1   /**
2    * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.util;
24  
25  import com.liferay.portal.CookieNotSupportedException;
26  import com.liferay.portal.kernel.util.StringPool;
27  import com.liferay.portal.kernel.util.Validator;
28  import com.liferay.util.CookieUtil;
29  
30  import javax.servlet.http.Cookie;
31  import javax.servlet.http.HttpServletRequest;
32  import javax.servlet.http.HttpServletResponse;
33  
34  import org.apache.commons.codec.binary.Hex;
35  import org.apache.commons.logging.Log;
36  import org.apache.commons.logging.LogFactory;
37  
38  /**
39   * <a href="CookieKeys.java.html"><b><i>View Source</i></b></a>
40   *
41   * @author Brian Wing Shun Chan
42   * @author Minhchau Dang
43   *
44   */
45  public class CookieKeys {
46  
47      public static final String COOKIE_SUPPORT = "COOKIE_SUPPORT";
48  
49      public static final String COMPANY_ID = "COMPANY_ID";
50  
51      public static final String GUEST_LANGUAGE_ID = "GUEST_LANGUAGE_ID";
52  
53      public static final String ID = "ID";
54  
55      public static final String JSESSIONID = "jsessionid";
56  
57      public static final String LOGIN = "LOGIN";
58  
59      public static final String PASSWORD = "PASSWORD";
60  
61      public static final String REMEMBER_ME = "REMEMBER_ME";
62  
63      public static final String SCREEN_NAME = "SCREEN_NAME";
64  
65      public static final int MAX_AGE = 31536000;
66  
67      public static final int VERSION = 0;
68  
69      public static void addCookie(HttpServletResponse res, Cookie cookie) {
70          if (PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES) {
71              if (!PropsValues.TCK_URL) {
72  
73                  // LEP-5175
74  
75                  String name = cookie.getName();
76  
77                  String originalValue = cookie.getValue();
78                  String encodedValue = originalValue;
79  
80                  if (isEncodedCookie(name)) {
81                      encodedValue = new String(
82                          Hex.encodeHex(originalValue.getBytes()));
83  
84                      if (_log.isDebugEnabled()) {
85                          _log.debug("Add encoded cookie " + name);
86                          _log.debug("Original value " + originalValue);
87                          _log.debug("Hex encoded value " + encodedValue);
88                      }
89                  }
90  
91                  cookie.setValue(encodedValue);
92                  cookie.setVersion(VERSION);
93  
94                  // Setting a cookie will cause the TCK to lose its ability
95                  // to track sessions
96  
97                  res.addCookie(cookie);
98              }
99          }
100     }
101 
102     public static void addSupportCookie(HttpServletResponse res) {
103         Cookie cookieSupportCookie = new Cookie(COOKIE_SUPPORT, "true");
104 
105         cookieSupportCookie.setPath(StringPool.SLASH);
106         cookieSupportCookie.setMaxAge(MAX_AGE);
107 
108         addCookie(res, cookieSupportCookie);
109     }
110 
111     public static String getCookie(HttpServletRequest req, String name) {
112         String value = CookieUtil.get(req, name);
113 
114         if ((value != null) && isEncodedCookie(name)) {
115             try {
116                 String encodedValue = value;
117                 String originalValue = new String(
118                     Hex.decodeHex(encodedValue.toCharArray()));
119 
120                 if (_log.isDebugEnabled()) {
121                     _log.debug("Get encoded cookie " + name);
122                     _log.debug("Hex encoded value " + encodedValue);
123                     _log.debug("Original value " + originalValue);
124                 }
125 
126                 return originalValue;
127             }
128             catch (Exception e) {
129                 if (_log.isWarnEnabled()) {
130                     _log.warn(e.getMessage());
131                 }
132 
133                 return value;
134             }
135         }
136 
137         return value;
138     }
139 
140     public static String getDomain(HttpServletRequest req) {
141 
142         // See LEP-4602 and LEP-4618.
143 
144         if (Validator.isNotNull(PropsValues.SESSION_COOKIE_DOMAIN)) {
145             return PropsValues.SESSION_COOKIE_DOMAIN;
146         }
147 
148         String host = req.getServerName();
149 
150         return getDomain(host);
151     }
152 
153     public static String getDomain(String host) {
154 
155         // See LEP-4602 and LEP-4645.
156 
157         if (host == null) {
158             return null;
159         }
160 
161         int x = host.lastIndexOf(StringPool.PERIOD);
162 
163         if (x <= 0) {
164             return null;
165         }
166 
167         int y = host.lastIndexOf(StringPool.PERIOD, x - 1);
168 
169         if (y <= 0) {
170             return StringPool.PERIOD + host;
171         }
172 
173         int z = host.lastIndexOf(StringPool.PERIOD, y - 1);
174 
175         String domain = null;
176 
177         if (z <= 0) {
178             domain = host.substring(y);
179         }
180         else {
181             domain = host.substring(z);
182         }
183 
184         return domain;
185     }
186 
187     public static boolean hasSessionId(HttpServletRequest req) {
188         String jsessionid = getCookie(req, JSESSIONID);
189 
190         if (jsessionid != null) {
191             return true;
192         }
193         else {
194             return false;
195         }
196     }
197 
198     public static boolean isEncodedCookie(String name) {
199         if (name.equals(ID) || name.equals(LOGIN) || name.equals(PASSWORD) ||
200             name.equals(SCREEN_NAME)) {
201 
202             return true;
203         }
204         else {
205             return false;
206         }
207     }
208 
209     public static void validateSupportCookie(HttpServletRequest req)
210         throws CookieNotSupportedException {
211 
212         if (PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES &&
213             PropsValues.SESSION_TEST_COOKIE_SUPPORT) {
214 
215             String cookieSupport = getCookie(req, COOKIE_SUPPORT);
216 
217             if (Validator.isNull(cookieSupport)) {
218                 throw new CookieNotSupportedException();
219             }
220         }
221     }
222 
223     private static Log _log = LogFactory.getLog(CookieKeys.class);
224 
225 }