
065            public static void addCookie(
066                    HttpServletRequest request, HttpServletResponse response,
067                    Cookie cookie, boolean secure) {
068    
069                    if (!PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES ||
070                            PropsValues.TCK_URL) {
071    
072                            return;
073                    }
074    
075                    // LEP-5175
076    
077                    String name = cookie.getName();
078    
079                    String originalValue = cookie.getValue();
080                    String encodedValue = originalValue;
081    
082                    if (isEncodedCookie(name)) {
083                            encodedValue = new String(Hex.encodeHex(originalValue.getBytes()));
084    
085                            if (_log.isDebugEnabled()) {
086                                    _log.debug("Add encoded cookie " + name);
087                                    _log.debug("Original value " + originalValue);
088                                    _log.debug("Hex encoded value " + encodedValue);
089                            }
090                    }
091    
092                    cookie.setSecure(secure);
093                    cookie.setValue(encodedValue);
094                    cookie.setVersion(VERSION);
095    
096                    // Setting a cookie will cause the TCK to lose its ability to track
097                    // sessions
098    
099                    response.addCookie(cookie);
100            }
101    
102            public static void addSupportCookie(
103                    HttpServletRequest request, HttpServletResponse response) {
104    
105                    Cookie cookieSupportCookie = new Cookie(COOKIE_SUPPORT, "true");
106    
107                    cookieSupportCookie.setPath(StringPool.SLASH);
108                    cookieSupportCookie.setMaxAge(MAX_AGE);
109    
110                    addCookie(request, response, cookieSupportCookie);
111            }
112    
113            public static String getCookie(HttpServletRequest request, String name) {
114                    String value = CookieUtil.get(request, name);
115    
116                    if ((value != null) && isEncodedCookie(name)) {
117                            try {
118                                    String encodedValue = value;
119                                    String originalValue = new String(
120                                            Hex.decodeHex(encodedValue.toCharArray()));
121    
122                                    if (_log.isDebugEnabled()) {
123                                            _log.debug("Get encoded cookie " + name);
124                                            _log.debug("Hex encoded value " + encodedValue);
125                                            _log.debug("Original value " + originalValue);
126                                    }
127    
128                                    return originalValue;
129                            }
130                            catch (Exception e) {
131                                    if (_log.isWarnEnabled()) {
132                                            _log.warn(e.getMessage());
133                                    }
134    
135                                    return value;
136                            }
137                    }
138    
139                    return value;
140            }
141    
142            public static String getDomain(HttpServletRequest request) {
143    
144                    // See LEP-4602 and       LEP-4618.
145    
146                    if (Validator.isNotNull(PropsValues.SESSION_COOKIE_DOMAIN)) {
147                            return PropsValues.SESSION_COOKIE_DOMAIN;
148                    }
149    
150                    String host = request.getServerName();
151    
152                    return getDomain(host);
153            }
154    
155            public static String getDomain(String host) {
156    
157                    // See LEP-4602 and LEP-4645.
158    
159                    if (host == null) {
160                            return null;
161                    }
162    
163                    // See LEP-5595.
164    
165                    if (Validator.isIPAddress(host)) {
166                            return host;
167                    }
168    
169                    int x = host.lastIndexOf(StringPool.PERIOD);
170    
171                    if (x <= 0) {
172                            return null;
173                    }
174    
175                    int y = host.lastIndexOf(StringPool.PERIOD, x - 1);
176    
177                    if (y <= 0) {
178                            return StringPool.PERIOD + host;
179                    }
180    
181                    int z = host.lastIndexOf(StringPool.PERIOD, y - 1);
182    
183                    String domain = null;
184    
185                    if (z <= 0) {
186                            domain = host.substring(y);
187                    }
188                    else {
189                            domain = host.substring(z);
190                    }
191    
192                    return domain;
193            }
194    
195            public static boolean hasSessionId(HttpServletRequest request) {
196                    String jsessionid = getCookie(request, JSESSIONID);
197    
198                    if (jsessionid != null) {
199                            return true;
200                    }
201                    else {
202                            return false;
203                    }
204            }
205    
206            public static boolean isEncodedCookie(String name) {
207                    if (name.equals(ID) || name.equals(LOGIN) || name.equals(PASSWORD) ||
208                            name.equals(SCREEN_NAME)) {
209    
210                            return true;
211                    }
212                    else {
213                            return false;
214                    }
215            }
216    
217            public static void validateSupportCookie(HttpServletRequest request)
218                    throws CookieNotSupportedException {
219    
220                    if (PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES &&
221                            PropsValues.SESSION_TEST_COOKIE_SUPPORT) {
222    
223                            String cookieSupport = getCookie(request, COOKIE_SUPPORT);
224    
225                            if (Validator.isNull(cookieSupport)) {
226                                    throw new CookieNotSupportedException();
227                            }
228                    }
229            }
230    
231            private static Log _log = LogFactoryUtil.getLog(CookieKeys.class);
232    
233    }