001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.action;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.servlet.ServletResponseUtil;
020    import com.liferay.portal.kernel.util.CharPool;
021    import com.liferay.portal.kernel.util.ContentTypes;
022    import com.liferay.portal.kernel.util.Http;
023    import com.liferay.portal.kernel.util.HttpUtil;
024    import com.liferay.portal.kernel.util.ParamUtil;
025    import com.liferay.portal.kernel.util.StringPool;
026    import com.liferay.portal.kernel.util.StringUtil;
027    import com.liferay.portal.kernel.util.Validator;
028    import com.liferay.portal.util.PropsValues;
029    
030    import javax.servlet.http.HttpServletRequest;
031    import javax.servlet.http.HttpServletResponse;
032    
033    import org.apache.struts.action.Action;
034    import org.apache.struts.action.ActionForm;
035    import org.apache.struts.action.ActionForward;
036    import org.apache.struts.action.ActionMapping;
037    
038    /**
039     * @author David Truong
040     * @author Gavin Wan
041     * @author Samuel Kong
042     */
043    public class RESTProxyAction extends Action {
044    
045            @Override
046            public ActionForward execute(
047                            ActionMapping actionMapping, ActionForm actionForm,
048                            HttpServletRequest request, HttpServletResponse response)
049                    throws Exception {
050    
051                    String url = ParamUtil.getString(request, "url");
052    
053                    if (!validate(url)) {
054                            return null;
055                    }
056    
057                    Http.Options options = new Http.Options();
058    
059                    int pos = url.indexOf(CharPool.QUESTION);
060    
061                    if (pos != -1) {
062                            options.setBody(
063                                    url.substring(pos + 1),
064                                    ContentTypes.APPLICATION_X_WWW_FORM_URLENCODED,
065                                    StringPool.UTF8);
066                            options.setLocation(url.substring(0, pos));
067                    }
068                    else {
069                            options.setLocation(url);
070                    }
071    
072                    options.setPost(true);
073    
074                    String content = HttpUtil.URLtoString(options);
075    
076                    ServletResponseUtil.write(response, content);
077    
078                    return null;
079            }
080    
081            protected boolean validate(String url) {
082                    if (Validator.isNull(url) || !HttpUtil.hasDomain(url)) {
083                            return false;
084                    }
085    
086                    if (PropsValues.REST_PROXY_URL_PREFIXES_ALLOWED.length == 0) {
087                            return true;
088                    }
089    
090                    for (String urlPrefix : PropsValues.REST_PROXY_URL_PREFIXES_ALLOWED) {
091                            if (StringUtil.startsWith(url, urlPrefix)) {
092                                    return true;
093                            }
094                    }
095    
096                    if (_log.isDebugEnabled()) {
097                            _log.debug("URL " + url + " is not allowed");
098                    }
099    
100                    return false;
101            }
102    
103            private static Log _log = LogFactoryUtil.getLog(RESTProxyAction.class);
104    
105    }