View Javadoc
1   /*
2    * Copyright (c) 2002-2014, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.verifybackurl.service;
35  
36  import java.nio.charset.StandardCharsets;
37  import java.util.ArrayList;
38  import java.util.Base64;
39  import java.util.List;
40  
41  import javax.servlet.http.HttpServletRequest;
42  
43  import org.apache.commons.lang3.StringUtils;
44  
45  import fr.paris.lutece.plugins.verifybackurl.business.AuthorizedUrl;
46  import fr.paris.lutece.plugins.verifybackurl.utils.VerifiyBackUrlUtils;
47  import fr.paris.lutece.plugins.verifybackurl.utils.VerifyBackUrlConstants;
48  import fr.paris.lutece.portal.service.spring.SpringContextService;
49  import fr.paris.lutece.portal.service.util.AppLogService;
50  import fr.paris.lutece.portal.service.util.AppPropertiesService;
51  
52  /**
53   * The Class AuthorizedUrlService.
54   */
55  public class AuthorizedUrlService
56  {
57      private static List<AuthorizedUrl> _listAuthorizedUrl;
58      
59      private static AuthorizedUrlService _instance;
60        /**
61       * Get instance of AuthorizedUrlService
62       * @return instance
63       */
64      public static AuthorizedUrlService getInstance( )
65      {
66          if ( _instance == null )
67          {
68              _instance = new AuthorizedUrlService( );
69                  
70          }
71          return _instance;
72      }
73      
74      private AuthorizedUrlService( )
75      {
76          
77      };
78      
79      /**
80       * Return the name of the urlAuthorized
81       * @param url
82       * @return the name of the UrlAuthorized 
83       */
84      public String getName( String url )
85      {
86          _listAuthorizedUrl = new ArrayList<AuthorizedUrl>();
87              
88          for ( IAuthorizedUrlProvider provider : SpringContextService.getBeansOfType( IAuthorizedUrlProvider.class ) )
89          {
90              _listAuthorizedUrl.addAll( provider.getAuthorizedUrlsList( ) );
91          }
92          if ( !_listAuthorizedUrl.isEmpty( ) )
93          {
94              for ( AuthorizedUrl strAuthUrl : _listAuthorizedUrl )
95              {
96                  if ( VerifiyBackUrlUtils.compareBaseUrl( strAuthUrl.getUrl( ), url ) )
97                  {
98                      return strAuthUrl.getName( );
99                  }
100             }
101         } 
102         return null;
103     }
104     
105     /**
106      * Return the name of the urlAuthorized
107      * @param strApplicationCode the application Code
108      * @param url
109      * @return the name of the UrlAuthorized 
110      */
111     public String getNameByApplicationCode( String strApplicationCode,String url )
112     {
113     	  _listAuthorizedUrl = new ArrayList<AuthorizedUrl>();
114           
115           for ( IAuthorizedUrlProvider provider : SpringContextService.getBeansOfType( IAuthorizedUrlProvider.class ) )
116           {
117               _listAuthorizedUrl.addAll( provider.getAuthorizedUrlsByApplicationCode(strApplicationCode));
118           }
119           if ( !_listAuthorizedUrl.isEmpty( ) )
120           {
121               for ( AuthorizedUrl strAuthUrl : _listAuthorizedUrl )
122               {
123                   if ( VerifiyBackUrlUtils.compareBaseUrl( strAuthUrl.getUrl( ), url ) )
124                   {
125                       return strAuthUrl.getName( );
126                   }
127               }
128           } 
129           return null;
130     }
131     
132     
133     /** 
134      * return the service back url if the url is authorized
135      * @param request the request
136      * @return the service back url if the url is authorized
137      */
138     public String getServiceBackUrl(HttpServletRequest request)
139     {   	
140     	return getServiceBackUrl(request, VerifyBackUrlConstants.PARAMETER_BACK_URL);
141     }
142     
143     
144     /** 
145      * return the service back url if the url is authorized
146      * @param request the request
147      * @param strBackUrlParameter the parameter name of the service back url
148      * @return the service back url if the url is authorized
149      */
150     public String getServiceBackUrl(HttpServletRequest request,String strBackUrlParameter)
151     {   	
152     	return getServiceBackUrl(request, VerifyBackUrlConstants.PARAMETER_BACK_URL,VerifyBackUrlConstants.SESSION_ATTRIBUTE_BACK_URL);
153     }
154     
155     
156     /**
157      *  
158      * return the service back url if the url is authorized.
159      *
160      * @param request the request
161      * @param strBackUrlParameter  the parameter name of the service back url
162      * @param strBackUrlSessionName The session attribute name who is stored the back url
163      * @return the service back url if the url is authorized
164      */
165     public String getServiceBackUrl(HttpServletRequest request,String strBackUrlParameter,String strBackUrlSessionName)
166     {   	
167     	 String strUrl= request.getParameter(strBackUrlParameter);
168     	
169     	 //try to decode url if b64 decode is enable 
170     	 if(strUrl!=null &&  !StringUtils.isEmpty(strUrl) &&  AppPropertiesService.getPropertyBoolean(VerifyBackUrlConstants.PROPERTY_ENABLE_BASE64_DECODE, false) && strUrl.matches( AppPropertiesService.getProperty(VerifyBackUrlConstants.PROPERTY_ENABLE_BASE64_DECODE_FOR_URL_PATTERN)))
171     	 {
172     		 try {
173     			 strUrl=new String(Base64.getUrlDecoder().decode(strUrl.getBytes( StandardCharsets.UTF_8 )));
174 			} catch (IllegalArgumentException  e) {
175 				AppLogService.info("the back url is not encoded in base64 {} ", strUrl,e);
176 			}
177     		 
178     	 }
179     	 
180     	 
181          if ( strUrl!= null &&   ProcessConstraintsService.checkConstraints( strUrl ))
182          {
183         	 VerifiyBackUrlUtils.storeBackUrlInSession( request, strUrl,strBackUrlSessionName );
184 
185          }
186          else if ( strUrl!= null  )
187          {
188              //this is for the security : if a service provide a back url,
189              //but this url breaks constaints, then drop the service in session
190              VerifiyBackUrlUtils.dropBackUrlInSession( request,strBackUrlSessionName );
191          }
192     	
193     	return VerifiyBackUrlUtils.getBackUrlInSession(request,strBackUrlSessionName);
194     }
195     
196     
197     
198     /**
199      *  
200      * return the service back url encode if the url is authorized and the decode base 64 property is enable
201      *
202      * @param request the request
203      * @param strBackUrlParameter  the parameter name of the service back url
204      * @return the service back url if the url is authorized
205      */
206     public String getServiceBackUrlEncoded(HttpServletRequest request)
207     {   
208     	
209     	return  getServiceBackUrlEncoded(request, VerifyBackUrlConstants.PARAMETER_BACK_URL, VerifyBackUrlConstants.SESSION_ATTRIBUTE_BACK_URL);
210     	
211     }
212     
213     
214     /**
215      *  
216      * return the service back url encode if the url is authorized and the decode base 64 property is enable 
217      *
218      * @param request the request
219      * @param strBackUrlParameter  the parameter name of the service back url
220      * @return the service back url if the url is authorized
221      */
222     public String getServiceBackUrlEncoded(HttpServletRequest request,String strBackUrlParameter)
223     {   
224     	
225     	return  getServiceBackUrlEncoded(request, strBackUrlParameter, VerifyBackUrlConstants.SESSION_ATTRIBUTE_BACK_URL);
226     	
227     }
228     
229     
230     /**
231      *  
232      * return the service back url encode if the url is authorized and the decode base 64 property is enable 
233      *
234      * @param request the request
235      * @param strBackUrlParameter  the parameter name of the service back url
236      * @param strBackUrlSessionName The session attribute name who is stored the back url
237      * @return the service back url if the url is authorized
238      */
239     public String getServiceBackUrlEncoded(HttpServletRequest request,String strBackUrlParameter,String strBackUrlSessionName)
240     {   
241     	
242     	return   AppPropertiesService.getPropertyBoolean(VerifyBackUrlConstants.PROPERTY_ENABLE_BASE64_DECODE, false)?VerifiyBackUrlUtils.encodeUrl(getServiceBackUrl(request, strBackUrlParameter, strBackUrlSessionName)):getServiceBackUrl(request, strBackUrlParameter, strBackUrlSessionName);
243     	
244     	
245     }
246     
247     
248    
249     
250     
251 }