1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.taglib.security;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.util.CharPool;
20  import com.liferay.portal.kernel.util.Http;
21  import com.liferay.portal.kernel.util.HttpUtil;
22  import com.liferay.portal.kernel.util.StringBundler;
23  import com.liferay.portal.kernel.util.StringPool;
24  import com.liferay.portal.kernel.util.StringUtil;
25  import com.liferay.portal.kernel.util.Validator;
26  import com.liferay.portal.model.Company;
27  import com.liferay.portal.util.PortalUtil;
28  import com.liferay.util.Encryptor;
29  import com.liferay.util.EncryptorException;
30  
31  import java.security.Key;
32  
33  import java.util.HashSet;
34  import java.util.Set;
35  import java.util.StringTokenizer;
36  
37  import javax.servlet.http.HttpServletRequest;
38  import javax.servlet.jsp.JspException;
39  import javax.servlet.jsp.tagext.TagSupport;
40  
41  /**
42   * <a href="EncryptTag.java.html"><b><i>View Source</i></b></a>
43   *
44   * @author Brian Wing Shun Chan
45   */
46  public class EncryptTag extends TagSupport {
47  
48      public int doStartTag() throws JspException {
49          try {
50              StringBundler sb = new StringBundler();
51  
52              // Open anchor
53  
54              sb.append("<a ");
55  
56              // Class
57  
58              if (Validator.isNotNull(_className)) {
59                  sb.append("class=\"");
60                  sb.append(_className);
61                  sb.append("\" ");
62              }
63  
64              // HREF
65  
66              sb.append("href=\"");
67              sb.append(_protocol);
68              sb.append(Http.PROTOCOL_DELIMITER);
69  
70              int pos = _url.indexOf(CharPool.QUESTION);
71  
72              if (pos == -1) {
73                  sb.append(_url);
74              }
75              else {
76                  sb.append(_url.substring(0, pos));
77                  sb.append(StringPool.QUESTION);
78  
79                  Company company = PortalUtil.getCompany(
80                      (HttpServletRequest)pageContext.getRequest());
81  
82                  Key key = company.getKeyObj();
83  
84                  StringTokenizer st = new StringTokenizer(
85                      _url.substring(pos + 1, _url.length()),
86                      StringPool.AMPERSAND);
87  
88                  while (st.hasMoreTokens()) {
89                      String paramAndValue = st.nextToken();
90  
91                      int x = paramAndValue.indexOf(CharPool.EQUAL);
92  
93                      String param = paramAndValue.substring(0, x);
94                      String value = paramAndValue.substring(
95                          x + 1, paramAndValue.length());
96  
97                      sb.append(param).append(StringPool.EQUAL);
98  
99                      if (_unencryptedParamsSet.contains(param)) {
100                         sb.append(HttpUtil.encodeURL(value));
101                     }
102                     else {
103                         try {
104                             sb.append(HttpUtil.encodeURL(
105                                 Encryptor.encrypt(key, value)));
106                         }
107                         catch (EncryptorException ee) {
108                             _log.error(ee.getMessage());
109                         }
110 
111                         if (st.hasMoreTokens()) {
112                             sb.append(StringPool.AMPERSAND);
113                         }
114                     }
115                 }
116 
117                 sb.append("&shuo=1");
118             }
119 
120             sb.append("\" ");
121 
122             // Style
123 
124             if (Validator.isNotNull(_style)) {
125                 sb.append("style=\"");
126                 sb.append(_style);
127                 sb.append("\" ");
128             }
129 
130             // Target
131 
132             if (Validator.isNotNull(_target)) {
133                 sb.append("target=\"" + _target + "\"");
134             }
135 
136             // Close anchor
137 
138             sb.append(">");
139 
140             pageContext.getOut().print(sb.toString());
141 
142             return EVAL_BODY_INCLUDE;
143         }
144         catch (Exception e) {
145             throw new JspException(e);
146         }
147     }
148 
149     public int doEndTag() throws JspException {
150         try {
151             pageContext.getOut().print("</a>");
152 
153             return EVAL_PAGE;
154         }
155         catch (Exception e) {
156             throw new JspException(e);
157         }
158     }
159 
160     public void setClassName(String className) {
161         _className = className;
162     }
163 
164     public void setStyle(String style) {
165         _style = style;
166     }
167 
168     public void setProtocol(String protocol) {
169         _protocol = protocol;
170     }
171 
172     public void setUnencryptedParams(String unencryptedParams) {
173         _unencryptedParamsSet.clear();
174 
175         String[] unencryptedParamsArray = StringUtil.split(unencryptedParams);
176 
177         for (int i = 0; i < unencryptedParamsArray.length; i++) {
178             _unencryptedParamsSet.add(unencryptedParamsArray[i]);
179         }
180     }
181 
182     public void setUrl(String url) {
183         _url = url;
184     }
185 
186     public void setTarget(String target) {
187         _target = target;
188     }
189 
190     private static Log _log = LogFactoryUtil.getLog(EncryptTag.class);
191 
192     private String _className;
193     private String _style;
194     private String _protocol;
195     private Set<String> _unencryptedParamsSet = new HashSet<String>();
196     private String _url;
197     private String _target;
198 
199 }