001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.portlet.LiferayPortletURL;
019 import com.liferay.portal.model.Layout;
020 import com.liferay.portal.model.Portlet;
021 import com.liferay.registry.Registry;
022 import com.liferay.registry.RegistryUtil;
023 import com.liferay.registry.ServiceTracker;
024
025 import javax.servlet.http.HttpServletRequest;
026
027
032 public class AuthTokenUtil {
033
034 public static void addCSRFToken(
035 HttpServletRequest request, LiferayPortletURL liferayPortletURL) {
036
037 _instance._addCSRFToken(request, liferayPortletURL);
038 }
039
040 public static void addPortletInvocationToken(
041 HttpServletRequest request, LiferayPortletURL liferayPortletURL) {
042
043 _instance._addPortletInvocationToken(request, liferayPortletURL);
044 }
045
046
050 @Deprecated
051 public static void check(HttpServletRequest request)
052 throws PortalException {
053
054 _instance._check(request);
055 }
056
057 public static void checkCSRFToken(HttpServletRequest request, String origin)
058 throws PrincipalException {
059
060 _instance._checkCSRFToken(request, origin);
061 }
062
063 public static String getToken(HttpServletRequest request) {
064 return _instance._getToken(request);
065 }
066
067 public static String getToken(
068 HttpServletRequest request, long plid, String portletId) {
069
070 return _instance._getToken(request, plid, portletId);
071 }
072
073 public static boolean isValidPortletInvocationToken(
074 HttpServletRequest request, Layout layout, Portlet portlet) {
075
076 return _instance._isValidPortletInvocationToken(
077 request, layout, portlet);
078 }
079
080
085 @Deprecated
086 public static boolean isValidPortletInvocationToken(
087 HttpServletRequest request, long plid, String portletId,
088 String strutsAction, String tokenValue) {
089
090 return _instance._isValidPortletInvocationToken(
091 request, plid, portletId, strutsAction, tokenValue);
092 }
093
094 private AuthTokenUtil() {
095 Registry registry = RegistryUtil.getRegistry();
096
097 _serviceTracker = registry.trackServices(AuthToken.class.getName());
098
099 _serviceTracker.open();
100 }
101
102 private void _addCSRFToken(
103 HttpServletRequest request, LiferayPortletURL liferayPortletURL) {
104
105 if (_serviceTracker.isEmpty()) {
106 return;
107 }
108
109 AuthToken authToken = _serviceTracker.getService();
110
111 authToken.addCSRFToken(request, liferayPortletURL);
112 }
113
114 private void _addPortletInvocationToken(
115 HttpServletRequest request, LiferayPortletURL liferayPortletURL) {
116
117 if (_serviceTracker.isEmpty()) {
118 return;
119 }
120
121 AuthToken authToken = _serviceTracker.getService();
122
123 authToken.addPortletInvocationToken(request, liferayPortletURL);
124 }
125
126 @SuppressWarnings("deprecation")
127 private void _check(HttpServletRequest request) throws PortalException {
128 if (_serviceTracker.isEmpty()) {
129 return;
130 }
131
132 AuthToken authToken = _serviceTracker.getService();
133
134 authToken.check(request);
135 }
136
137 private void _checkCSRFToken(HttpServletRequest request, String origin)
138 throws PrincipalException {
139
140 if (_serviceTracker.isEmpty()) {
141 return;
142 }
143
144 AuthToken authToken = _serviceTracker.getService();
145
146 authToken.checkCSRFToken(request, origin);
147 }
148
149 private String _getToken(HttpServletRequest request) {
150 if (_serviceTracker.isEmpty()) {
151 return null;
152 }
153
154 AuthToken authToken = _serviceTracker.getService();
155
156 return authToken.getToken(request);
157 }
158
159 private String _getToken(
160 HttpServletRequest request, long plid, String portletId) {
161
162 if (_serviceTracker.isEmpty()) {
163 return null;
164 }
165
166 AuthToken authToken = _serviceTracker.getService();
167
168 return authToken.getToken(request, plid, portletId);
169 }
170
171 private boolean _isValidPortletInvocationToken(
172 HttpServletRequest request, Layout layout, Portlet portlet) {
173
174 if (_serviceTracker.isEmpty()) {
175 return false;
176 }
177
178 AuthToken authToken = _serviceTracker.getService();
179
180 return authToken.isValidPortletInvocationToken(
181 request, layout, portlet);
182 }
183
184
187 @Deprecated
188 private boolean _isValidPortletInvocationToken(
189 HttpServletRequest request, long plid, String portletId,
190 String strutsAction, String tokenValue) {
191
192 if (_serviceTracker.isEmpty()) {
193 return false;
194 }
195
196 AuthToken authToken = _serviceTracker.getService();
197
198 return authToken.isValidPortletInvocationToken(
199 request, plid, portletId, strutsAction, tokenValue);
200 }
201
202 private static final AuthTokenUtil _instance = new AuthTokenUtil();
203
204 private final ServiceTracker<?, AuthToken> _serviceTracker;
205
206 }