001/* 002 * (C) Copyright 2010 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Nuxeo - initial API and implementation 016 */ 017 018package org.nuxeo.ecm.platform.ui.web.auth.service; 019 020import java.io.Serializable; 021import java.util.regex.Matcher; 022import java.util.regex.Pattern; 023 024import javax.servlet.http.HttpServletRequest; 025 026import org.nuxeo.common.xmap.annotation.XNode; 027import org.nuxeo.common.xmap.annotation.XObject; 028import org.nuxeo.runtime.api.Framework; 029 030@XObject("openUrl") 031public class OpenUrlDescriptor implements Serializable { 032 033 private static final long serialVersionUID = 1L; 034 035 @XNode("@name") 036 protected String name; 037 038 protected String grantPattern; 039 040 protected Pattern compiledGrantPattern; 041 042 @XNode("denyPattern") 043 protected String denyPattern; 044 045 protected Pattern compiledDenyPattern; 046 047 @XNode("method") 048 protected String method; 049 050 public String getName() { 051 return name; 052 } 053 054 @XNode("grantPattern") 055 public void setGrantPattern(String grantPattern) { 056 this.grantPattern = Framework.expandVars(grantPattern); 057 } 058 059 public String getGrantPattern() { 060 return grantPattern; 061 } 062 063 public Pattern getCompiledGrantPattern() { 064 if (compiledGrantPattern == null && (grantPattern != null && grantPattern.length() > 0)) { 065 compiledGrantPattern = Pattern.compile(grantPattern); 066 } 067 return compiledGrantPattern; 068 } 069 070 public Pattern getCompiledDenyPattern() { 071 if (compiledDenyPattern == null && denyPattern != null && denyPattern.length() > 0) { 072 compiledDenyPattern = Pattern.compile(denyPattern); 073 } 074 return compiledDenyPattern; 075 } 076 077 public String getDenyPattern() { 078 return denyPattern; 079 } 080 081 public String getMethod() { 082 return method; 083 } 084 085 public boolean allowByPassAuth(HttpServletRequest httpRequest) { 086 String uri = httpRequest.getRequestURI(); 087 String requestMethod = httpRequest.getMethod(); 088 089 if (method != null && !requestMethod.equals(method)) { 090 return false; 091 } 092 093 Pattern deny = getCompiledDenyPattern(); 094 if (deny != null) { 095 Matcher denyMatcher = deny.matcher(uri); 096 if (denyMatcher.matches()) { 097 return false; 098 } 099 } 100 101 Pattern grant = getCompiledGrantPattern(); 102 if (grant != null) { 103 Matcher grantMatcher = grant.matcher(uri); 104 if (grantMatcher.matches()) { 105 return true; 106 } 107 } 108 return false; 109 } 110 111}