001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.taglib.security;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.CharPool;
020    import com.liferay.portal.kernel.util.Http;
021    import com.liferay.portal.kernel.util.HttpUtil;
022    import com.liferay.portal.kernel.util.StringBundler;
023    import com.liferay.portal.kernel.util.StringPool;
024    import com.liferay.portal.kernel.util.StringUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.model.Company;
027    import com.liferay.portal.util.PortalUtil;
028    import com.liferay.util.Encryptor;
029    import com.liferay.util.EncryptorException;
030    
031    import java.security.Key;
032    
033    import java.util.HashSet;
034    import java.util.Set;
035    import java.util.StringTokenizer;
036    
037    import javax.servlet.http.HttpServletRequest;
038    import javax.servlet.jsp.JspException;
039    import javax.servlet.jsp.tagext.TagSupport;
040    
041    /**
042     * @author Brian Wing Shun Chan
043     */
044    public class EncryptTag extends TagSupport {
045    
046            public int doStartTag() throws JspException {
047                    try {
048                            StringBundler sb = new StringBundler();
049    
050                            // Open anchor
051    
052                            sb.append("<a ");
053    
054                            // Class
055    
056                            if (Validator.isNotNull(_className)) {
057                                    sb.append("class=\"");
058                                    sb.append(_className);
059                                    sb.append("\" ");
060                            }
061    
062                            // HREF
063    
064                            sb.append("href=\"");
065                            sb.append(_protocol);
066                            sb.append(Http.PROTOCOL_DELIMITER);
067    
068                            int pos = _url.indexOf(CharPool.QUESTION);
069    
070                            if (pos == -1) {
071                                    sb.append(_url);
072                            }
073                            else {
074                                    sb.append(_url.substring(0, pos));
075                                    sb.append(StringPool.QUESTION);
076    
077                                    Company company = PortalUtil.getCompany(
078                                            (HttpServletRequest)pageContext.getRequest());
079    
080                                    Key key = company.getKeyObj();
081    
082                                    StringTokenizer st = new StringTokenizer(
083                                            _url.substring(pos + 1, _url.length()),
084                                            StringPool.AMPERSAND);
085    
086                                    while (st.hasMoreTokens()) {
087                                            String paramAndValue = st.nextToken();
088    
089                                            int x = paramAndValue.indexOf(CharPool.EQUAL);
090    
091                                            String param = paramAndValue.substring(0, x);
092                                            String value = paramAndValue.substring(
093                                                    x + 1, paramAndValue.length());
094    
095                                            sb.append(param).append(StringPool.EQUAL);
096    
097                                            if (_unencryptedParamsSet.contains(param)) {
098                                                    sb.append(HttpUtil.encodeURL(value));
099                                            }
100                                            else {
101                                                    try {
102                                                            sb.append(HttpUtil.encodeURL(
103                                                                    Encryptor.encrypt(key, value)));
104                                                    }
105                                                    catch (EncryptorException ee) {
106                                                            _log.error(ee.getMessage());
107                                                    }
108    
109                                                    if (st.hasMoreTokens()) {
110                                                            sb.append(StringPool.AMPERSAND);
111                                                    }
112                                            }
113                                    }
114    
115                                    sb.append("&shuo=1");
116                            }
117    
118                            sb.append("\" ");
119    
120                            // Style
121    
122                            if (Validator.isNotNull(_style)) {
123                                    sb.append("style=\"");
124                                    sb.append(_style);
125                                    sb.append("\" ");
126                            }
127    
128                            // Target
129    
130                            if (Validator.isNotNull(_target)) {
131                                    sb.append("target=\"" + _target + "\"");
132                            }
133    
134                            // Close anchor
135    
136                            sb.append(">");
137    
138                            pageContext.getOut().print(sb.toString());
139    
140                            return EVAL_BODY_INCLUDE;
141                    }
142                    catch (Exception e) {
143                            throw new JspException(e);
144                    }
145            }
146    
147            public int doEndTag() throws JspException {
148                    try {
149                            pageContext.getOut().print("</a>");
150    
151                            return EVAL_PAGE;
152                    }
153                    catch (Exception e) {
154                            throw new JspException(e);
155                    }
156            }
157    
158            public void setClassName(String className) {
159                    _className = className;
160            }
161    
162            public void setStyle(String style) {
163                    _style = style;
164            }
165    
166            public void setProtocol(String protocol) {
167                    _protocol = protocol;
168            }
169    
170            public void setUnencryptedParams(String unencryptedParams) {
171                    _unencryptedParamsSet.clear();
172    
173                    String[] unencryptedParamsArray = StringUtil.split(unencryptedParams);
174    
175                    for (int i = 0; i < unencryptedParamsArray.length; i++) {
176                            _unencryptedParamsSet.add(unencryptedParamsArray[i]);
177                    }
178            }
179    
180            public void setUrl(String url) {
181                    _url = url;
182            }
183    
184            public void setTarget(String target) {
185                    _target = target;
186            }
187    
188            private static Log _log = LogFactoryUtil.getLog(EncryptTag.class);
189    
190            private String _className;
191            private String _style;
192            private String _protocol;
193            private Set<String> _unencryptedParamsSet = new HashSet<String>();
194            private String _url;
195            private String _target;
196    
197    }