1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.verifybackurl.service;
35
36 import java.nio.charset.StandardCharsets;
37 import java.util.ArrayList;
38 import java.util.Base64;
39 import java.util.List;
40
41 import javax.servlet.http.HttpServletRequest;
42
43 import org.apache.commons.lang3.StringUtils;
44
45 import fr.paris.lutece.plugins.verifybackurl.business.AuthorizedUrl;
46 import fr.paris.lutece.plugins.verifybackurl.utils.VerifiyBackUrlUtils;
47 import fr.paris.lutece.plugins.verifybackurl.utils.VerifyBackUrlConstants;
48 import fr.paris.lutece.portal.service.spring.SpringContextService;
49 import fr.paris.lutece.portal.service.util.AppLogService;
50 import fr.paris.lutece.portal.service.util.AppPropertiesService;
51
52
53
54
55 public class AuthorizedUrlService
56 {
57 private static List<AuthorizedUrl> _listAuthorizedUrl;
58
59 private static AuthorizedUrlService _instance;
60
61
62
63
64 public static AuthorizedUrlService getInstance( )
65 {
66 if ( _instance == null )
67 {
68 _instance = new AuthorizedUrlService( );
69
70 }
71 return _instance;
72 }
73
74 private AuthorizedUrlService( )
75 {
76
77 };
78
79
80
81
82
83
84 public String getName( String url )
85 {
86 _listAuthorizedUrl = new ArrayList<AuthorizedUrl>();
87
88 for ( IAuthorizedUrlProvider provider : SpringContextService.getBeansOfType( IAuthorizedUrlProvider.class ) )
89 {
90 _listAuthorizedUrl.addAll( provider.getAuthorizedUrlsList( ) );
91 }
92 if ( !_listAuthorizedUrl.isEmpty( ) )
93 {
94 for ( AuthorizedUrl strAuthUrl : _listAuthorizedUrl )
95 {
96 if ( VerifiyBackUrlUtils.compareBaseUrl( strAuthUrl.getUrl( ), url ) )
97 {
98 return strAuthUrl.getName( );
99 }
100 }
101 }
102 return null;
103 }
104
105
106
107
108
109
110
111 public String getNameByApplicationCode( String strApplicationCode,String url )
112 {
113 _listAuthorizedUrl = new ArrayList<AuthorizedUrl>();
114
115 for ( IAuthorizedUrlProvider provider : SpringContextService.getBeansOfType( IAuthorizedUrlProvider.class ) )
116 {
117 _listAuthorizedUrl.addAll( provider.getAuthorizedUrlsByApplicationCode(strApplicationCode));
118 }
119 if ( !_listAuthorizedUrl.isEmpty( ) )
120 {
121 for ( AuthorizedUrl strAuthUrl : _listAuthorizedUrl )
122 {
123 if ( VerifiyBackUrlUtils.compareBaseUrl( strAuthUrl.getUrl( ), url ) )
124 {
125 return strAuthUrl.getName( );
126 }
127 }
128 }
129 return null;
130 }
131
132
133
134
135
136
137
138 public String getServiceBackUrl(HttpServletRequest request)
139 {
140 return getServiceBackUrl(request, VerifyBackUrlConstants.PARAMETER_BACK_URL);
141 }
142
143
144
145
146
147
148
149
150 public String getServiceBackUrl(HttpServletRequest request,String strBackUrlParameter)
151 {
152 return getServiceBackUrl(request, VerifyBackUrlConstants.PARAMETER_BACK_URL,VerifyBackUrlConstants.SESSION_ATTRIBUTE_BACK_URL);
153 }
154
155
156
157
158
159
160
161
162
163
164
165 public String getServiceBackUrl(HttpServletRequest request,String strBackUrlParameter,String strBackUrlSessionName)
166 {
167 String strUrl= request.getParameter(strBackUrlParameter);
168
169
170 if(strUrl!=null && !StringUtils.isEmpty(strUrl) && AppPropertiesService.getPropertyBoolean(VerifyBackUrlConstants.PROPERTY_ENABLE_BASE64_DECODE, false) && strUrl.matches( AppPropertiesService.getProperty(VerifyBackUrlConstants.PROPERTY_ENABLE_BASE64_DECODE_FOR_URL_PATTERN)))
171 {
172 try {
173 strUrl=new String(Base64.getUrlDecoder().decode(strUrl.getBytes( StandardCharsets.UTF_8 )));
174 } catch (IllegalArgumentException e) {
175 AppLogService.info("the back url is not encoded in base64 {} ", strUrl,e);
176 }
177
178 }
179
180
181 if ( strUrl!= null && ProcessConstraintsService.checkConstraints( strUrl ))
182 {
183 VerifiyBackUrlUtils.storeBackUrlInSession( request, strUrl,strBackUrlSessionName );
184
185 }
186 else if ( strUrl!= null )
187 {
188
189
190 VerifiyBackUrlUtils.dropBackUrlInSession( request,strBackUrlSessionName );
191 }
192
193 return VerifiyBackUrlUtils.getBackUrlInSession(request,strBackUrlSessionName);
194 }
195
196
197
198
199
200
201
202
203
204
205
206 public String getServiceBackUrlEncoded(HttpServletRequest request)
207 {
208
209 return getServiceBackUrlEncoded(request, VerifyBackUrlConstants.PARAMETER_BACK_URL, VerifyBackUrlConstants.SESSION_ATTRIBUTE_BACK_URL);
210
211 }
212
213
214
215
216
217
218
219
220
221
222 public String getServiceBackUrlEncoded(HttpServletRequest request,String strBackUrlParameter)
223 {
224
225 return getServiceBackUrlEncoded(request, strBackUrlParameter, VerifyBackUrlConstants.SESSION_ATTRIBUTE_BACK_URL);
226
227 }
228
229
230
231
232
233
234
235
236
237
238
239 public String getServiceBackUrlEncoded(HttpServletRequest request,String strBackUrlParameter,String strBackUrlSessionName)
240 {
241
242 return AppPropertiesService.getPropertyBoolean(VerifyBackUrlConstants.PROPERTY_ENABLE_BASE64_DECODE, false)?VerifiyBackUrlUtils.encodeUrl(getServiceBackUrl(request, strBackUrlParameter, strBackUrlSessionName)):getServiceBackUrl(request, strBackUrlParameter, strBackUrlSessionName);
243
244
245 }
246
247
248
249
250
251 }