001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.events;
016    
017    import com.liferay.portal.kernel.events.Action;
018    import com.liferay.portal.kernel.events.ActionException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.util.Http;
022    import com.liferay.portal.kernel.util.StringUtil;
023    import com.liferay.portal.util.PortalUtil;
024    
025    import javax.servlet.http.HttpServletRequest;
026    import javax.servlet.http.HttpServletResponse;
027    
028    /**
029     * <p>
030     * This action ensures that all requests are secure. Extend this and override
031     * the <code>isRequiresSecure</code> method to programmatically decide when a
032     * request requires HTTPS.
033     * </p>
034     *
035     * @author Brian Wing Shun Chan
036     */
037    public class SecureRequestAction extends Action {
038    
039            public void run(HttpServletRequest request, HttpServletResponse response)
040                    throws ActionException {
041    
042                    try {
043                            if (request.isSecure()) {
044                                    return;
045                            }
046    
047                            if (!isRequiresSecure(request)) {
048                                    return;
049                            }
050    
051                            if (response.isCommitted()) {
052                                    return;
053                            }
054    
055                            String redirect = getRedirect(request);
056    
057                            if (_log.isDebugEnabled()) {
058                                    _log.debug("Redirect " + redirect);
059                            }
060    
061                            if (redirect != null) {
062                                    response.sendRedirect(redirect);
063                            }
064                    }
065                    catch (Exception e) {
066                            throw new ActionException(e);
067                    }
068            }
069    
070            protected String getRedirect(HttpServletRequest request) {
071                    String unsecureCompleteURL = PortalUtil.getCurrentCompleteURL(request);
072    
073                    if (_log.isDebugEnabled()) {
074                            _log.debug("Unsecure URL " + unsecureCompleteURL);
075                    }
076    
077                    String secureCompleteURL = StringUtil.replaceFirst(
078                            unsecureCompleteURL, Http.HTTP_WITH_SLASH, Http.HTTPS_WITH_SLASH);
079    
080                    if (_log.isDebugEnabled()) {
081                            _log.debug("Secure URL " + secureCompleteURL);
082                    }
083    
084                    if (unsecureCompleteURL.equals(secureCompleteURL)) {
085                            return null;
086                    }
087                    else {
088                            return secureCompleteURL;
089                    }
090            }
091    
092            protected boolean isRequiresSecure(HttpServletRequest request) {
093                    return _REQUIRES_SECURE;
094            }
095    
096            private static final boolean _REQUIRES_SECURE = true;
097    
098            private static Log _log = LogFactoryUtil.getLog(SecureRequestAction.class);
099    
100    }