• Home
• com.liferay.portal
• release.dxp.api
• 2024.q1.7
• source code
• SecureRequestAction.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.liferay.portal.events.SecureRequestAction Maven / Gradle / Ivy

/**
 * SPDX-FileCopyrightText: (c) 2000 Liferay, Inc. https://liferay.com
 * SPDX-License-Identifier: LGPL-2.1-or-later OR LicenseRef-Liferay-DXP-EULA-2.0.0-2023-06
 */

package com.liferay.portal.events;

import com.liferay.portal.kernel.events.Action;
import com.liferay.portal.kernel.events.ActionException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.Http;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.StringUtil;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 

 * This action ensures that all requests are secure. Extend this and override
 * the isRequiresSecure method to programmatically decide when a
 * request requires HTTPS.
 * 
 *
 * @author Brian Wing Shun Chan
 */
public class SecureRequestAction extends Action {

	@Override
	public void run(
			HttpServletRequest httpServletRequest,
			HttpServletResponse httpServletResponse)
		throws ActionException {

		try {
			if (httpServletRequest.isSecure() ||
				!isRequiresSecure(httpServletRequest) ||
				httpServletResponse.isCommitted()) {

				return;
			}

			String redirect = getRedirect(httpServletRequest);

			if (_log.isDebugEnabled()) {
				_log.debug("Redirect " + redirect);
			}

			if (redirect != null) {
				httpServletResponse.sendRedirect(redirect);
			}
		}
		catch (Exception exception) {
			throw new ActionException(exception);
		}
	}

	protected String getRedirect(HttpServletRequest httpServletRequest) {
		String unsecureCompleteURL = PortalUtil.getCurrentCompleteURL(
			httpServletRequest);

		if (_log.isDebugEnabled()) {
			_log.debug("Unsecure URL " + unsecureCompleteURL);
		}

		String secureCompleteURL = StringUtil.replaceFirst(
			unsecureCompleteURL, Http.HTTP_WITH_SLASH, Http.HTTPS_WITH_SLASH);

		if (_log.isDebugEnabled()) {
			_log.debug("Secure URL " + secureCompleteURL);
		}

		if (unsecureCompleteURL.equals(secureCompleteURL)) {
			return null;
		}

		return secureCompleteURL;
	}

	protected boolean isRequiresSecure(HttpServletRequest httpServletRequest) {
		return _REQUIRES_SECURE;
	}

	private static final boolean _REQUIRES_SECURE = true;

	private static final Log _log = LogFactoryUtil.getLog(
		SecureRequestAction.class);

}