001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.registry.Registry;
019 import com.liferay.registry.RegistryUtil;
020 import com.liferay.registry.ServiceTracker;
021
022 import javax.servlet.http.HttpServletRequest;
023
024
029 public class AuthTokenUtil {
030
031
035 @Deprecated
036 public static void check(HttpServletRequest request)
037 throws PortalException {
038
039 _instance._check(request);
040 }
041
042 public static void checkCSRFToken(HttpServletRequest request, String origin)
043 throws PrincipalException {
044
045 _instance._checkCSRFToken(request, origin);
046 }
047
048 public static String getToken(HttpServletRequest request) {
049 return _instance._getToken(request);
050 }
051
052 public static String getToken(
053 HttpServletRequest request, long plid, String portletId) {
054
055 return _instance._getToken(request, plid, portletId);
056 }
057
058 public static boolean isValidPortletInvocationToken(
059 HttpServletRequest request, long plid, String portletId,
060 String strutsAction, String tokenValue) {
061
062 return _instance._isValidPortletInvocationToken(
063 request, plid, portletId, strutsAction, tokenValue);
064 }
065
066 private AuthTokenUtil() {
067 Registry registry = RegistryUtil.getRegistry();
068
069 _serviceTracker = registry.trackServices(AuthToken.class.getName());
070
071 _serviceTracker.open();
072 }
073
074 @SuppressWarnings("deprecation")
075 private void _check(HttpServletRequest request) throws PortalException {
076 if (_serviceTracker.isEmpty()) {
077 return;
078 }
079
080 AuthToken authToken = _serviceTracker.getService();
081
082 authToken.check(request);
083 }
084
085 private void _checkCSRFToken(HttpServletRequest request, String origin)
086 throws PrincipalException {
087
088 if (_serviceTracker.isEmpty()) {
089 return;
090 }
091
092 AuthToken authToken = _serviceTracker.getService();
093
094 authToken.checkCSRFToken(request, origin);
095 }
096
097 private String _getToken(HttpServletRequest request) {
098 if (_serviceTracker.isEmpty()) {
099 return null;
100 }
101
102 AuthToken authToken = _serviceTracker.getService();
103
104 return authToken.getToken(request);
105 }
106
107 private String _getToken(
108 HttpServletRequest request, long plid, String portletId) {
109
110 if (_serviceTracker.isEmpty()) {
111 return null;
112 }
113
114 AuthToken authToken = _serviceTracker.getService();
115
116 return authToken.getToken(request, plid, portletId);
117 }
118
119 private boolean _isValidPortletInvocationToken(
120 HttpServletRequest request, long plid, String portletId,
121 String strutsAction, String tokenValue) {
122
123 if (_serviceTracker.isEmpty()) {
124 return false;
125 }
126
127 AuthToken authToken = _serviceTracker.getService();
128
129 return authToken.isValidPortletInvocationToken(
130 request, plid, portletId, strutsAction, tokenValue);
131 }
132
133 private static final AuthTokenUtil _instance = new AuthTokenUtil();
134
135 private final ServiceTracker<?, AuthToken> _serviceTracker;
136
137 }