001
014
015 package com.liferay.portal.action;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.servlet.ServletResponseUtil;
020 import com.liferay.portal.kernel.util.CharPool;
021 import com.liferay.portal.kernel.util.ContentTypes;
022 import com.liferay.portal.kernel.util.Http;
023 import com.liferay.portal.kernel.util.HttpUtil;
024 import com.liferay.portal.kernel.util.ParamUtil;
025 import com.liferay.portal.kernel.util.StringPool;
026 import com.liferay.portal.kernel.util.StringUtil;
027 import com.liferay.portal.kernel.util.Validator;
028 import com.liferay.portal.util.PropsValues;
029
030 import javax.servlet.http.HttpServletRequest;
031 import javax.servlet.http.HttpServletResponse;
032
033 import org.apache.struts.action.Action;
034 import org.apache.struts.action.ActionForm;
035 import org.apache.struts.action.ActionForward;
036 import org.apache.struts.action.ActionMapping;
037
038
043 public class RESTProxyAction extends Action {
044
045 @Override
046 public ActionForward execute(
047 ActionMapping actionMapping, ActionForm actionForm,
048 HttpServletRequest request, HttpServletResponse response)
049 throws Exception {
050
051 String url = ParamUtil.getString(request, "url");
052
053 if (!validate(url)) {
054 return null;
055 }
056
057 Http.Options options = new Http.Options();
058
059 int pos = url.indexOf(CharPool.QUESTION);
060
061 if (pos != -1) {
062 options.setBody(
063 url.substring(pos + 1),
064 ContentTypes.APPLICATION_X_WWW_FORM_URLENCODED,
065 StringPool.UTF8);
066 options.setLocation(url.substring(0, pos));
067 }
068 else {
069 options.setLocation(url);
070 }
071
072 options.setPost(true);
073
074 String content = HttpUtil.URLtoString(options);
075
076 ServletResponseUtil.write(response, content);
077
078 return null;
079 }
080
081 protected boolean validate(String url) {
082 if (Validator.isNull(url) || !HttpUtil.hasDomain(url)) {
083 return false;
084 }
085
086 if (PropsValues.REST_PROXY_URL_PREFIXES_ALLOWED.length == 0) {
087 return true;
088 }
089
090 for (String urlPrefix : PropsValues.REST_PROXY_URL_PREFIXES_ALLOWED) {
091 if (StringUtil.startsWith(url, urlPrefix)) {
092 return true;
093 }
094 }
095
096 if (_log.isDebugEnabled()) {
097 _log.debug("URL " + url + " is not allowed");
098 }
099
100 return false;
101 }
102
103 private static Log _log = LogFactoryUtil.getLog(RESTProxyAction.class);
104
105 }