001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.events;
016    
017    import com.liferay.portal.kernel.events.Action;
018    import com.liferay.portal.kernel.events.ActionException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.util.Http;
022    import com.liferay.portal.kernel.util.StringUtil;
023    import com.liferay.portal.util.PortalUtil;
024    
025    import javax.servlet.http.HttpServletRequest;
026    import javax.servlet.http.HttpServletResponse;
027    
028    /**
029     * <p>
030     * This action ensures that all requests are secure. Extend this and override
031     * the <code>isRequiresSecure</code> method to programmatically decide when a
032     * request requires HTTPS.
033     * </p>
034     *
035     * @author Brian Wing Shun Chan
036     */
037    public class SecureRequestAction extends Action {
038    
039            @Override
040            public void run(HttpServletRequest request, HttpServletResponse response)
041                    throws ActionException {
042    
043                    try {
044                            if (request.isSecure()) {
045                                    return;
046                            }
047    
048                            if (!isRequiresSecure(request)) {
049                                    return;
050                            }
051    
052                            if (response.isCommitted()) {
053                                    return;
054                            }
055    
056                            String redirect = getRedirect(request);
057    
058                            if (_log.isDebugEnabled()) {
059                                    _log.debug("Redirect " + redirect);
060                            }
061    
062                            if (redirect != null) {
063                                    response.sendRedirect(redirect);
064                            }
065                    }
066                    catch (Exception e) {
067                            throw new ActionException(e);
068                    }
069            }
070    
071            protected String getRedirect(HttpServletRequest request) {
072                    String unsecureCompleteURL = PortalUtil.getCurrentCompleteURL(request);
073    
074                    if (_log.isDebugEnabled()) {
075                            _log.debug("Unsecure URL " + unsecureCompleteURL);
076                    }
077    
078                    String secureCompleteURL = StringUtil.replaceFirst(
079                            unsecureCompleteURL, Http.HTTP_WITH_SLASH, Http.HTTPS_WITH_SLASH);
080    
081                    if (_log.isDebugEnabled()) {
082                            _log.debug("Secure URL " + secureCompleteURL);
083                    }
084    
085                    if (unsecureCompleteURL.equals(secureCompleteURL)) {
086                            return null;
087                    }
088                    else {
089                            return secureCompleteURL;
090                    }
091            }
092    
093            protected boolean isRequiresSecure(HttpServletRequest request) {
094                    return _REQUIRES_SECURE;
095            }
096    
097            private static final boolean _REQUIRES_SECURE = true;
098    
099            private static Log _log = LogFactoryUtil.getLog(SecureRequestAction.class);
100    
101    }