001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.portlet.LiferayPortletURL;
019    import com.liferay.portal.model.Layout;
020    import com.liferay.portal.model.Portlet;
021    
022    import javax.servlet.http.HttpServletRequest;
023    
024    /**
025     * @author Amos Fong
026     */
027    public interface AuthToken {
028    
029            public void addCSRFToken(
030                    HttpServletRequest request, LiferayPortletURL liferayPortletURL);
031    
032            public void addPortletInvocationToken(
033                    HttpServletRequest request, LiferayPortletURL liferayPortletURL);
034    
035            /**
036             * @deprecated As of 6.2.0, replaced by {@link
037             *             #checkCSRFToken(HttpServletRequest, String)}
038             */
039            @Deprecated
040            public void check(HttpServletRequest request) throws PortalException;
041    
042            public void checkCSRFToken(HttpServletRequest request, String origin)
043                    throws PrincipalException;
044    
045            public String getToken(HttpServletRequest request);
046    
047            public String getToken(
048                    HttpServletRequest request, long plid, String portletId);
049    
050            public boolean isValidPortletInvocationToken(
051                    HttpServletRequest request, Layout layout, Portlet portlet);
052    
053            /**
054             * @deprecated As of 7.0.0, replaced by {@link
055             *             #isValidPortletInvocationToken(HttpServletRequest, Layout,
056             *             Portlet)}
057             */
058            @Deprecated
059            public boolean isValidPortletInvocationToken(
060                    HttpServletRequest request, long plid, String portletId,
061                    String strutsAction, String tokenValue);
062    
063    }