001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.portlet.LiferayPortletURL;
019    import com.liferay.portal.model.Layout;
020    import com.liferay.portal.model.Portlet;
021    import com.liferay.registry.Registry;
022    import com.liferay.registry.RegistryUtil;
023    import com.liferay.registry.ServiceTracker;
024    
025    import javax.servlet.http.HttpServletRequest;
026    
027    /**
028     * @author Amos Fong
029     * @author Peter Fellwock
030     * @author Raymond Aug??
031     */
032    public class AuthTokenUtil {
033    
034            public static void addCSRFToken(
035                    HttpServletRequest request, LiferayPortletURL liferayPortletURL) {
036    
037                    _instance._addCSRFToken(request, liferayPortletURL);
038            }
039    
040            public static void addPortletInvocationToken(
041                    HttpServletRequest request, LiferayPortletURL liferayPortletURL) {
042    
043                    _instance._addPortletInvocationToken(request, liferayPortletURL);
044            }
045    
046            /**
047             * @deprecated As of 6.2.0, replaced by {@link
048             *             #checkCSRFToken(HttpServletRequest, String)}
049             */
050            @Deprecated
051            public static void check(HttpServletRequest request)
052                    throws PortalException {
053    
054                    _instance._check(request);
055            }
056    
057            public static void checkCSRFToken(HttpServletRequest request, String origin)
058                    throws PrincipalException {
059    
060                    _instance._checkCSRFToken(request, origin);
061            }
062    
063            public static String getToken(HttpServletRequest request) {
064                    return _instance._getToken(request);
065            }
066    
067            public static String getToken(
068                    HttpServletRequest request, long plid, String portletId) {
069    
070                    return _instance._getToken(request, plid, portletId);
071            }
072    
073            public static boolean isValidPortletInvocationToken(
074                    HttpServletRequest request, Layout layout, Portlet portlet) {
075    
076                    return _instance._isValidPortletInvocationToken(
077                            request, layout, portlet);
078            }
079    
080            /**
081             * @deprecated As of 7.0.0, replaced by {@link
082             *             #isValidPortletInvocationToken(HttpServletRequest, Layout,
083             *             Portlet)}
084             */
085            @Deprecated
086            public static boolean isValidPortletInvocationToken(
087                    HttpServletRequest request, long plid, String portletId,
088                    String strutsAction, String tokenValue) {
089    
090                    return _instance._isValidPortletInvocationToken(
091                            request, plid, portletId, strutsAction, tokenValue);
092            }
093    
094            private AuthTokenUtil() {
095                    Registry registry = RegistryUtil.getRegistry();
096    
097                    _serviceTracker = registry.trackServices(AuthToken.class.getName());
098    
099                    _serviceTracker.open();
100            }
101    
102            private void _addCSRFToken(
103                    HttpServletRequest request, LiferayPortletURL liferayPortletURL) {
104    
105                    if (_serviceTracker.isEmpty()) {
106                            return;
107                    }
108    
109                    AuthToken authToken = _serviceTracker.getService();
110    
111                    authToken.addCSRFToken(request, liferayPortletURL);
112            }
113    
114            private void _addPortletInvocationToken(
115                    HttpServletRequest request, LiferayPortletURL liferayPortletURL) {
116    
117                    if (_serviceTracker.isEmpty()) {
118                            return;
119                    }
120    
121                    AuthToken authToken = _serviceTracker.getService();
122    
123                    authToken.addPortletInvocationToken(request, liferayPortletURL);
124            }
125    
126            @SuppressWarnings("deprecation")
127            private void _check(HttpServletRequest request) throws PortalException {
128                    if (_serviceTracker.isEmpty()) {
129                            return;
130                    }
131    
132                    AuthToken authToken = _serviceTracker.getService();
133    
134                    authToken.check(request);
135            }
136    
137            private void _checkCSRFToken(HttpServletRequest request, String origin)
138                    throws PrincipalException {
139    
140                    if (_serviceTracker.isEmpty()) {
141                            return;
142                    }
143    
144                    AuthToken authToken = _serviceTracker.getService();
145    
146                    authToken.checkCSRFToken(request, origin);
147            }
148    
149            private String _getToken(HttpServletRequest request) {
150                    if (_serviceTracker.isEmpty()) {
151                            return null;
152                    }
153    
154                    AuthToken authToken = _serviceTracker.getService();
155    
156                    return authToken.getToken(request);
157            }
158    
159            private String _getToken(
160                    HttpServletRequest request, long plid, String portletId) {
161    
162                    if (_serviceTracker.isEmpty()) {
163                            return null;
164                    }
165    
166                    AuthToken authToken = _serviceTracker.getService();
167    
168                    return authToken.getToken(request, plid, portletId);
169            }
170    
171            private boolean _isValidPortletInvocationToken(
172                    HttpServletRequest request, Layout layout, Portlet portlet) {
173    
174                    if (_serviceTracker.isEmpty()) {
175                            return false;
176                    }
177    
178                    AuthToken authToken = _serviceTracker.getService();
179    
180                    return authToken.isValidPortletInvocationToken(
181                            request, layout, portlet);
182            }
183    
184            /**
185             * @deprecated As of 7.0.0
186             */
187            @Deprecated
188            private boolean _isValidPortletInvocationToken(
189                    HttpServletRequest request, long plid, String portletId,
190                    String strutsAction, String tokenValue) {
191    
192                    if (_serviceTracker.isEmpty()) {
193                            return false;
194                    }
195    
196                    AuthToken authToken = _serviceTracker.getService();
197    
198                    return authToken.isValidPortletInvocationToken(
199                            request, plid, portletId, strutsAction, tokenValue);
200            }
201    
202            private static final AuthTokenUtil _instance = new AuthTokenUtil();
203    
204            private final ServiceTracker<?, AuthToken> _serviceTracker;
205    
206    }