001
014
015 package com.liferay.portal.action;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.servlet.ServletResponseUtil;
020 import com.liferay.portal.kernel.util.ArrayUtil;
021 import com.liferay.portal.kernel.util.CharPool;
022 import com.liferay.portal.kernel.util.ContentTypes;
023 import com.liferay.portal.kernel.util.Http;
024 import com.liferay.portal.kernel.util.HttpUtil;
025 import com.liferay.portal.kernel.util.ParamUtil;
026 import com.liferay.portal.kernel.util.StringPool;
027 import com.liferay.portal.kernel.util.StringUtil;
028 import com.liferay.portal.kernel.util.Validator;
029 import com.liferay.portal.service.CompanyLocalServiceUtil;
030 import com.liferay.portal.service.LayoutSetLocalServiceUtil;
031 import com.liferay.portal.util.PropsValues;
032
033 import javax.servlet.http.HttpServletRequest;
034 import javax.servlet.http.HttpServletResponse;
035
036 import org.apache.struts.action.Action;
037 import org.apache.struts.action.ActionForm;
038 import org.apache.struts.action.ActionForward;
039 import org.apache.struts.action.ActionMapping;
040
041
046 public class RESTProxyAction extends Action {
047
048 @Override
049 public ActionForward execute(
050 ActionMapping mapping, ActionForm form, HttpServletRequest request,
051 HttpServletResponse response)
052 throws Exception {
053
054 String url = ParamUtil.getString(request, "url");
055
056 if (!validate(url)) {
057 return null;
058 }
059
060 Http.Options options = new Http.Options();
061
062 int pos = url.indexOf(CharPool.QUESTION);
063
064 if (pos != -1) {
065 options.setBody(
066 url.substring(pos + 1),
067 ContentTypes.APPLICATION_X_WWW_FORM_URLENCODED,
068 StringPool.UTF8);
069 options.setLocation(url.substring(0, pos));
070 }
071 else {
072 options.setLocation(url);
073 }
074
075 options.setPost(true);
076
077 String content = HttpUtil.URLtoString(options);
078
079 ServletResponseUtil.write(response, content);
080
081 return null;
082 }
083
084 protected boolean validate(String url) {
085 if (Validator.isNull(url) || !HttpUtil.hasDomain(url)) {
086 return false;
087 }
088
089 String domain = StringUtil.split(
090 HttpUtil.getDomain(url), CharPool.COLON)[0];
091
092 try {
093 CompanyLocalServiceUtil.getCompanyByVirtualHost(domain);
094
095 return true;
096 }
097 catch (Exception e) {
098 }
099
100 try {
101 LayoutSetLocalServiceUtil.getLayoutSet(domain);
102
103 return true;
104 }
105 catch (Exception e) {
106 }
107
108 String[] allowedDomains = PropsValues.REST_PROXY_DOMAINS_ALLOWED;
109
110 if ((allowedDomains.length > 0) &&
111 !ArrayUtil.contains(allowedDomains, domain)) {
112
113 if (_log.isDebugEnabled()) {
114 _log.debug("URL " + url + " is not allowed");
115 }
116
117 return false;
118 }
119
120 return true;
121 }
122
123 private static Log _log = LogFactoryUtil.getLog(RESTProxyAction.class);
124
125 }