001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.portlet.LiferayPortletURL;
018    import com.liferay.portal.kernel.util.PropsUtil;
019    import com.liferay.portal.kernel.util.StringUtil;
020    import com.liferay.portal.model.Portlet;
021    import com.liferay.registry.Registry;
022    import com.liferay.registry.RegistryUtil;
023    import com.liferay.registry.ServiceReference;
024    import com.liferay.registry.ServiceRegistration;
025    import com.liferay.registry.ServiceTracker;
026    import com.liferay.registry.ServiceTrackerCustomizer;
027    import com.liferay.registry.collections.StringServiceRegistrationMap;
028    import com.liferay.registry.collections.StringServiceRegistrationMapImpl;
029    import com.liferay.registry.util.StringPlus;
030    
031    import java.util.ArrayList;
032    import java.util.Collections;
033    import java.util.HashMap;
034    import java.util.List;
035    import java.util.Map;
036    import java.util.Set;
037    
038    import javax.servlet.http.HttpServletRequest;
039    
040    /**
041     * @author Tomas Polesovsky
042     */
043    public abstract class BaseAuthTokenWhitelist implements AuthTokenWhitelist {
044    
045            @Deprecated
046            @Override
047            public Set<String> getOriginCSRFWhitelist() {
048                    return Collections.emptySet();
049            }
050    
051            @Deprecated
052            @Override
053            public Set<String> getPortletCSRFWhitelist() {
054                    return Collections.emptySet();
055            }
056    
057            @Deprecated
058            @Override
059            public Set<String> getPortletCSRFWhitelistActions() {
060                    return Collections.emptySet();
061            }
062    
063            @Deprecated
064            @Override
065            public Set<String> getPortletInvocationWhitelist() {
066                    return Collections.emptySet();
067            }
068    
069            @Deprecated
070            @Override
071            public Set<String> getPortletInvocationWhitelistActions() {
072                    return Collections.emptySet();
073            }
074    
075            @Override
076            public boolean isOriginCSRFWhitelisted(long companyId, String origin) {
077                    return false;
078            }
079    
080            @Override
081            public boolean isPortletCSRFWhitelisted(
082                    HttpServletRequest request, Portlet portlet) {
083    
084                    return false;
085            }
086    
087            @Deprecated
088            @Override
089            public boolean isPortletCSRFWhitelisted(
090                    long companyId, String portletId, String strutsAction) {
091    
092                    return false;
093            }
094    
095            @Override
096            public boolean isPortletInvocationWhitelisted(
097                    HttpServletRequest request, Portlet portlet) {
098    
099                    return false;
100            }
101    
102            @Deprecated
103            @Override
104            public boolean isPortletInvocationWhitelisted(
105                    long companyId, String portletId, String strutsAction) {
106    
107                    return false;
108            }
109    
110            @Override
111            public boolean isPortletURLCSRFWhitelisted(
112                    LiferayPortletURL liferayPortletURL) {
113    
114                    return false;
115            }
116    
117            @Override
118            public boolean isPortletURLPortletInvocationWhitelisted(
119                    LiferayPortletURL liferayPortletURL) {
120    
121                    return false;
122            }
123    
124            @Override
125            public boolean isValidSharedSecret(String sharedSecret) {
126                    return false;
127            }
128    
129            @Deprecated
130            @Override
131            public Set<String> resetOriginCSRFWhitelist() {
132                    return Collections.emptySet();
133            }
134    
135            @Deprecated
136            @Override
137            public Set<String> resetPortletCSRFWhitelist() {
138                    return Collections.emptySet();
139            }
140    
141            @Deprecated
142            @Override
143            public Set<String> resetPortletInvocationWhitelist() {
144                    return Collections.emptySet();
145            }
146    
147            @Deprecated
148            @Override
149            public Set<String> resetPortletInvocationWhitelistActions() {
150                    return Collections.emptySet();
151            }
152    
153            protected void destroy() {
154                    for (ServiceRegistration<Object> serviceRegistration :
155                                    serviceRegistrations.values()) {
156    
157                            serviceRegistration.unregister();
158                    }
159    
160                    for (ServiceTracker<Object, Object> serviceTracker : serviceTrackers) {
161                            serviceTracker.close();
162                    }
163            }
164    
165            protected void registerPortalProperty(String key) {
166                    Registry registry = RegistryUtil.getRegistry();
167    
168                    Map<String, Object> properties = new HashMap<>();
169    
170                    String[] values = PropsUtil.getArray(key);
171    
172                    properties.put(key, values);
173    
174                    ServiceRegistration<Object> serviceRegistration =
175                            registry.registerService(Object.class, new Object(), properties);
176    
177                    serviceRegistrations.put(StringUtil.merge(values), serviceRegistration);
178            }
179    
180            protected ServiceTracker<Object, Object> trackWhitelistServices(
181                    String whitelistName, Set<String> whiteList) {
182    
183                    Registry registry = RegistryUtil.getRegistry();
184    
185                    ServiceTracker<Object, Object> serviceTracker = registry.trackServices(
186                            registry.getFilter("(" + whitelistName + "=*)"),
187                            new TokenWhitelistTrackerCustomizer(whitelistName, whiteList));
188    
189                    serviceTracker.open();
190    
191                    serviceTrackers.add(serviceTracker);
192    
193                    return serviceTracker;
194            }
195    
196            protected final StringServiceRegistrationMap<Object> serviceRegistrations =
197                    new StringServiceRegistrationMapImpl<>();
198            protected final List<ServiceTracker<Object, Object>> serviceTrackers =
199                    new ArrayList<>();
200    
201            private class TokenWhitelistTrackerCustomizer
202                    implements ServiceTrackerCustomizer<Object, Object> {
203    
204                    public TokenWhitelistTrackerCustomizer(
205                            String whitelistName, Set<String> whitelist) {
206    
207                            _whitelistName = whitelistName;
208                            _whitelist = whitelist;
209                    }
210    
211                    @Override
212                    public Object addingService(ServiceReference<Object> serviceReference) {
213                            List<String> authTokenIgnoreActions = StringPlus.asList(
214                                    serviceReference.getProperty(_whitelistName));
215    
216                            _whitelist.addAll(authTokenIgnoreActions);
217    
218                            Registry registry = RegistryUtil.getRegistry();
219    
220                            return registry.getService(serviceReference);
221                    }
222    
223                    @Override
224                    public void modifiedService(
225                            ServiceReference<Object> serviceReference, Object object) {
226    
227                            removedService(serviceReference, object);
228    
229                            addingService(serviceReference);
230                    }
231    
232                    @Override
233                    public void removedService(
234                            ServiceReference<Object> serviceReference, Object object) {
235    
236                            List<String> authTokenIgnoreActions = StringPlus.asList(
237                                    serviceReference.getProperty(_whitelistName));
238    
239                            _whitelist.removeAll(authTokenIgnoreActions);
240                    }
241    
242                    private final Set<String> _whitelist;
243                    private final String _whitelistName;
244    
245            }
246    
247    }