001
014
015 package com.liferay.portal.kernel.security.auth;
016
017 import com.liferay.portal.kernel.model.Portlet;
018 import com.liferay.portal.kernel.portlet.LiferayPortletURL;
019 import com.liferay.portal.kernel.util.PropsUtil;
020 import com.liferay.portal.kernel.util.StringUtil;
021 import com.liferay.registry.Registry;
022 import com.liferay.registry.RegistryUtil;
023 import com.liferay.registry.ServiceReference;
024 import com.liferay.registry.ServiceRegistration;
025 import com.liferay.registry.ServiceTracker;
026 import com.liferay.registry.ServiceTrackerCustomizer;
027 import com.liferay.registry.collections.StringServiceRegistrationMap;
028 import com.liferay.registry.collections.StringServiceRegistrationMapImpl;
029 import com.liferay.registry.util.StringPlus;
030
031 import java.util.ArrayList;
032 import java.util.Collection;
033 import java.util.Collections;
034 import java.util.HashMap;
035 import java.util.List;
036 import java.util.Map;
037 import java.util.Set;
038
039 import javax.servlet.http.HttpServletRequest;
040
041
044 public abstract class BaseAuthTokenWhitelist implements AuthTokenWhitelist {
045
046 @Deprecated
047 @Override
048 public Set<String> getOriginCSRFWhitelist() {
049 return Collections.emptySet();
050 }
051
052 @Deprecated
053 @Override
054 public Set<String> getPortletCSRFWhitelist() {
055 return Collections.emptySet();
056 }
057
058 @Deprecated
059 @Override
060 public Set<String> getPortletCSRFWhitelistActions() {
061 return Collections.emptySet();
062 }
063
064 @Deprecated
065 @Override
066 public Set<String> getPortletInvocationWhitelist() {
067 return Collections.emptySet();
068 }
069
070 @Deprecated
071 @Override
072 public Set<String> getPortletInvocationWhitelistActions() {
073 return Collections.emptySet();
074 }
075
076 @Override
077 public boolean isOriginCSRFWhitelisted(long companyId, String origin) {
078 return false;
079 }
080
081 @Override
082 public boolean isPortletCSRFWhitelisted(
083 HttpServletRequest request, Portlet portlet) {
084
085 return false;
086 }
087
088 @Deprecated
089 @Override
090 public boolean isPortletCSRFWhitelisted(
091 long companyId, String portletId, String strutsAction) {
092
093 return false;
094 }
095
096 @Override
097 public boolean isPortletInvocationWhitelisted(
098 HttpServletRequest request, Portlet portlet) {
099
100 return false;
101 }
102
103 @Deprecated
104 @Override
105 public boolean isPortletInvocationWhitelisted(
106 long companyId, String portletId, String strutsAction) {
107
108 return false;
109 }
110
111 @Override
112 public boolean isPortletURLCSRFWhitelisted(
113 LiferayPortletURL liferayPortletURL) {
114
115 return false;
116 }
117
118 @Override
119 public boolean isPortletURLPortletInvocationWhitelisted(
120 LiferayPortletURL liferayPortletURL) {
121
122 return false;
123 }
124
125 @Override
126 public boolean isValidSharedSecret(String sharedSecret) {
127 return false;
128 }
129
130 @Deprecated
131 @Override
132 public Set<String> resetOriginCSRFWhitelist() {
133 return Collections.emptySet();
134 }
135
136 @Deprecated
137 @Override
138 public Set<String> resetPortletCSRFWhitelist() {
139 return Collections.emptySet();
140 }
141
142 @Deprecated
143 @Override
144 public Set<String> resetPortletInvocationWhitelist() {
145 return Collections.emptySet();
146 }
147
148 @Deprecated
149 @Override
150 public Set<String> resetPortletInvocationWhitelistActions() {
151 return Collections.emptySet();
152 }
153
154 protected void destroy() {
155 for (ServiceRegistration<?> serviceRegistration :
156 serviceRegistrations.values()) {
157
158 serviceRegistration.unregister();
159 }
160
161 for (ServiceTracker<?, ?> serviceTracker : serviceTrackers) {
162 serviceTracker.close();
163 }
164 }
165
166 protected void registerPortalProperty(String key) {
167 Registry registry = RegistryUtil.getRegistry();
168
169 Map<String, Object> properties = new HashMap<>();
170
171 String[] values = PropsUtil.getArray(key);
172
173 properties.put(key, values);
174
175 ServiceRegistration<Object> serviceRegistration =
176 registry.registerService(Object.class, new Object(), properties);
177
178 serviceRegistrations.put(StringUtil.merge(values), serviceRegistration);
179 }
180
181 protected ServiceTracker<Object, Object> trackWhitelistServices(
182 String whitelistName, Set<String> whiteList) {
183
184 Registry registry = RegistryUtil.getRegistry();
185
186 ServiceTracker<Object, Object> serviceTracker = registry.trackServices(
187 registry.getFilter("(" + whitelistName + "=*)"),
188 new TokenWhitelistTrackerCustomizer(whitelistName, whiteList));
189
190 serviceTracker.open();
191
192 serviceTrackers.add(serviceTracker);
193
194 return serviceTracker;
195 }
196
197 protected final StringServiceRegistrationMap<Object> serviceRegistrations =
198 new StringServiceRegistrationMapImpl<>();
199 protected final List<ServiceTracker<Object, Object>> serviceTrackers =
200 new ArrayList<>();
201
202 private static class TokenWhitelistTrackerCustomizer
203 implements ServiceTrackerCustomizer<Object, Object> {
204
205 public TokenWhitelistTrackerCustomizer(
206 String whitelistName, Set<String> whitelist) {
207
208 _whitelistName = whitelistName;
209 _whitelist = whitelist;
210 }
211
212 @Override
213 public Object addingService(ServiceReference<Object> serviceReference) {
214 List<String> authTokenIgnoreActions = StringPlus.asList(
215 serviceReference.getProperty(_whitelistName));
216
217 _whitelist.addAll(authTokenIgnoreActions);
218
219 return authTokenIgnoreActions;
220 }
221
222 @Override
223 public void modifiedService(
224 ServiceReference<Object> serviceReference, Object object) {
225
226 removedService(serviceReference, object);
227
228 addingService(serviceReference);
229 }
230
231 @Override
232 public void removedService(
233 ServiceReference<Object> serviceReference, Object object) {
234
235 Collection<String> authTokenIgnoreActions =
236 (Collection<String>)object;
237
238 _whitelist.removeAll(authTokenIgnoreActions);
239 }
240
241 private final Set<String> _whitelist;
242 private final String _whitelistName;
243
244 }
245
246 }