001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.portlet.LiferayPortletURL;
018    import com.liferay.portal.model.Portlet;
019    
020    import java.util.Set;
021    
022    import javax.servlet.http.HttpServletRequest;
023    
024    /**
025     * @author Tomas Polesovsky
026     * @author Raymond Aug??
027     */
028    public interface AuthTokenWhitelist {
029    
030            /**
031             * @deprecated As of 7.0.0, with no direct replacement
032             */
033            @Deprecated
034            public Set<String> getOriginCSRFWhitelist();
035    
036            /**
037             * @deprecated As of 7.0.0, with no direct replacement
038             */
039            @Deprecated
040            public Set<String> getPortletCSRFWhitelist();
041    
042            /**
043             * @deprecated As of 7.0.0, with no direct replacement
044             */
045            @Deprecated
046            public Set<String> getPortletCSRFWhitelistActions();
047    
048            /**
049             * @deprecated As of 7.0.0, with no direct replacement
050             */
051            @Deprecated
052            public Set<String> getPortletInvocationWhitelist();
053    
054            /**
055             * @deprecated As of 7.0.0, with no direct replacement
056             */
057            @Deprecated
058            public Set<String> getPortletInvocationWhitelistActions();
059    
060            public boolean isOriginCSRFWhitelisted(long companyId, String origin);
061    
062            public boolean isPortletCSRFWhitelisted(
063                    HttpServletRequest request, Portlet portlet);
064    
065            /**
066             * @deprecated As of 7.0.0, replaced by {@link
067             *             #isPortletCSRFWhitelisted(HttpServletRequest, Portlet)}
068             */
069            @Deprecated
070            public boolean isPortletCSRFWhitelisted(
071                    long companyId, String portletId, String strutsAction);
072    
073            public boolean isPortletInvocationWhitelisted(
074                    HttpServletRequest request, Portlet portlet);
075    
076            /**
077             * @deprecated As of 7.0.0, replaced by {@link
078             *             #isPortletInvocationWhitelisted(HttpServletRequest, Portlet)}
079             */
080            @Deprecated
081            public boolean isPortletInvocationWhitelisted(
082                    long companyId, String portletId, String strutsAction);
083    
084            public boolean isPortletURLCSRFWhitelisted(
085                    LiferayPortletURL liferayPortletURL);
086    
087            public boolean isPortletURLPortletInvocationWhitelisted(
088                    LiferayPortletURL liferayPortletURL);
089    
090            public boolean isValidSharedSecret(String sharedSecret);
091    
092            /**
093             * @deprecated As of 7.0.0, with no direct replacement
094             */
095            @Deprecated
096            public Set<String> resetOriginCSRFWhitelist();
097    
098            /**
099             * @deprecated As of 7.0.0, with no direct replacement
100             */
101            @Deprecated
102            public Set<String> resetPortletCSRFWhitelist();
103    
104            /**
105             * @deprecated As of 7.0.0, with no direct replacement
106             */
107            @Deprecated
108            public Set<String> resetPortletInvocationWhitelist();
109    
110            /**
111             * @deprecated As of 7.0.0, with no direct replacement
112             */
113            @Deprecated
114            public Set<String> resetPortletInvocationWhitelistActions();
115    
116    }