Source code

001/*
002 * (C) Copyright 2010 Nuxeo SAS (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Nuxeo - initial API and implementation
016 */
017
018package org.nuxeo.ecm.platform.ui.web.auth.service;
019
020import java.io.Serializable;
021import java.util.regex.Matcher;
022import java.util.regex.Pattern;
023
024import javax.servlet.http.HttpServletRequest;
025
026import org.nuxeo.common.xmap.annotation.XNode;
027import org.nuxeo.common.xmap.annotation.XObject;
028import org.nuxeo.runtime.api.Framework;
029
030@XObject("openUrl")
031public class OpenUrlDescriptor implements Serializable {
032
033    private static final long serialVersionUID = 1L;
034
035    @XNode("@name")
036    protected String name;
037
038    protected String grantPattern;
039
040    protected Pattern compiledGrantPattern;
041
042    @XNode("denyPattern")
043    protected String denyPattern;
044
045    protected Pattern compiledDenyPattern;
046
047    @XNode("method")
048    protected String method;
049
050    public String getName() {
051        return name;
052    }
053
054    @XNode("grantPattern")
055    public void setGrantPattern(String grantPattern) {
056        this.grantPattern = Framework.expandVars(grantPattern);
057    }
058
059    public String getGrantPattern() {
060        return grantPattern;
061    }
062
063    public Pattern getCompiledGrantPattern() {
064        if (compiledGrantPattern == null && (grantPattern != null && grantPattern.length() > 0)) {
065            compiledGrantPattern = Pattern.compile(grantPattern);
066        }
067        return compiledGrantPattern;
068    }
069
070    public Pattern getCompiledDenyPattern() {
071        if (compiledDenyPattern == null && denyPattern != null && denyPattern.length() > 0) {
072            compiledDenyPattern = Pattern.compile(denyPattern);
073        }
074        return compiledDenyPattern;
075    }
076
077    public String getDenyPattern() {
078        return denyPattern;
079    }
080
081    public String getMethod() {
082        return method;
083    }
084
085    public boolean allowByPassAuth(HttpServletRequest httpRequest) {
086        String uri = httpRequest.getRequestURI();
087        String requestMethod = httpRequest.getMethod();
088
089        if (method != null && !requestMethod.equals(method)) {
090            return false;
091        }
092
093        Pattern deny = getCompiledDenyPattern();
094        if (deny != null) {
095            Matcher denyMatcher = deny.matcher(uri);
096            if (denyMatcher.matches()) {
097                return false;
098            }
099        }
100
101        Pattern grant = getCompiledGrantPattern();
102        if (grant != null) {
103            Matcher grantMatcher = grant.matcher(uri);
104            if (grantMatcher.matches()) {
105                return true;
106            }
107        }
108        return false;
109    }
110
111}