001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.util;
016    
017    import com.liferay.portal.CookieNotSupportedException;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.util.CharPool;
021    import com.liferay.portal.kernel.util.StringPool;
022    import com.liferay.portal.kernel.util.Validator;
023    import com.liferay.util.CookieUtil;
024    
025    import javax.servlet.http.Cookie;
026    import javax.servlet.http.HttpServletRequest;
027    import javax.servlet.http.HttpServletResponse;
028    
029    import org.apache.commons.codec.binary.Hex;
030    
031    /**
032     * @author Brian Wing Shun Chan
033     * @author Minhchau Dang
034     */
035    public class CookieKeys {
036    
037            public static final String COOKIE_SUPPORT = "COOKIE_SUPPORT";
038    
039            public static final String COMPANY_ID = "COMPANY_ID";
040    
041            public static final String GUEST_LANGUAGE_ID = "GUEST_LANGUAGE_ID";
042    
043            public static final String ID = "ID";
044    
045            public static final String JSESSIONID = "jsessionid";
046    
047            public static final String LOGIN = "LOGIN";
048    
049            public static final String PASSWORD = "PASSWORD";
050    
051            public static final String REMEMBER_ME = "REMEMBER_ME";
052    
053            public static final String SCREEN_NAME = "SCREEN_NAME";
054    
055            public static final int MAX_AGE = 31536000;
056    
057            public static final int VERSION = 0;
058    
059            public static void addCookie(
060                    HttpServletRequest request, HttpServletResponse response,
061                    Cookie cookie) {
062    
063                    addCookie(request, response, cookie, request.isSecure());
064            }
065    
066            public static void addCookie(
067                    HttpServletRequest request, HttpServletResponse response,
068                    Cookie cookie, boolean secure) {
069    
070                    if (!PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES ||
071                            PropsValues.TCK_URL) {
072    
073                            return;
074                    }
075    
076                    // LEP-5175
077    
078                    String name = cookie.getName();
079    
080                    String originalValue = cookie.getValue();
081                    String encodedValue = originalValue;
082    
083                    if (isEncodedCookie(name)) {
084                            encodedValue = new String(Hex.encodeHex(originalValue.getBytes()));
085    
086                            if (_log.isDebugEnabled()) {
087                                    _log.debug("Add encoded cookie " + name);
088                                    _log.debug("Original value " + originalValue);
089                                    _log.debug("Hex encoded value " + encodedValue);
090                            }
091                    }
092    
093                    cookie.setSecure(secure);
094                    cookie.setValue(encodedValue);
095                    cookie.setVersion(VERSION);
096    
097                    // Setting a cookie will cause the TCK to lose its ability to track
098                    // sessions
099    
100                    response.addCookie(cookie);
101            }
102    
103            public static void addSupportCookie(
104                    HttpServletRequest request, HttpServletResponse response) {
105    
106                    Cookie cookieSupportCookie = new Cookie(COOKIE_SUPPORT, "true");
107    
108                    cookieSupportCookie.setPath(StringPool.SLASH);
109                    cookieSupportCookie.setMaxAge(MAX_AGE);
110    
111                    addCookie(request, response, cookieSupportCookie);
112            }
113    
114            public static String getCookie(HttpServletRequest request, String name) {
115                    String value = CookieUtil.get(request, name);
116    
117                    if ((value != null) && isEncodedCookie(name)) {
118                            try {
119                                    String encodedValue = value;
120                                    String originalValue = new String(
121                                            Hex.decodeHex(encodedValue.toCharArray()));
122    
123                                    if (_log.isDebugEnabled()) {
124                                            _log.debug("Get encoded cookie " + name);
125                                            _log.debug("Hex encoded value " + encodedValue);
126                                            _log.debug("Original value " + originalValue);
127                                    }
128    
129                                    return originalValue;
130                            }
131                            catch (Exception e) {
132                                    if (_log.isWarnEnabled()) {
133                                            _log.warn(e.getMessage());
134                                    }
135    
136                                    return value;
137                            }
138                    }
139    
140                    return value;
141            }
142    
143            public static String getDomain(HttpServletRequest request) {
144    
145                    // See LEP-4602 and       LEP-4618.
146    
147                    if (Validator.isNotNull(PropsValues.SESSION_COOKIE_DOMAIN)) {
148                            return PropsValues.SESSION_COOKIE_DOMAIN;
149                    }
150    
151                    String host = request.getServerName();
152    
153                    return getDomain(host);
154            }
155    
156            public static String getDomain(String host) {
157    
158                    // See LEP-4602 and LEP-4645.
159    
160                    if (host == null) {
161                            return null;
162                    }
163    
164                    // See LEP-5595.
165    
166                    if (Validator.isIPAddress(host)) {
167                            return host;
168                    }
169    
170                    int x = host.lastIndexOf(CharPool.PERIOD);
171    
172                    if (x <= 0) {
173                            return null;
174                    }
175    
176                    int y = host.lastIndexOf(CharPool.PERIOD, x - 1);
177    
178                    if (y <= 0) {
179                            return StringPool.PERIOD + host;
180                    }
181    
182                    int z = host.lastIndexOf(CharPool.PERIOD, y - 1);
183    
184                    String domain = null;
185    
186                    if (z <= 0) {
187                            domain = host.substring(y);
188                    }
189                    else {
190                            domain = host.substring(z);
191                    }
192    
193                    return domain;
194            }
195    
196            public static boolean hasSessionId(HttpServletRequest request) {
197                    String jsessionid = getCookie(request, JSESSIONID);
198    
199                    if (jsessionid != null) {
200                            return true;
201                    }
202                    else {
203                            return false;
204                    }
205            }
206    
207            public static boolean isEncodedCookie(String name) {
208                    if (name.equals(ID) || name.equals(LOGIN) || name.equals(PASSWORD) ||
209                            name.equals(SCREEN_NAME)) {
210    
211                            return true;
212                    }
213                    else {
214                            return false;
215                    }
216            }
217    
218            public static void validateSupportCookie(HttpServletRequest request)
219                    throws CookieNotSupportedException {
220    
221                    if (PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES &&
222                            PropsValues.SESSION_TEST_COOKIE_SUPPORT) {
223    
224                            String cookieSupport = getCookie(request, COOKIE_SUPPORT);
225    
226                            if (Validator.isNull(cookieSupport)) {
227                                    throw new CookieNotSupportedException();
228                            }
229                    }
230            }
231    
232            private static Log _log = LogFactoryUtil.getLog(CookieKeys.class);
233    
234    }