001
014
015 package com.liferay.portal.kernel.security.access.control;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierResult;
019 import com.liferay.portal.kernel.security.pacl.permission.PortalRuntimePermission;
020 import com.liferay.portal.kernel.util.AutoResetThreadLocal;
021 import com.liferay.portal.security.auth.AccessControlContext;
022 import com.liferay.portal.security.auth.AuthException;
023 import com.liferay.portal.util.PortalUtil;
024 import com.liferay.registry.Registry;
025 import com.liferay.registry.RegistryUtil;
026 import com.liferay.registry.ServiceTracker;
027
028 import java.util.Map;
029 import java.util.Set;
030
031 import javax.servlet.http.HttpServletRequest;
032 import javax.servlet.http.HttpServletResponse;
033
034
039 public class AccessControlUtil {
040
041 public static AccessControl getAccessControl() {
042 PortalRuntimePermission.checkGetBeanProperty(AccessControlUtil.class);
043
044 return _instance._serviceTracker.getService();
045 }
046
047 public static AccessControlContext getAccessControlContext() {
048 PortalRuntimePermission.checkGetBeanProperty(
049 AccessControlUtil.class, "accessControlContext");
050
051 return _accessControlContext.get();
052 }
053
054 public static void initAccessControlContext(
055 HttpServletRequest request, HttpServletResponse response,
056 Map<String, Object> settings) {
057
058 getAccessControl().initAccessControlContext(
059 request, response, settings);
060 }
061
062 public static void initContextUser(long userId) throws AuthException {
063 getAccessControl().initContextUser(userId);
064 }
065
066 public static boolean isAccessAllowed(
067 HttpServletRequest request, Set<String> hostsAllowed) {
068
069 if (hostsAllowed.isEmpty()) {
070 return true;
071 }
072
073 String remoteAddr = request.getRemoteAddr();
074
075 if (hostsAllowed.contains(remoteAddr)) {
076 return true;
077 }
078
079 Set<String> computerAddresses = PortalUtil.getComputerAddresses();
080
081 if (computerAddresses.contains(remoteAddr) &&
082 hostsAllowed.contains(_SERVER_IP)) {
083
084 return true;
085 }
086
087 return false;
088 }
089
090 public static void setAccessControlContext(
091 AccessControlContext accessControlContext) {
092
093 PortalRuntimePermission.checkSetBeanProperty(
094 AccessControlUtil.class, "accessControlContext");
095
096 _accessControlContext.set(accessControlContext);
097 }
098
099 public static AuthVerifierResult.State verifyRequest()
100 throws PortalException {
101
102 return getAccessControl().verifyRequest();
103 }
104
105 private AccessControlUtil() {
106 Registry registry = RegistryUtil.getRegistry();
107
108 _serviceTracker = registry.trackServices(AccessControl.class);
109
110 _serviceTracker.open();
111 }
112
113 private static final String _SERVER_IP = "SERVER_IP";
114
115 private static final AccessControlUtil _instance = new AccessControlUtil();
116
117 private static final ThreadLocal<AccessControlContext>
118 _accessControlContext = new AutoResetThreadLocal<>(
119 AccessControlUtil.class + "._accessControlContext");
120
121 private final ServiceTracker<?, AccessControl> _serviceTracker;
122
123 }