001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.portlet.LiferayPortletURL;
018 import com.liferay.portal.kernel.security.pacl.permission.PortalRuntimePermission;
019 import com.liferay.portal.model.Portlet;
020 import com.liferay.registry.collections.ServiceTrackerCollections;
021 import com.liferay.registry.collections.ServiceTrackerList;
022
023 import java.util.HashSet;
024 import java.util.Set;
025
026 import javax.servlet.http.HttpServletRequest;
027
028
032 public class AuthTokenWhitelistUtil {
033
034
037 @Deprecated
038 public static AuthTokenWhitelist getAuthTokenWhitelist() {
039 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
040
041 if (_authTokenWhitelists.size() > 0) {
042 return _authTokenWhitelists.get(0);
043 }
044
045 return null;
046 }
047
048
051 @Deprecated
052 public static Set<String> getPortletCSRFWhitelist() {
053 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
054
055 Set<String> portletCSRFWhitelist = new HashSet<>();
056
057 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
058 portletCSRFWhitelist.addAll(
059 authTokenWhitelist.getPortletCSRFWhitelist());
060 }
061
062 return portletCSRFWhitelist;
063 }
064
065
068 @Deprecated
069 public static Set<String> getPortletCSRFWhitelistActions() {
070 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
071
072 Set<String> portletCSRFWhitelistActions = new HashSet<>();
073
074 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
075 portletCSRFWhitelistActions.addAll(
076 authTokenWhitelist.getPortletCSRFWhitelistActions());
077 }
078
079 return portletCSRFWhitelistActions;
080 }
081
082
085 @Deprecated
086 public static Set<String> getPortletInvocationWhitelist() {
087 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
088
089 Set<String> portletInvocationWhitelist = new HashSet<>();
090
091 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
092 portletInvocationWhitelist.addAll(
093 authTokenWhitelist.getPortletInvocationWhitelist());
094 }
095
096 return portletInvocationWhitelist;
097 }
098
099
102 @Deprecated
103 public static Set<String> getPortletInvocationWhitelistActions() {
104 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
105
106 Set<String> portletInvocationWhitelistActions = new HashSet<>();
107
108 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
109 portletInvocationWhitelistActions.addAll(
110 authTokenWhitelist.getPortletInvocationWhitelistActions());
111 }
112
113 return portletInvocationWhitelistActions;
114 }
115
116
120 @Deprecated
121 public static boolean isCSRFOrigintWhitelisted(
122 long companyId, String origin) {
123
124 return isOriginCSRFWhitelisted(companyId, origin);
125 }
126
127 public static boolean isOriginCSRFWhitelisted(
128 long companyId, String origin) {
129
130 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
131
132 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
133 if (authTokenWhitelist.isOriginCSRFWhitelisted(companyId, origin)) {
134 return true;
135 }
136 }
137
138 return false;
139 }
140
141 public static boolean isPortletCSRFWhitelisted(
142 HttpServletRequest request, Portlet portlet) {
143
144 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
145
146 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
147 if (authTokenWhitelist.isPortletCSRFWhitelisted(request, portlet)) {
148 return true;
149 }
150 }
151
152 return false;
153 }
154
155
159 @Deprecated
160 public static boolean isPortletCSRFWhitelisted(
161 long companyId, String portletId, String strutsAction) {
162
163 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
164
165 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
166 if (authTokenWhitelist.isPortletCSRFWhitelisted(
167 companyId, portletId, strutsAction)) {
168
169 return true;
170 }
171 }
172
173 return false;
174 }
175
176 public static boolean isPortletInvocationWhitelisted(
177 HttpServletRequest request, Portlet portlet) {
178
179 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
180
181 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
182 if (authTokenWhitelist.isPortletInvocationWhitelisted(
183 request, portlet)) {
184
185 return true;
186 }
187 }
188
189 return false;
190 }
191
192
196 @Deprecated
197 public static boolean isPortletInvocationWhitelisted(
198 long companyId, String portletId, String strutsAction) {
199
200 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
201
202 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
203 if (authTokenWhitelist.isPortletInvocationWhitelisted(
204 companyId, portletId, strutsAction)) {
205
206 return true;
207 }
208 }
209
210 return false;
211 }
212
213 public static boolean isPortletURLCSRFWhitelisted(
214 LiferayPortletURL liferayPortletURL) {
215
216 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
217
218 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
219 if (authTokenWhitelist.isPortletURLCSRFWhitelisted(
220 liferayPortletURL)) {
221
222 return true;
223 }
224 }
225
226 return false;
227 }
228
229 public static boolean isPortletURLPortletInvocationWhitelisted(
230 LiferayPortletURL liferayPortletURL) {
231
232 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
233
234 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
235 if (authTokenWhitelist.isPortletURLPortletInvocationWhitelisted(
236 liferayPortletURL)) {
237
238 return true;
239 }
240 }
241
242 return false;
243 }
244
245 public static boolean isValidSharedSecret(String sharedSecret) {
246 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
247
248 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
249 if (authTokenWhitelist.isValidSharedSecret(sharedSecret)) {
250 return true;
251 }
252 }
253
254 return false;
255 }
256
257
260 @Deprecated
261 public static Set<String> resetOriginCSRFWhitelist() {
262 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
263
264 Set<String> originCSRFWhitelist = new HashSet<>();
265
266 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
267 originCSRFWhitelist.addAll(
268 authTokenWhitelist.resetOriginCSRFWhitelist());
269 }
270
271 return originCSRFWhitelist;
272 }
273
274
277 @Deprecated
278 public static Set<String> resetPortletCSRFWhitelist() {
279 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
280
281 Set<String> portletCSRFWhitelist = new HashSet<>();
282
283 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
284 portletCSRFWhitelist.addAll(
285 authTokenWhitelist.resetPortletCSRFWhitelist());
286 }
287
288 return portletCSRFWhitelist;
289 }
290
291
294 @Deprecated
295 public static Set<String> resetPortletInvocationWhitelist() {
296 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
297
298 Set<String> portletInvocationWhitelist = new HashSet<>();
299
300 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
301 portletInvocationWhitelist.addAll(
302 authTokenWhitelist.resetPortletInvocationWhitelist());
303 }
304
305 return portletInvocationWhitelist;
306 }
307
308
311 @Deprecated
312 public static Set<String> resetPortletInvocationWhitelistActions() {
313 PortalRuntimePermission.checkGetBeanProperty(AuthTokenWhitelist.class);
314
315 Set<String> portletInvocationWhitelistActions = new HashSet<>();
316
317 for (AuthTokenWhitelist authTokenWhitelist : _authTokenWhitelists) {
318 portletInvocationWhitelistActions.addAll(
319 authTokenWhitelist.resetPortletInvocationWhitelistActions());
320 }
321
322 return portletInvocationWhitelistActions;
323 }
324
325
328 @Deprecated
329 public void setAuthTokenWhitelist(AuthTokenWhitelist authTokenWhitelist) {
330 }
331
332 private static final ServiceTrackerList<AuthTokenWhitelist>
333 _authTokenWhitelists = ServiceTrackerCollections.openList(
334 AuthTokenWhitelist.class);
335
336 }