001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.registry.Registry;
019    import com.liferay.registry.RegistryUtil;
020    import com.liferay.registry.ServiceTracker;
021    
022    import javax.servlet.http.HttpServletRequest;
023    
024    /**
025     * @author Amos Fong
026     * @author Peter Fellwock
027     * @author Raymond Aug??
028     */
029    public class AuthTokenUtil {
030    
031            /**
032             * @deprecated As of 6.2.0, replaced by {@link
033             *             #checkCSRFToken(HttpServletRequest, String)}
034             */
035            @Deprecated
036            public static void check(HttpServletRequest request)
037                    throws PortalException {
038    
039                    _instance._check(request);
040            }
041    
042            public static void checkCSRFToken(HttpServletRequest request, String origin)
043                    throws PrincipalException {
044    
045                    _instance._checkCSRFToken(request, origin);
046            }
047    
048            public static String getToken(HttpServletRequest request) {
049                    return _instance._getToken(request);
050            }
051    
052            public static String getToken(
053                    HttpServletRequest request, long plid, String portletId) {
054    
055                    return _instance._getToken(request, plid, portletId);
056            }
057    
058            public static boolean isValidPortletInvocationToken(
059                    HttpServletRequest request, long plid, String portletId,
060                    String strutsAction, String tokenValue) {
061    
062                    return _instance._isValidPortletInvocationToken(
063                            request, plid, portletId, strutsAction, tokenValue);
064            }
065    
066            private AuthTokenUtil() {
067                    Registry registry = RegistryUtil.getRegistry();
068    
069                    _serviceTracker = registry.trackServices(AuthToken.class.getName());
070    
071                    _serviceTracker.open();
072            }
073    
074            @SuppressWarnings("deprecation")
075            private void _check(HttpServletRequest request) throws PortalException {
076                    if (_serviceTracker.isEmpty()) {
077                            return;
078                    }
079    
080                    AuthToken authToken = _serviceTracker.getService();
081    
082                    authToken.check(request);
083            }
084    
085            private void _checkCSRFToken(HttpServletRequest request, String origin)
086                    throws PrincipalException {
087    
088                    if (_serviceTracker.isEmpty()) {
089                            return;
090                    }
091    
092                    AuthToken authToken = _serviceTracker.getService();
093    
094                    authToken.checkCSRFToken(request, origin);
095            }
096    
097            private String _getToken(HttpServletRequest request) {
098                    if (_serviceTracker.isEmpty()) {
099                            return null;
100                    }
101    
102                    AuthToken authToken = _serviceTracker.getService();
103    
104                    return authToken.getToken(request);
105            }
106    
107            private String _getToken(
108                    HttpServletRequest request, long plid, String portletId) {
109    
110                    if (_serviceTracker.isEmpty()) {
111                            return null;
112                    }
113    
114                    AuthToken authToken = _serviceTracker.getService();
115    
116                    return authToken.getToken(request, plid, portletId);
117            }
118    
119            private boolean _isValidPortletInvocationToken(
120                    HttpServletRequest request, long plid, String portletId,
121                    String strutsAction, String tokenValue) {
122    
123                    if (_serviceTracker.isEmpty()) {
124                            return false;
125                    }
126    
127                    AuthToken authToken = _serviceTracker.getService();
128    
129                    return authToken.isValidPortletInvocationToken(
130                            request, plid, portletId, strutsAction, tokenValue);
131            }
132    
133            private static final AuthTokenUtil _instance = new AuthTokenUtil();
134    
135            private final ServiceTracker<?, AuthToken> _serviceTracker;
136    
137    }