1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.events;
16  
17  import com.liferay.portal.kernel.events.Action;
18  import com.liferay.portal.kernel.events.ActionException;
19  import com.liferay.portal.kernel.log.Log;
20  import com.liferay.portal.kernel.log.LogFactoryUtil;
21  import com.liferay.portal.kernel.util.Http;
22  import com.liferay.portal.kernel.util.StringUtil;
23  import com.liferay.portal.util.PortalUtil;
24  
25  import javax.servlet.http.HttpServletRequest;
26  import javax.servlet.http.HttpServletResponse;
27  
28  /**
29   * <a href="SecureRequestAction.java.html"><b><i>View Source</i></b></a>
30   *
31   * <p>
32   * This action ensures that all requests are secure. Extend this and override
33   * the <code>isRequiresSecure</code> method to programmatically decide when a
34   * request requires HTTPS.
35   * </p>
36   *
37   * @author Brian Wing Shun Chan
38   */
39  public class SecureRequestAction extends Action {
40  
41      public void run(HttpServletRequest request, HttpServletResponse response)
42          throws ActionException {
43  
44          try {
45              if (request.isSecure()) {
46                  return;
47              }
48  
49              if (!isRequiresSecure(request)) {
50                  return;
51              }
52  
53              if (response.isCommitted()) {
54                  return;
55              }
56  
57              String redirect = getRedirect(request);
58  
59              if (_log.isDebugEnabled()) {
60                  _log.debug("Redirect " + redirect);
61              }
62  
63              if (redirect != null) {
64                  response.sendRedirect(redirect);
65              }
66          }
67          catch (Exception e) {
68              throw new ActionException(e);
69          }
70      }
71  
72      protected String getRedirect(HttpServletRequest request) {
73          String unsecureCompleteURL = PortalUtil.getCurrentCompleteURL(request);
74  
75          if (_log.isDebugEnabled()) {
76              _log.debug("Unsecure URL " + unsecureCompleteURL);
77          }
78  
79          String secureCompleteURL = StringUtil.replaceFirst(
80              unsecureCompleteURL, Http.HTTP_WITH_SLASH, Http.HTTPS_WITH_SLASH);
81  
82          if (_log.isDebugEnabled()) {
83              _log.debug("Secure URL " + secureCompleteURL);
84          }
85  
86          if (unsecureCompleteURL.equals(secureCompleteURL)) {
87              return null;
88          }
89          else {
90              return secureCompleteURL;
91          }
92      }
93  
94      protected boolean isRequiresSecure(HttpServletRequest request) {
95          return _REQUIRES_SECURE;
96      }
97  
98      private static final boolean _REQUIRES_SECURE = true;
99  
100     private static Log _log = LogFactoryUtil.getLog(SecureRequestAction.class);
101 
102 }