1 /* 2 * Copyright (c) 2002-2016, Mairie de Paris 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright notice 10 * and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright notice 13 * and the following disclaimer in the documentation and/or other materials 14 * provided with the distribution. 15 * 16 * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its 17 * contributors may be used to endorse or promote products derived from 18 * this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 * 32 * License 1.0 33 */ 34 package fr.paris.lutece.plugins.avatarserver.service; 35 36 import fr.paris.lutece.portal.service.util.AppLogService; 37 import javax.servlet.http.HttpServletRequest; 38 import javax.servlet.http.HttpServletResponse; 39 import org.apache.commons.lang.StringUtils; 40 import org.springframework.util.AntPathMatcher; 41 import org.springframework.util.PathMatcher; 42 43 /** 44 * HttpUtils 45 */ 46 public class HttpUtils 47 { 48 private static final String HEADER_ACCESS_CONTROL_METHODS = "Access-Control-Allow-Methods"; 49 private static final String HEADER_ACCESS_CONTROL_ORIGIN = "Access-Control-Allow-Origin"; 50 private static final String HEADER_ACCESS_CONTROL_CREDENTIALS = "Access-Control-Allow-Credentials"; 51 private static final PathMatcher PATH_MATCHER = new AntPathMatcher( ); 52 53 public static final String HEADER_ORIGIN = "origin"; 54 55 /** 56 * Get the origin header 57 * @param request The HTTP request 58 * @return the header value 59 */ 60 public static String getHeaderOrigin( HttpServletRequest request ) 61 { 62 return request.getHeader( HEADER_ORIGIN ); 63 } 64 65 /** 66 * Check if a domain is valid according a list of patterns 67 * @param strDomain The domain 68 * @param strValidPatterns A list of valid domain patterns separated by a comma. 69 * @return true if valid 70 */ 71 public static boolean isValidDomain( String strDomain, String strValidPatterns ) 72 { 73 boolean bValid = false; 74 75 if( !StringUtils.isEmpty( strValidPatterns ) ) 76 { 77 78 String[] aAuthorizedDomains = strValidPatterns.split( "," ); 79 80 for( String strAuthorizedDomain : aAuthorizedDomains ) 81 { 82 if( PATH_MATCHER.match( strAuthorizedDomain.trim() , strDomain.trim() ) ) 83 { 84 bValid = true; 85 break; 86 } 87 } 88 } 89 if( !bValid ) 90 { 91 AppLogService.info( "AvatarServer : request rent from an invalid domain : " + strDomain ); 92 } 93 return bValid; 94 } 95 96 /** 97 * Set access control headers of a given response object 98 * @param response The response 99 * @param strMethods The Methods header value 100 * @param strOrigin The Origin header value 101 * @param strCredentials The Credentials header value 102 */ 103 public static void setAccessControlHeaders( HttpServletResponse response, String strMethods, String strOrigin, String strCredentials ) 104 { 105 response.addHeader( HEADER_ACCESS_CONTROL_METHODS, strMethods ); 106 response.addHeader( HEADER_ACCESS_CONTROL_ORIGIN, strOrigin ); 107 response.addHeader( HEADER_ACCESS_CONTROL_CREDENTIALS, strCredentials ); 108 } 109 110 }