001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.portlet;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.servlet.PersistentHttpServletRequestWrapper;
020    import com.liferay.portal.kernel.servlet.RequestDispatcherAttributeNames;
021    import com.liferay.portal.kernel.util.Mergeable;
022    import com.liferay.portal.kernel.util.PropsKeys;
023    import com.liferay.portal.kernel.util.PropsUtil;
024    import com.liferay.portal.kernel.util.WebKeys;
025    
026    import java.util.Collections;
027    import java.util.Enumeration;
028    import java.util.HashMap;
029    import java.util.HashSet;
030    import java.util.Map;
031    import java.util.Set;
032    import java.util.concurrent.locks.Lock;
033    
034    import javax.servlet.ServletRequest;
035    import javax.servlet.http.HttpServletRequest;
036    
037    /**
038     * @author Shuyang Zhou
039     */
040    public class RestrictPortletServletRequest
041            extends PersistentHttpServletRequestWrapper {
042    
043            public static boolean isSharedRequestAttribute(String name) {
044                    for (String requestSharedAttribute : _REQUEST_SHARED_ATTRIBUTES) {
045                            if (name.startsWith(requestSharedAttribute)) {
046                                    return true;
047                            }
048                    }
049    
050                    return false;
051            }
052    
053            public RestrictPortletServletRequest(HttpServletRequest request) {
054                    super(request);
055            }
056    
057            @Override
058            public Object getAttribute(String name) {
059                    if (RequestDispatcherAttributeNames.contains(name)) {
060                            return super.getAttribute(name);
061                    }
062    
063                    Object value = _attributes.get(name);
064    
065                    if (value == _nullValue) {
066                            return null;
067                    }
068    
069                    if (value != null) {
070                            return value;
071                    }
072    
073                    return super.getAttribute(name);
074            }
075    
076            @Override
077            public Enumeration<String> getAttributeNames() {
078                    Enumeration<String> superEnumeration = super.getAttributeNames();
079    
080                    if (_attributes.isEmpty()) {
081                            return superEnumeration;
082                    }
083    
084                    Set<String> names = new HashSet<>();
085    
086                    while (superEnumeration.hasMoreElements()) {
087                            names.add(superEnumeration.nextElement());
088                    }
089    
090                    for (Map.Entry<String, Object> entry : _attributes.entrySet()) {
091                            String key = entry.getKey();
092                            Object value = entry.getValue();
093    
094                            if (value == null) {
095                                    names.remove(key);
096                            }
097                            else {
098                                    names.add(key);
099                            }
100                    }
101    
102                    names.addAll(_attributes.keySet());
103    
104                    return Collections.enumeration(names);
105            }
106    
107            public Map<String, Object> getAttributes() {
108                    return _attributes;
109            }
110    
111            public void mergeSharedAttributes() {
112                    ServletRequest servletRequest = getRequest();
113    
114                    Lock lock = (Lock)servletRequest.getAttribute(
115                            WebKeys.PARALLEL_RENDERING_MERGE_LOCK);
116    
117                    if (lock != null) {
118                            lock.lock();
119                    }
120    
121                    try {
122                            doMergeSharedAttributes(servletRequest);
123                    }
124                    finally {
125                            if (lock != null) {
126                                    lock.unlock();
127                            }
128                    }
129            }
130    
131            @Override
132            public void removeAttribute(String name) {
133                    if (RequestDispatcherAttributeNames.contains(name)) {
134                            super.removeAttribute(name);
135                    }
136                    else {
137                            _attributes.put(name, _nullValue);
138                    }
139            }
140    
141            @Override
142            public void setAttribute(String name, Object value) {
143                    if (RequestDispatcherAttributeNames.contains(name)) {
144                            super.setAttribute(name, value);
145                    }
146                    else {
147                            if (value == null) {
148                                    value = _nullValue;
149                            }
150    
151                            _attributes.put(name, value);
152                    }
153            }
154    
155            protected void doMergeSharedAttributes(ServletRequest servletRequest) {
156                    for (Map.Entry<String, Object> entry : _attributes.entrySet()) {
157                            String name = entry.getKey();
158                            Object value = entry.getValue();
159    
160                            doMergeSharedAttributes(servletRequest, name, value);
161                    }
162            }
163    
164            protected void doMergeSharedAttributes(
165                    ServletRequest servletRequest, String name, Object value) {
166    
167                    if (isSharedRequestAttribute(name)) {
168                            if (value == _nullValue) {
169                                    servletRequest.removeAttribute(name);
170    
171                                    if (_log.isDebugEnabled()) {
172                                            _log.debug("Remove shared attribute " + name);
173                                    }
174                            }
175                            else {
176                                    Object masterValue = servletRequest.getAttribute(name);
177    
178                                    if ((masterValue == null) || !(value instanceof Mergeable)) {
179                                            servletRequest.setAttribute(name, value);
180    
181                                            if (_log.isDebugEnabled()) {
182                                                    _log.debug("Set shared attribute " + name);
183                                            }
184                                    }
185                                    else {
186                                            Mergeable<Object> masterMergeable =
187                                                    (Mergeable<Object>)masterValue;
188                                            Mergeable<Object> slaveMergeable = (Mergeable<Object>)value;
189    
190                                            masterMergeable.merge(slaveMergeable);
191    
192                                            if (_log.isDebugEnabled()) {
193                                                    _log.debug("Merge shared attribute " + name);
194                                            }
195                                    }
196                            }
197                    }
198                    else {
199                            if ((value != _nullValue) && _log.isDebugEnabled()) {
200                                    _log.debug("Ignore setting restricted attribute " + name);
201                            }
202                    }
203            }
204    
205            private static final String[] _REQUEST_SHARED_ATTRIBUTES =
206                    PropsUtil.getArray(PropsKeys.REQUEST_SHARED_ATTRIBUTES);
207    
208            private static final Log _log = LogFactoryUtil.getLog(
209                    RestrictPortletServletRequest.class);
210    
211            private static final Object _nullValue = new Object();
212    
213            private final Map<String, Object> _attributes = new HashMap<>();
214    
215    }