001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.action;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.servlet.ServletResponseUtil;
020    import com.liferay.portal.kernel.util.ArrayUtil;
021    import com.liferay.portal.kernel.util.CharPool;
022    import com.liferay.portal.kernel.util.ContentTypes;
023    import com.liferay.portal.kernel.util.Http;
024    import com.liferay.portal.kernel.util.HttpUtil;
025    import com.liferay.portal.kernel.util.ParamUtil;
026    import com.liferay.portal.kernel.util.StringPool;
027    import com.liferay.portal.kernel.util.StringUtil;
028    import com.liferay.portal.kernel.util.Validator;
029    import com.liferay.portal.service.CompanyLocalServiceUtil;
030    import com.liferay.portal.service.LayoutSetLocalServiceUtil;
031    import com.liferay.portal.util.PropsValues;
032    
033    import javax.servlet.http.HttpServletRequest;
034    import javax.servlet.http.HttpServletResponse;
035    
036    import org.apache.struts.action.Action;
037    import org.apache.struts.action.ActionForm;
038    import org.apache.struts.action.ActionForward;
039    import org.apache.struts.action.ActionMapping;
040    
041    /**
042     * @author David Truong
043     * @author Gavin Wan
044     * @author Samuel Kong
045     */
046    public class RESTProxyAction extends Action {
047    
048            @Override
049            public ActionForward execute(
050                            ActionMapping mapping, ActionForm form, HttpServletRequest request,
051                            HttpServletResponse response)
052                    throws Exception {
053    
054                    String url = ParamUtil.getString(request, "url");
055    
056                    if (!validate(url)) {
057                            return null;
058                    }
059    
060                    Http.Options options = new Http.Options();
061    
062                    int pos = url.indexOf(CharPool.QUESTION);
063    
064                    if (pos != -1) {
065                            options.setBody(
066                                    url.substring(pos + 1),
067                                    ContentTypes.APPLICATION_X_WWW_FORM_URLENCODED,
068                                    StringPool.UTF8);
069                            options.setLocation(url.substring(0, pos));
070                    }
071                    else {
072                            options.setLocation(url);
073                    }
074    
075                    options.setPost(true);
076    
077                    String content = HttpUtil.URLtoString(options);
078    
079                    ServletResponseUtil.write(response, content);
080    
081                    return null;
082            }
083    
084            protected boolean validate(String url) {
085                    if (Validator.isNull(url) || !HttpUtil.hasDomain(url)) {
086                            return false;
087                    }
088    
089                    String domain = StringUtil.split(
090                            HttpUtil.getDomain(url), CharPool.COLON)[0];
091    
092                    try {
093                            CompanyLocalServiceUtil.getCompanyByVirtualHost(domain);
094    
095                            return true;
096                    }
097                    catch (Exception e) {
098                    }
099    
100                    try {
101                            LayoutSetLocalServiceUtil.getLayoutSet(domain);
102    
103                            return true;
104                    }
105                    catch (Exception e) {
106                    }
107    
108                    String[] allowedDomains = PropsValues.REST_PROXY_DOMAINS_ALLOWED;
109    
110                    if ((allowedDomains.length > 0) &&
111                            !ArrayUtil.contains(allowedDomains, domain)) {
112    
113                            if (_log.isDebugEnabled()) {
114                                    _log.debug("URL " + url + " is not allowed");
115                            }
116    
117                            return false;
118                    }
119    
120                    return true;
121            }
122    
123            private static Log _log = LogFactoryUtil.getLog(RESTProxyAction.class);
124    
125    }