📄 skinutils.java
字号:
/**
* Copyright (C) 2001 Yasna.com. All rights reserved.
*
* ===================================================================
* The Apache Software License, Version 1.1
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by
* Yasna.com (http://www.yasna.com)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Yazd" and "Yasna.com" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please
* contact yazd@yasna.com.
*
* 5. Products derived from this software may not be called "Yazd",
* nor may "Yazd" appear in their name, without prior written
* permission of Yasna.com.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL YASNA.COM OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of Yasna.com. For more information
* on Yasna.com, please see <http://www.yasna.com>.
*/
/**
* Copyright (C) 2000 CoolServlets.com. All rights reserved.
*
* ===================================================================
* The Apache Software License, Version 1.1
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by
* CoolServlets.com (http://www.coolservlets.com)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Jive" and "CoolServlets.com" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please
* contact webmaster@coolservlets.com.
*
* 5. Products derived from this software may not be called "Jive",
* nor may "Jive" appear in their name, without prior written
* permission of CoolServlets.com.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL COOLSERVLETS.COM OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of CoolServlets.com. For more information
* on CoolServlets.com, please see <http://www.coolservlets.com>.
*/
package com.Yasna.forum.util;
import java.util.Date;
import java.util.Iterator;
import java.text.SimpleDateFormat;
import java.io.File;
import javax.servlet.*;
import javax.servlet.http.*;
import com.Yasna.forum.*;
import com.Yasna.util.StringUtils;
/**
* A collection of utility methods for use in Jive WebSkins. Because these
* methods make skin development much easier, skin authors should study them
* carefully.<p>
*
* Three major areas of funtionality are provided:<p><ol>
* <li> Methods that simplify Authorization tasks:
* <ul>
* <li>{@link #getUserAuthorization(HttpServletRequest, HttpServletResponse)}
* <li>{@link #getUserAuthorization(HttpServletRequest, HttpServletResponse, boolean)}
* <li>{@link #setUserAuthorization(HttpServletRequest, HttpServletResponse, String, String, boolean)}
* <li>{@link #removeUserAuthorization(HttpServletRequest, HttpServletResponse)}
* <li>{@link #isSystemAdmin(Authorization)}
* <li>{@link #isForumAdmin(Authorization)}
* <li>{@link #isForumAdmin(Authorization, Forum)}
* <li>{@link #isGroupAdmin(Authorization)}
* <li>{@link #isGroupAdmin(Authorization, Group)}
* </ul>
* <p>
* <li> Methods that get and set Session and cookie values.
* <ul>
* <li>{@link #getCookie(HttpServletRequest, String)}
* <li>{@link #getCookieValue(HttpServletRequest, String)}
* <li>{@link #invalidateCookie(HttpServletRequest, HttpServletResponse, String)}
* <li>{@link #remove(HttpServletRequest, HttpServletResponse, String)}
* <li>{@link #retrieve(HttpServletRequest, HttpServletResponse, String)}
* <li>{@link #retrieve(HttpServletRequest, HttpServletResponse, String, boolean)}
* <li>{@link #store(HttpServletRequest, HttpServletResponse, String, String)}
* <li>{@link #store(HttpServletRequest, HttpServletResponse, String, String, int)}
* <li>{@link #store(HttpServletRequest, HttpServletResponse, String, String, int boolean)}
* </ul>
* <p>
* <li> Other methods.
* <ul>
* <li>{@link #dateToText(Date)}
* <li>(@link #getLastVisisted(HttpServletRequest, HttpServletResponse)}
* <li>(@link #getLastVisisted(HttpServletRequest, HttpServletResponse, boolean)}
* <li>{@link #isNewMessage(ForumMessage, long)}
* <li>(@link #quoteOriginal(ForumMessage, String, int)}
* </ul>
* </ol>
*
* All methods conform to the Servlet 1.1 and JSP 1.0 specs for maximum
* compatibility with application servers. This may yield deprecation warnings
* if you compile with a newer Servlet/JSP spec; these should be ignored. This
* class will periodically be updated to the newer specs as app servers mature.
*/
public class SkinUtils {
/** Name of the authentication token (is stored in the user's session) */
public static final String JIVE_AUTH_TOKEN = "jiveAuthorization";
/** Name of the cookie used to store user info for auto-login purposes */
public static final String JIVE_AUTOLOGIN_COOKIE = "jiveAutoLogin";
/** Name of the last visited token (is stored in the user's session) */
public static final String JIVE_LASTVISITED_TOKEN = "jiveLastVisited";
/** Name of the cookie used to store last visited timestamp */
public static final String JIVE_LASTVISITED_COOKIE = "jiveLastVisited";
// XXX keep this ?
/** Name of the "use last visited" property (is stored in jive.properties) */
public static final String JIVE_LASTVISITED_PROP = "Site.useLastVisited";
//Time constants (in milliseconds)
private static final long SECOND = 1000;
private static final long MINUTE = 60 * SECOND;
private static final long HOUR = 60 * MINUTE;
private static final long DAY = 24 * HOUR;
private static final long WEEK = 7 * DAY;
//Default cookie time to live (in seconds).
private static final int MAX_COOKIE_AGE = (int)(WEEK / 1000) * 8;
//Days of the week
private static final String[] DAYS_OF_WEEK =
{ "Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday" };
// SimpleDateFormat objects for use in the dateToText method
private static final SimpleDateFormat dateFormatter =
new SimpleDateFormat("EEEE, MMM d 'at' h:mm a");
private static final SimpleDateFormat yesterdayFormatter =
new SimpleDateFormat("'Yesterday at' h:mm a");
//"Tweakable" parameters for the cookie encoding. NOTE: changing these
//and recompiling this class will essentially invalidate old cookies.
private final static int ENCODE_XORMASK = 0x5A;
private final static char ENCODE_DELIMETER = '\002';
private final static char ENCODE_CHAR_OFFSET1 = 'A';
private final static char ENCODE_CHAR_OFFSET2 = 'h';
/**
* Returns an Authorization token for the user. The following steps are
* performed to determine the token:<ol>
*
* <li>Check the session for the existence of a Jive authorization token.
* If one is found, it is returned as we assume that the user has logged
* in and is authorized.
* <li>Check the Jive authorization cookie for a username and password. If found,
* attempt to create a Jive authorization token using that data. If
* successful, save the token to the session and return it.
* NOTE: This check can be skipped by setting
* <code>checkJiveCookie</code> to false.
* </ol><p>
*
* @param request the HttpServletRequest object, known as "request" in a
* JSP page.
* @param response the HttpServletResponse object, known as "response" in
* a JSP page.
* @param checkJiveCookie a boolean that indicates whether or not we want
* to use a cookie for authorization.
* @return the authorization token if authenticated, otherwise
* <code>null</code>.
* @see Authorization
*/
public static Authorization getUserAuthorization(HttpServletRequest request,
HttpServletResponse response, boolean checkJiveCookie)
{
// we can get the session object from the request object:
HttpSession session = request.getSession();
// Check 1: check for the jive authentication token in the user's session.
Authorization authToken = (Authorization)session.getValue(JIVE_AUTH_TOKEN);
if (authToken != null) {
return authToken;
}
// Check 2: check the jive cookie for username and password, if we're allowing that
if( checkJiveCookie ) {
Cookie cookie = getCookie(request, JIVE_AUTOLOGIN_COOKIE);
try {
if( cookie != null ) {
// at this point, we found a cookie so grab the username & password
// from it, create an authorization token and store that in the session
String[] values = decodePasswordCookie(cookie.getValue());
String username = values[0];
String password = values[1];
// try to validate the user based on the info from the cookie
authToken = AuthorizationFactory.getAuthorization(username,password);
// put that token in the user's session:
session.putValue( JIVE_AUTH_TOKEN, authToken );
// return the authorization token
return authToken;
}
}
catch( Exception e ) {
//We want any exceptions in this block to be caught so that an
//anonymous authorization token can be returned. The
//getAuthorzation(username,password) method above throws an
//UnauthorizedException. In the case of this exception or others,
//the cookie holds invalid login info, so we should remove it:
cookie = new Cookie(JIVE_AUTOLOGIN_COOKIE,null);
cookie.setMaxAge(0); // zero value causes cookie to be deleted
cookie.setPath("/");
response.addCookie(cookie);
}
}
//Got this far, so return null.
return null;
}
/**
* Returns an Authorization token for the user. This is a convenience method
* that that calls the other getUserAuthorization method with
* <code>checkJiveCookie</code set to true.
*
* @param request the HttpServletRequest object, known as "request" in a
* JSP page.
* @param response The HttpServletResponse object, known as "response" in
* a JSP page.
* @return The authorization token if authenticated, otherwise
* <code>null</code>.
* @see SkinUtils#getUserAuthorization(HttpServletRequest,HttpServletResponse,boolean)
*/
public static Authorization getUserAuthorization
( HttpServletRequest request, HttpServletResponse response )
{
return getUserAuthorization(request, response, true);
}
/**
* Validates the user and optionally enables auto-login by creating an
* auto-login cookie.
*
* @param request the HttpServletRequest object, known as "request" in a JSP page.
* @param response the HttpServletResponse object, known as "response" in a JSP page.
* @param username the username.
* @param password the password.
* @param autoLogin if <code>true</code> create a cookie that enables auto-login.
* @throws UserNotFoundException
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -