001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.security.pacl.DoPrivileged;
018 import com.liferay.portal.kernel.util.CharPool;
019 import com.liferay.portal.kernel.util.SetUtil;
020 import com.liferay.portal.kernel.util.Validator;
021 import com.liferay.portal.model.Portlet;
022 import com.liferay.portal.service.PortletLocalServiceUtil;
023
024 import java.util.Collections;
025 import java.util.Set;
026
027
031 @DoPrivileged
032 public abstract class AbstractPortletRequestWhitelist
033 implements PortletRequestWhitelist {
034
035 public AbstractPortletRequestWhitelist() {
036 resetPortletInvocationWhitelist();
037 resetPortletInvocationWhitelistActions();
038 }
039
040 @Override
041 public Set<String> getPortletInvocationWhitelist() {
042 return _portletInvocationWhitelist;
043 }
044
045 @Override
046 public Set<String> getPortletInvocationWhitelistActions() {
047 return _portletInvocationWhitelistActions;
048 }
049
050 public abstract String[] getWhitelistActionsPropsValues();
051
052 public abstract String[] getWhitelistPropsValues();
053
054 @Override
055 public boolean isPortletInvocationWhitelisted(
056 long companyId, String portletId, String strutsAction) {
057
058 Set<String> whitelist = getPortletInvocationWhitelist();
059
060 if (whitelist.contains(portletId)) {
061 return true;
062 }
063
064 if (Validator.isNotNull(strutsAction)) {
065 Set<String> whitelistActions =
066 getPortletInvocationWhitelistActions();
067
068 if (whitelistActions.contains(strutsAction) &&
069 isValidStrutsAction(companyId, portletId, strutsAction)) {
070
071 return true;
072 }
073 }
074
075 return false;
076 }
077
078 @Override
079 public Set<String> resetPortletInvocationWhitelist() {
080 _portletInvocationWhitelist = SetUtil.fromArray(
081 getWhitelistPropsValues());
082 _portletInvocationWhitelist = Collections.unmodifiableSet(
083 _portletInvocationWhitelist);
084
085 return _portletInvocationWhitelist;
086 }
087
088 @Override
089 public Set<String> resetPortletInvocationWhitelistActions() {
090 _portletInvocationWhitelistActions = SetUtil.fromArray(
091 getWhitelistActionsPropsValues());
092 _portletInvocationWhitelistActions = Collections.unmodifiableSet(
093 _portletInvocationWhitelistActions);
094
095 return _portletInvocationWhitelistActions;
096 }
097
098 protected boolean isValidStrutsAction(
099 long companyId, String portletId, String strutsAction) {
100
101 try {
102 Portlet portlet = PortletLocalServiceUtil.getPortletById(
103 companyId, portletId);
104
105 if (portlet == null) {
106 return false;
107 }
108
109 String strutsPath = strutsAction.substring(
110 1, strutsAction.lastIndexOf(CharPool.SLASH));
111
112 if (strutsPath.equals(portlet.getStrutsPath()) ||
113 strutsPath.equals(portlet.getParentStrutsPath())) {
114
115 return true;
116 }
117 }
118 catch (Exception e) {
119 }
120
121 return false;
122 }
123
124 private Set<String> _portletInvocationWhitelist;
125 private Set<String> _portletInvocationWhitelistActions;
126
127 }