1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.taglib.security;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.util.Http;
20  import com.liferay.portal.kernel.util.HttpUtil;
21  import com.liferay.portal.kernel.util.StringBundler;
22  import com.liferay.portal.kernel.util.StringPool;
23  import com.liferay.portal.kernel.util.StringUtil;
24  import com.liferay.portal.kernel.util.Validator;
25  import com.liferay.portal.model.Company;
26  import com.liferay.portal.util.PortalUtil;
27  import com.liferay.util.Encryptor;
28  import com.liferay.util.EncryptorException;
29  
30  import java.security.Key;
31  
32  import java.util.HashSet;
33  import java.util.Set;
34  import java.util.StringTokenizer;
35  
36  import javax.servlet.http.HttpServletRequest;
37  import javax.servlet.jsp.JspException;
38  import javax.servlet.jsp.tagext.TagSupport;
39  
40  /**
41   * <a href="EncryptTag.java.html"><b><i>View Source</i></b></a>
42   *
43   * @author Brian Wing Shun Chan
44   */
45  public class EncryptTag extends TagSupport {
46  
47      public int doStartTag() throws JspException {
48          try {
49              StringBundler sb = new StringBundler();
50  
51              // Open anchor
52  
53              sb.append("<a ");
54  
55              // Class
56  
57              if (Validator.isNotNull(_className)) {
58                  sb.append("class=\"");
59                  sb.append(_className);
60                  sb.append("\" ");
61              }
62  
63              // HREF
64  
65              sb.append("href=\"");
66              sb.append(_protocol);
67              sb.append(Http.PROTOCOL_DELIMITER);
68  
69              int pos = _url.indexOf(StringPool.QUESTION);
70  
71              if (pos == -1) {
72                  sb.append(_url);
73              }
74              else {
75                  sb.append(_url.substring(0, pos));
76                  sb.append(StringPool.QUESTION);
77  
78                  Company company = PortalUtil.getCompany(
79                      (HttpServletRequest)pageContext.getRequest());
80  
81                  Key key = company.getKeyObj();
82  
83                  StringTokenizer st = new StringTokenizer(
84                      _url.substring(pos + 1, _url.length()),
85                      StringPool.AMPERSAND);
86  
87                  while (st.hasMoreTokens()) {
88                      String paramAndValue = st.nextToken();
89  
90                      int x = paramAndValue.indexOf(StringPool.EQUAL);
91  
92                      String param = paramAndValue.substring(0, x);
93                      String value = paramAndValue.substring(
94                          x + 1, paramAndValue.length());
95  
96                      sb.append(param).append(StringPool.EQUAL);
97  
98                      if (_unencryptedParamsSet.contains(param)) {
99                          sb.append(HttpUtil.encodeURL(value));
100                     }
101                     else {
102                         try {
103                             sb.append(HttpUtil.encodeURL(
104                                 Encryptor.encrypt(key, value)));
105                         }
106                         catch (EncryptorException ee) {
107                             _log.error(ee.getMessage());
108                         }
109 
110                         if (st.hasMoreTokens()) {
111                             sb.append(StringPool.AMPERSAND);
112                         }
113                     }
114                 }
115 
116                 sb.append("&shuo=1");
117             }
118 
119             sb.append("\" ");
120 
121             // Style
122 
123             if (Validator.isNotNull(_style)) {
124                 sb.append("style=\"");
125                 sb.append(_style);
126                 sb.append("\" ");
127             }
128 
129             // Target
130 
131             if (Validator.isNotNull(_target)) {
132                 sb.append("target=\"" + _target + "\"");
133             }
134 
135             // Close anchor
136 
137             sb.append(">");
138 
139             pageContext.getOut().print(sb.toString());
140 
141             return EVAL_BODY_INCLUDE;
142         }
143         catch (Exception e) {
144             throw new JspException(e);
145         }
146     }
147 
148     public int doEndTag() throws JspException {
149         try {
150             pageContext.getOut().print("</a>");
151 
152             return EVAL_PAGE;
153         }
154         catch (Exception e) {
155             throw new JspException(e);
156         }
157     }
158 
159     public void setClassName(String className) {
160         _className = className;
161     }
162 
163     public void setStyle(String style) {
164         _style = style;
165     }
166 
167     public void setProtocol(String protocol) {
168         _protocol = protocol;
169     }
170 
171     public void setUnencryptedParams(String unencryptedParams) {
172         _unencryptedParamsSet.clear();
173 
174         String[] unencryptedParamsArray = StringUtil.split(unencryptedParams);
175 
176         for (int i = 0; i < unencryptedParamsArray.length; i++) {
177             _unencryptedParamsSet.add(unencryptedParamsArray[i]);
178         }
179     }
180 
181     public void setUrl(String url) {
182         _url = url;
183     }
184 
185     public void setTarget(String target) {
186         _target = target;
187     }
188 
189     private static Log _log = LogFactoryUtil.getLog(EncryptTag.class);
190 
191     private String _className;
192     private String _style;
193     private String _protocol;
194     private Set<String> _unencryptedParamsSet = new HashSet<String>();
195     private String _url;
196     private String _target;
197 
198 }