001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.security.access.control;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierResult;
019    import com.liferay.portal.kernel.security.pacl.permission.PortalRuntimePermission;
020    import com.liferay.portal.kernel.util.AutoResetThreadLocal;
021    import com.liferay.portal.security.auth.AccessControlContext;
022    import com.liferay.portal.security.auth.AuthException;
023    import com.liferay.portal.util.PortalUtil;
024    import com.liferay.registry.Registry;
025    import com.liferay.registry.RegistryUtil;
026    import com.liferay.registry.ServiceTracker;
027    
028    import java.util.Map;
029    import java.util.Set;
030    
031    import javax.servlet.http.HttpServletRequest;
032    import javax.servlet.http.HttpServletResponse;
033    
034    /**
035     * @author Tomas Polesovsky
036     * @author Michael C. Han
037     * @author Raymond Aug??
038     */
039    public class AccessControlUtil {
040    
041            public static AccessControl getAccessControl() {
042                    PortalRuntimePermission.checkGetBeanProperty(AccessControlUtil.class);
043    
044                    return _instance._serviceTracker.getService();
045            }
046    
047            public static AccessControlContext getAccessControlContext() {
048                    PortalRuntimePermission.checkGetBeanProperty(
049                            AccessControlUtil.class, "accessControlContext");
050    
051                    return _accessControlContext.get();
052            }
053    
054            public static void initAccessControlContext(
055                    HttpServletRequest request, HttpServletResponse response,
056                    Map<String, Object> settings) {
057    
058                    getAccessControl().initAccessControlContext(
059                            request, response, settings);
060            }
061    
062            public static void initContextUser(long userId) throws AuthException {
063                    getAccessControl().initContextUser(userId);
064            }
065    
066            public static boolean isAccessAllowed(
067                    HttpServletRequest request, Set<String> hostsAllowed) {
068    
069                    if (hostsAllowed.isEmpty()) {
070                            return true;
071                    }
072    
073                    String remoteAddr = request.getRemoteAddr();
074    
075                    if (hostsAllowed.contains(remoteAddr)) {
076                            return true;
077                    }
078    
079                    Set<String> computerAddresses = PortalUtil.getComputerAddresses();
080    
081                    if (computerAddresses.contains(remoteAddr) &&
082                            hostsAllowed.contains(_SERVER_IP)) {
083    
084                            return true;
085                    }
086    
087                    return false;
088            }
089    
090            public static void setAccessControlContext(
091                    AccessControlContext accessControlContext) {
092    
093                    PortalRuntimePermission.checkSetBeanProperty(
094                            AccessControlUtil.class, "accessControlContext");
095    
096                    _accessControlContext.set(accessControlContext);
097            }
098    
099            public static AuthVerifierResult.State verifyRequest()
100                    throws PortalException {
101    
102                    return getAccessControl().verifyRequest();
103            }
104    
105            private AccessControlUtil() {
106                    Registry registry = RegistryUtil.getRegistry();
107    
108                    _serviceTracker = registry.trackServices(AccessControl.class);
109    
110                    _serviceTracker.open();
111            }
112    
113            private static final String _SERVER_IP = "SERVER_IP";
114    
115            private static final AccessControlUtil _instance = new AccessControlUtil();
116    
117            private static final ThreadLocal<AccessControlContext>
118                    _accessControlContext = new AutoResetThreadLocal<>(
119                            AccessControlUtil.class + "._accessControlContext");
120    
121            private final ServiceTracker<?, AccessControl> _serviceTracker;
122    
123    }