001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.security.auth;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.model.Layout;
019    import com.liferay.portal.kernel.model.Portlet;
020    import com.liferay.portal.kernel.portlet.LiferayPortletURL;
021    import com.liferay.registry.Registry;
022    import com.liferay.registry.RegistryUtil;
023    import com.liferay.registry.ServiceTracker;
024    
025    import javax.servlet.http.HttpServletRequest;
026    
027    /**
028     * @author Amos Fong
029     * @author Peter Fellwock
030     * @author Raymond Augé
031     */
032    public class AuthTokenUtil {
033    
034            public static void addCSRFToken(
035                    HttpServletRequest request, LiferayPortletURL liferayPortletURL) {
036    
037                    AuthToken authToken = _serviceTracker.getService();
038    
039                    if (authToken != null) {
040                            authToken.addCSRFToken(request, liferayPortletURL);
041                    }
042            }
043    
044            public static void addPortletInvocationToken(
045                    HttpServletRequest request, LiferayPortletURL liferayPortletURL) {
046    
047                    AuthToken authToken = _serviceTracker.getService();
048    
049                    if (authToken != null) {
050                            authToken.addPortletInvocationToken(request, liferayPortletURL);
051                    }
052            }
053    
054            /**
055             * @deprecated As of 6.2.0, replaced by {@link
056             *             #checkCSRFToken(HttpServletRequest, String)}
057             */
058            @Deprecated
059            public static void check(HttpServletRequest request)
060                    throws PortalException {
061    
062                    AuthToken authToken = _serviceTracker.getService();
063    
064                    if (authToken != null) {
065                            authToken.check(request);
066                    }
067            }
068    
069            public static void checkCSRFToken(HttpServletRequest request, String origin)
070                    throws PrincipalException {
071    
072                    AuthToken authToken = _serviceTracker.getService();
073    
074                    if (authToken != null) {
075                            authToken.checkCSRFToken(request, origin);
076                    }
077            }
078    
079            public static String getToken(HttpServletRequest request) {
080                    AuthToken authToken = _serviceTracker.getService();
081    
082                    if (authToken == null) {
083                            return null;
084                    }
085    
086                    return authToken.getToken(request);
087            }
088    
089            public static String getToken(
090                    HttpServletRequest request, long plid, String portletId) {
091    
092                    AuthToken authToken = _serviceTracker.getService();
093    
094                    if (authToken == null) {
095                            return null;
096                    }
097    
098                    return authToken.getToken(request, plid, portletId);
099            }
100    
101            public static boolean isValidPortletInvocationToken(
102                    HttpServletRequest request, Layout layout, Portlet portlet) {
103    
104                    AuthToken authToken = _serviceTracker.getService();
105    
106                    if (authToken == null) {
107                            return false;
108                    }
109    
110                    return authToken.isValidPortletInvocationToken(
111                            request, layout, portlet);
112            }
113    
114            /**
115             * @deprecated As of 7.0.0, replaced by {@link
116             *             #isValidPortletInvocationToken(HttpServletRequest, Layout,
117             *             Portlet)}
118             */
119            @Deprecated
120            public static boolean isValidPortletInvocationToken(
121                    HttpServletRequest request, long plid, String portletId,
122                    String strutsAction, String tokenValue) {
123    
124                    AuthToken authToken = _serviceTracker.getService();
125    
126                    if (authToken == null) {
127                            return false;
128                    }
129    
130                    return authToken.isValidPortletInvocationToken(
131                            request, plid, portletId, strutsAction, tokenValue);
132            }
133    
134            private static final ServiceTracker<?, AuthToken> _serviceTracker;
135    
136            static {
137                    Registry registry = RegistryUtil.getRegistry();
138    
139                    _serviceTracker = registry.trackServices(AuthToken.class.getName());
140    
141                    _serviceTracker.open();
142            }
143    
144    }