001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.security.auth;
016    
017    import com.liferay.portal.kernel.model.Portlet;
018    import com.liferay.portal.kernel.portlet.LiferayPortletURL;
019    import com.liferay.portal.kernel.util.PropsUtil;
020    import com.liferay.portal.kernel.util.StringUtil;
021    import com.liferay.registry.Registry;
022    import com.liferay.registry.RegistryUtil;
023    import com.liferay.registry.ServiceReference;
024    import com.liferay.registry.ServiceRegistration;
025    import com.liferay.registry.ServiceTracker;
026    import com.liferay.registry.ServiceTrackerCustomizer;
027    import com.liferay.registry.collections.StringServiceRegistrationMap;
028    import com.liferay.registry.collections.StringServiceRegistrationMapImpl;
029    import com.liferay.registry.util.StringPlus;
030    
031    import java.util.ArrayList;
032    import java.util.Collection;
033    import java.util.Collections;
034    import java.util.HashMap;
035    import java.util.List;
036    import java.util.Map;
037    import java.util.Set;
038    
039    import javax.servlet.http.HttpServletRequest;
040    
041    /**
042     * @author Tomas Polesovsky
043     */
044    public abstract class BaseAuthTokenWhitelist implements AuthTokenWhitelist {
045    
046            @Deprecated
047            @Override
048            public Set<String> getOriginCSRFWhitelist() {
049                    return Collections.emptySet();
050            }
051    
052            @Deprecated
053            @Override
054            public Set<String> getPortletCSRFWhitelist() {
055                    return Collections.emptySet();
056            }
057    
058            @Deprecated
059            @Override
060            public Set<String> getPortletCSRFWhitelistActions() {
061                    return Collections.emptySet();
062            }
063    
064            @Deprecated
065            @Override
066            public Set<String> getPortletInvocationWhitelist() {
067                    return Collections.emptySet();
068            }
069    
070            @Deprecated
071            @Override
072            public Set<String> getPortletInvocationWhitelistActions() {
073                    return Collections.emptySet();
074            }
075    
076            @Override
077            public boolean isOriginCSRFWhitelisted(long companyId, String origin) {
078                    return false;
079            }
080    
081            @Override
082            public boolean isPortletCSRFWhitelisted(
083                    HttpServletRequest request, Portlet portlet) {
084    
085                    return false;
086            }
087    
088            @Deprecated
089            @Override
090            public boolean isPortletCSRFWhitelisted(
091                    long companyId, String portletId, String strutsAction) {
092    
093                    return false;
094            }
095    
096            @Override
097            public boolean isPortletInvocationWhitelisted(
098                    HttpServletRequest request, Portlet portlet) {
099    
100                    return false;
101            }
102    
103            @Deprecated
104            @Override
105            public boolean isPortletInvocationWhitelisted(
106                    long companyId, String portletId, String strutsAction) {
107    
108                    return false;
109            }
110    
111            @Override
112            public boolean isPortletURLCSRFWhitelisted(
113                    LiferayPortletURL liferayPortletURL) {
114    
115                    return false;
116            }
117    
118            @Override
119            public boolean isPortletURLPortletInvocationWhitelisted(
120                    LiferayPortletURL liferayPortletURL) {
121    
122                    return false;
123            }
124    
125            @Override
126            public boolean isValidSharedSecret(String sharedSecret) {
127                    return false;
128            }
129    
130            @Deprecated
131            @Override
132            public Set<String> resetOriginCSRFWhitelist() {
133                    return Collections.emptySet();
134            }
135    
136            @Deprecated
137            @Override
138            public Set<String> resetPortletCSRFWhitelist() {
139                    return Collections.emptySet();
140            }
141    
142            @Deprecated
143            @Override
144            public Set<String> resetPortletInvocationWhitelist() {
145                    return Collections.emptySet();
146            }
147    
148            @Deprecated
149            @Override
150            public Set<String> resetPortletInvocationWhitelistActions() {
151                    return Collections.emptySet();
152            }
153    
154            protected void destroy() {
155                    for (ServiceRegistration<?> serviceRegistration :
156                                    serviceRegistrations.values()) {
157    
158                            serviceRegistration.unregister();
159                    }
160    
161                    for (ServiceTracker<?, ?> serviceTracker : serviceTrackers) {
162                            serviceTracker.close();
163                    }
164            }
165    
166            protected void registerPortalProperty(String key) {
167                    Registry registry = RegistryUtil.getRegistry();
168    
169                    Map<String, Object> properties = new HashMap<>();
170    
171                    String[] values = PropsUtil.getArray(key);
172    
173                    properties.put(key, values);
174    
175                    ServiceRegistration<Object> serviceRegistration =
176                            registry.registerService(Object.class, new Object(), properties);
177    
178                    serviceRegistrations.put(StringUtil.merge(values), serviceRegistration);
179            }
180    
181            protected ServiceTracker<Object, Object> trackWhitelistServices(
182                    String whitelistName, Set<String> whiteList) {
183    
184                    Registry registry = RegistryUtil.getRegistry();
185    
186                    ServiceTracker<Object, Object> serviceTracker = registry.trackServices(
187                            registry.getFilter("(" + whitelistName + "=*)"),
188                            new TokenWhitelistTrackerCustomizer(whitelistName, whiteList));
189    
190                    serviceTracker.open();
191    
192                    serviceTrackers.add(serviceTracker);
193    
194                    return serviceTracker;
195            }
196    
197            protected final StringServiceRegistrationMap<Object> serviceRegistrations =
198                    new StringServiceRegistrationMapImpl<>();
199            protected final List<ServiceTracker<Object, Object>> serviceTrackers =
200                    new ArrayList<>();
201    
202            private static class TokenWhitelistTrackerCustomizer
203                    implements ServiceTrackerCustomizer<Object, Object> {
204    
205                    public TokenWhitelistTrackerCustomizer(
206                            String whitelistName, Set<String> whitelist) {
207    
208                            _whitelistName = whitelistName;
209                            _whitelist = whitelist;
210                    }
211    
212                    @Override
213                    public Object addingService(ServiceReference<Object> serviceReference) {
214                            List<String> authTokenIgnoreActions = StringPlus.asList(
215                                    serviceReference.getProperty(_whitelistName));
216    
217                            _whitelist.addAll(authTokenIgnoreActions);
218    
219                            return authTokenIgnoreActions;
220                    }
221    
222                    @Override
223                    public void modifiedService(
224                            ServiceReference<Object> serviceReference, Object object) {
225    
226                            removedService(serviceReference, object);
227    
228                            addingService(serviceReference);
229                    }
230    
231                    @Override
232                    public void removedService(
233                            ServiceReference<Object> serviceReference, Object object) {
234    
235                            Collection<String> authTokenIgnoreActions =
236                                    (Collection<String>)object;
237    
238                            _whitelist.removeAll(authTokenIgnoreActions);
239                    }
240    
241                    private final Set<String> _whitelist;
242                    private final String _whitelistName;
243    
244            }
245    
246    }