AuthTokenUtil.java

/**
 * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
 *
 * This library is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Lesser General Public License as published by the Free
 * Software Foundation; either version 2.1 of the License, or (at your option)
 * any later version.
 *
 * This library is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
 * details.
 */

package com.liferay.portal.kernel.security.auth;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.model.Layout;
import com.liferay.portal.kernel.model.Portlet;
import com.liferay.portal.kernel.portlet.LiferayPortletURL;
import com.liferay.portal.kernel.util.ServiceProxyFactory;

import javax.servlet.http.HttpServletRequest;

/**
 * @author Amos Fong
 * @author Peter Fellwock
 * @author Raymond Augé
 */
public class AuthTokenUtil {

	public static void addCSRFToken(
		HttpServletRequest request, LiferayPortletURL liferayPortletURL) {

		AuthToken authToken = _authToken;

		if (authToken != null) {
			authToken.addCSRFToken(request, liferayPortletURL);
		}
	}

	public static void addPortletInvocationToken(
		HttpServletRequest request, LiferayPortletURL liferayPortletURL) {

		AuthToken authToken = _authToken;

		if (authToken != null) {
			authToken.addPortletInvocationToken(request, liferayPortletURL);
		}
	}

	/**
	 * @deprecated As of 6.2.0, replaced by {@link
	 *             #checkCSRFToken(HttpServletRequest, String)}
	 */
	@Deprecated
	public static void check(HttpServletRequest request)
		throws PortalException {

		AuthToken authToken = _authToken;

		if (authToken != null) {
			authToken.check(request);
		}
	}

	public static void checkCSRFToken(HttpServletRequest request, String origin)
		throws PrincipalException {

		AuthToken authToken = _authToken;

		if (authToken != null) {
			authToken.checkCSRFToken(request, origin);
		}
	}

	public static String getToken(HttpServletRequest request) {
		AuthToken authToken = _authToken;

		if (authToken == null) {
			return null;
		}

		return authToken.getToken(request);
	}

	public static String getToken(
		HttpServletRequest request, long plid, String portletId) {

		AuthToken authToken = _authToken;

		if (authToken == null) {
			return null;
		}

		return authToken.getToken(request, plid, portletId);
	}

	public static boolean isValidPortletInvocationToken(
		HttpServletRequest request, Layout layout, Portlet portlet) {

		AuthToken authToken = _authToken;

		if (authToken == null) {
			return false;
		}

		return authToken.isValidPortletInvocationToken(
			request, layout, portlet);
	}

	/**
	 * @deprecated As of 7.0.0, replaced by {@link
	 *             #isValidPortletInvocationToken(HttpServletRequest, Layout,
	 *             Portlet)}
	 */
	@Deprecated
	public static boolean isValidPortletInvocationToken(
		HttpServletRequest request, long plid, String portletId,
		String strutsAction, String tokenValue) {

		AuthToken authToken = _authToken;

		if (authToken == null) {
			return false;
		}

		return authToken.isValidPortletInvocationToken(
			request, plid, portletId, strutsAction, tokenValue);
	}

	private static volatile AuthToken _authToken =
		ServiceProxyFactory.newServiceTrackedInstance(
			AuthToken.class, AuthTokenUtil.class, "_authToken", false);

}