1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.portal.service.security;
35
36 import fr.paris.lutece.portal.service.spring.SpringContextService;
37
38 import java.util.HashMap;
39 import java.util.HashSet;
40 import java.util.Map;
41 import java.util.Set;
42 import java.util.UUID;
43
44 import javax.servlet.http.HttpServletRequest;
45 import javax.servlet.http.HttpSession;
46
47
48
49
50
51
52
53 public class SecurityTokenService implements ISecurityTokenService
54 {
55 public static final String MARK_TOKEN = "token";
56 public static final String PARAMETER_TOKEN = "token";
57 private static final String BEAN_SECURITY_TOKEN_SERVICE = "securityTokenService";
58 private static final String PARAMETER_SESSION_TOKENS = "tokens";
59 private static ISecurityTokenService _singleton;
60
61
62
63
64 private SecurityTokenService( )
65 {
66 }
67
68
69
70
71
72
73 public static ISecurityTokenService getInstance( )
74 {
75 if ( _singleton == null )
76 {
77 _singleton = SpringContextService.getBean( BEAN_SECURITY_TOKEN_SERVICE );
78 }
79
80 return _singleton;
81 }
82
83
84
85
86 @Override
87 public String getToken( HttpServletRequest request, String strAction )
88 {
89 String strToken = generateNewKey( );
90 HttpSession session = request.getSession( true );
91 Map<String, Set<String>> hashTokens;
92
93 if ( session.getAttribute( PARAMETER_SESSION_TOKENS ) == null )
94 {
95 hashTokens = new HashMap<String, Set<String>>( );
96 session.setAttribute( PARAMETER_SESSION_TOKENS, hashTokens );
97 }
98
99 hashTokens = (Map<String, Set<String>>) session.getAttribute( PARAMETER_SESSION_TOKENS );
100
101 if ( !hashTokens.containsKey( strAction ) )
102 {
103 hashTokens.put( strAction, new HashSet<String>( ) );
104 }
105
106 hashTokens.get( strAction ).add( strToken );
107
108 return strToken;
109 }
110
111
112
113
114 @Override
115 public boolean validate( HttpServletRequest request, String StrAction )
116 {
117 HttpSession session = request.getSession( true );
118
119 String strToken = request.getParameter( PARAMETER_TOKEN );
120
121 if ( ( session.getAttribute( PARAMETER_SESSION_TOKENS ) != null ) &&
122 ( (Map<String, Set<String>>) session.getAttribute( PARAMETER_SESSION_TOKENS ) ).containsKey( StrAction ) &&
123 ( (Map<String, Set<String>>) session.getAttribute( PARAMETER_SESSION_TOKENS ) ).get( StrAction )
124 .contains( strToken ) )
125 {
126 ( (Map<String, Set<String>>) session.getAttribute( PARAMETER_SESSION_TOKENS ) ).get( StrAction )
127 .remove( strToken );
128
129 return true;
130 }
131
132 return false;
133 }
134
135
136
137
138
139
140 private String generateNewKey( )
141 {
142 UUID key = UUID.randomUUID( );
143
144 return key.toString( );
145 }
146 }