001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.taglib.security;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.Http;
020    import com.liferay.portal.kernel.util.HttpUtil;
021    import com.liferay.portal.kernel.util.StringBundler;
022    import com.liferay.portal.kernel.util.StringPool;
023    import com.liferay.portal.kernel.util.StringUtil;
024    import com.liferay.portal.kernel.util.Validator;
025    import com.liferay.portal.model.Company;
026    import com.liferay.portal.util.PortalUtil;
027    import com.liferay.util.Encryptor;
028    import com.liferay.util.EncryptorException;
029    
030    import java.security.Key;
031    
032    import java.util.HashSet;
033    import java.util.Set;
034    import java.util.StringTokenizer;
035    
036    import javax.servlet.http.HttpServletRequest;
037    import javax.servlet.jsp.JspException;
038    import javax.servlet.jsp.tagext.TagSupport;
039    
040    /**
041     * @author Brian Wing Shun Chan
042     */
043    public class EncryptTag extends TagSupport {
044    
045            public int doStartTag() throws JspException {
046                    try {
047                            StringBundler sb = new StringBundler();
048    
049                            // Open anchor
050    
051                            sb.append("<a ");
052    
053                            // Class
054    
055                            if (Validator.isNotNull(_className)) {
056                                    sb.append("class=\"");
057                                    sb.append(_className);
058                                    sb.append("\" ");
059                            }
060    
061                            // HREF
062    
063                            sb.append("href=\"");
064                            sb.append(_protocol);
065                            sb.append(Http.PROTOCOL_DELIMITER);
066    
067                            int pos = _url.indexOf(StringPool.QUESTION);
068    
069                            if (pos == -1) {
070                                    sb.append(_url);
071                            }
072                            else {
073                                    sb.append(_url.substring(0, pos));
074                                    sb.append(StringPool.QUESTION);
075    
076                                    Company company = PortalUtil.getCompany(
077                                            (HttpServletRequest)pageContext.getRequest());
078    
079                                    Key key = company.getKeyObj();
080    
081                                    StringTokenizer st = new StringTokenizer(
082                                            _url.substring(pos + 1, _url.length()),
083                                            StringPool.AMPERSAND);
084    
085                                    while (st.hasMoreTokens()) {
086                                            String paramAndValue = st.nextToken();
087    
088                                            int x = paramAndValue.indexOf(StringPool.EQUAL);
089    
090                                            String param = paramAndValue.substring(0, x);
091                                            String value = paramAndValue.substring(
092                                                    x + 1, paramAndValue.length());
093    
094                                            sb.append(param).append(StringPool.EQUAL);
095    
096                                            if (_unencryptedParamsSet.contains(param)) {
097                                                    sb.append(HttpUtil.encodeURL(value));
098                                            }
099                                            else {
100                                                    try {
101                                                            sb.append(HttpUtil.encodeURL(
102                                                                    Encryptor.encrypt(key, value)));
103                                                    }
104                                                    catch (EncryptorException ee) {
105                                                            _log.error(ee.getMessage());
106                                                    }
107    
108                                                    if (st.hasMoreTokens()) {
109                                                            sb.append(StringPool.AMPERSAND);
110                                                    }
111                                            }
112                                    }
113    
114                                    sb.append("&shuo=1");
115                            }
116    
117                            sb.append("\" ");
118    
119                            // Style
120    
121                            if (Validator.isNotNull(_style)) {
122                                    sb.append("style=\"");
123                                    sb.append(_style);
124                                    sb.append("\" ");
125                            }
126    
127                            // Target
128    
129                            if (Validator.isNotNull(_target)) {
130                                    sb.append("target=\"" + _target + "\"");
131                            }
132    
133                            // Close anchor
134    
135                            sb.append(">");
136    
137                            pageContext.getOut().print(sb.toString());
138    
139                            return EVAL_BODY_INCLUDE;
140                    }
141                    catch (Exception e) {
142                            throw new JspException(e);
143                    }
144            }
145    
146            public int doEndTag() throws JspException {
147                    try {
148                            pageContext.getOut().print("</a>");
149    
150                            return EVAL_PAGE;
151                    }
152                    catch (Exception e) {
153                            throw new JspException(e);
154                    }
155            }
156    
157            public void setClassName(String className) {
158                    _className = className;
159            }
160    
161            public void setStyle(String style) {
162                    _style = style;
163            }
164    
165            public void setProtocol(String protocol) {
166                    _protocol = protocol;
167            }
168    
169            public void setUnencryptedParams(String unencryptedParams) {
170                    _unencryptedParamsSet.clear();
171    
172                    String[] unencryptedParamsArray = StringUtil.split(unencryptedParams);
173    
174                    for (int i = 0; i < unencryptedParamsArray.length; i++) {
175                            _unencryptedParamsSet.add(unencryptedParamsArray[i]);
176                    }
177            }
178    
179            public void setUrl(String url) {
180                    _url = url;
181            }
182    
183            public void setTarget(String target) {
184                    _target = target;
185            }
186    
187            private static Log _log = LogFactoryUtil.getLog(EncryptTag.class);
188    
189            private String _className;
190            private String _style;
191            private String _protocol;
192            private Set<String> _unencryptedParamsSet = new HashSet<String>();
193            private String _url;
194            private String _target;
195    
196    }