001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.template;
016    
017    import com.liferay.portal.kernel.security.pacl.NotPrivileged;
018    import com.liferay.portal.kernel.template.Template;
019    import com.liferay.portal.kernel.template.TemplateManager;
020    import com.liferay.portal.kernel.template.TemplateResource;
021    import com.liferay.portal.kernel.template.TemplateResourceLoader;
022    
023    import java.security.AccessControlContext;
024    import java.security.AccessController;
025    import java.security.PrivilegedAction;
026    
027    import java.util.Map;
028    
029    import javax.servlet.ServletContext;
030    import javax.servlet.http.HttpServletRequest;
031    import javax.servlet.http.HttpServletResponse;
032    
033    /**
034     * @author Raymond Aug??
035     */
036    public abstract class BaseTemplateManager implements TemplateManager {
037    
038            @Override
039            public void addContextObjects(
040                    Map<String, Object> contextObjects,
041                    Map<String, Object> newContextObjects) {
042    
043                    for (String variableName : newContextObjects.keySet()) {
044                            if (contextObjects.containsKey(variableName)) {
045                                    continue;
046                            }
047    
048                            Object object = newContextObjects.get(variableName);
049    
050                            if (object instanceof Class) {
051                                    addStaticClassSupport(
052                                            contextObjects, variableName, (Class<?>)object);
053                            }
054                            else {
055                                    contextObjects.put(variableName, object);
056                            }
057                    }
058            }
059    
060            @Override
061            public void addStaticClassSupport(
062                    Map<String, Object> contextObjects, String variableName,
063                    Class<?> variableClass) {
064            }
065    
066            @Override
067            public void addTaglibApplication(
068                    Map<String, Object> contextObjects, String applicationName,
069                    ServletContext servletContext) {
070            }
071    
072            @Override
073            public void addTaglibFactory(
074                    Map<String, Object> contextObjects, String taglibLiferayHash,
075                    ServletContext servletContext) {
076            }
077    
078            @Override
079            public void addTaglibRequest(
080                    Map<String, Object> contextObjects, String applicationName,
081                    HttpServletRequest request, HttpServletResponse response) {
082            }
083    
084            @Override
085            public void addTaglibTheme(
086                    Map<String, Object> contextObjects, String themeName,
087                    HttpServletRequest request, HttpServletResponse response) {
088            }
089    
090            @Override
091            public String[] getRestrictedVariables() {
092                    return new String[0];
093            }
094    
095            @NotPrivileged
096            @Override
097            public Template getTemplate(
098                    TemplateResource templateResource, boolean restricted) {
099    
100                    return getTemplate(templateResource, null, restricted);
101            }
102    
103            @NotPrivileged
104            @Override
105            public Template getTemplate(
106                    TemplateResource templateResource,
107                    TemplateResource errorTemplateResource, boolean restricted) {
108    
109                    TemplateControlContext templateControlContext =
110                            templateContextHelper.getTemplateControlContext();
111    
112                    AccessControlContext accessControlContext =
113                            templateControlContext.getAccessControlContext();
114    
115                    ClassLoader classLoader = templateControlContext.getClassLoader();
116    
117                    if (accessControlContext == null) {
118                            Map<String, Object> helperUtilities =
119                                    templateContextHelper.getHelperUtilities(
120                                            classLoader, restricted);
121    
122                            return doGetTemplate(
123                                    templateResource, errorTemplateResource, restricted,
124                                    helperUtilities, false);
125                    }
126    
127                    Map<String, Object> helperUtilities = AccessController.doPrivileged(
128                            new DoGetHelperUtilitiesPrivilegedAction(
129                                    templateContextHelper, classLoader, restricted),
130                            accessControlContext);
131    
132                    Template template = AccessController.doPrivileged(
133                            new DoGetTemplatePrivilegedAction(
134                                    templateResource, errorTemplateResource, restricted,
135                                    helperUtilities));
136    
137                    return new PrivilegedTemplateWrapper(accessControlContext, template);
138            }
139    
140            public void setTemplateContextHelper(
141                    TemplateContextHelper templateContextHelper) {
142    
143                    this.templateContextHelper = templateContextHelper;
144            }
145    
146            public void setTemplateResourceLoader(
147                    TemplateResourceLoader templateResourceLoader) {
148    
149                    this.templateResourceLoader = templateResourceLoader;
150            }
151    
152            protected abstract Template doGetTemplate(
153                    TemplateResource templateResource,
154                    TemplateResource errorTemplateResource, boolean restricted,
155                    Map<String, Object> helperUtilities, boolean privileged);
156    
157            protected TemplateContextHelper templateContextHelper;
158            protected TemplateResourceLoader templateResourceLoader;
159    
160            private class DoGetHelperUtilitiesPrivilegedAction
161                    implements PrivilegedAction<Map<String, Object>> {
162    
163                    public DoGetHelperUtilitiesPrivilegedAction(
164                            TemplateContextHelper templateContextHelper,
165                            ClassLoader classLoader, boolean restricted) {
166    
167                            _templateContextHelper = templateContextHelper;
168                            _classLoader = classLoader;
169                            _restricted = restricted;
170                    }
171    
172                    @Override
173                    public Map<String, Object> run() {
174                            return _templateContextHelper.getHelperUtilities(
175                                    _classLoader, _restricted);
176                    }
177    
178                    private final ClassLoader _classLoader;
179                    private boolean _restricted;
180                    private final TemplateContextHelper _templateContextHelper;
181    
182            }
183    
184            private class DoGetTemplatePrivilegedAction
185                    implements PrivilegedAction<Template> {
186    
187                    public DoGetTemplatePrivilegedAction(
188                            TemplateResource templateResource,
189                            TemplateResource errorTemplateResource, boolean restricted,
190                            Map<String, Object> helperUtilities) {
191    
192                            _templateResource = templateResource;
193                            _errorTemplateResource = errorTemplateResource;
194                            _restricted = restricted;
195                            _helperUtilities = helperUtilities;
196                    }
197    
198                    @Override
199                    public Template run() {
200                            return doGetTemplate(
201                                    _templateResource, _errorTemplateResource, _restricted,
202                                    _helperUtilities, true);
203                    }
204    
205                    private final TemplateResource _errorTemplateResource;
206                    private final Map<String, Object> _helperUtilities;
207                    private boolean _restricted;
208                    private final TemplateResource _templateResource;
209    
210            }
211    
212    }