skinutils.java

来自「Jive 是一个系统工程」· Java 代码 · 共 822 行 · 第 1/3 页

/**
 * $RCSfile: SkinUtils.java,v $
 * $Revision: 1.8 $
 * $Date: 2000/12/21 17:47:31 $
 *
 * Copyright (C) 2000 CoolServlets.com. All rights reserved.
 *
 * ===================================================================
 * The Apache Software License, Version 1.1
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *       "This product includes software developed by
 *        CoolServlets.com (http://www.coolservlets.com)."
 *    Alternately, this acknowledgment may appear in the software itself,
 *    if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Jive" and "CoolServlets.com" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please
 *    contact webmaster@coolservlets.com.
 *
 * 5. Products derived from this software may not be called "Jive",
 *    nor may "Jive" appear in their name, without prior written
 *    permission of CoolServlets.com.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL COOLSERVLETS.COM OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of CoolServlets.com. For more information
 * on CoolServlets.com, please see <http://www.coolservlets.com>.
 */

package com.coolservlets.forum.util;

import java.util.Date;
import java.util.Iterator;
import java.text.SimpleDateFormat;
import java.io.File;

import javax.servlet.*;
import javax.servlet.http.*;

import com.coolservlets.forum.*;
import com.coolservlets.util.StringUtils;

/**
 * A collection of utility methods for use in Jive WebSkins. Because these
 * methods make skin development much easier, skin authors should study them
 * carefully.<p>
 *
 * Three major areas of funtionality are provided:<p><ol>
 *      <li> Methods that simplify Authorization tasks:
 *          <ul>
 *              <li>{@link #getUserAuthorization(HttpServletRequest, HttpServletResponse)}
 *              <li>{@link #getUserAuthorization(HttpServletRequest, HttpServletResponse, boolean)}
 *              <li>{@link #setUserAuthorization(HttpServletRequest, HttpServletResponse, String, String, boolean)}
 *              <li>{@link #removeUserAuthorization(HttpServletRequest, HttpServletResponse)}
 *              <li>{@link #isSystemAdmin(Authorization)}
 *              <li>{@link #isForumAdmin(Authorization)}
 *              <li>{@link #isForumAdmin(Authorization, Forum)}
 *              <li>{@link #isGroupAdmin(Authorization)}
 *              <li>{@link #isGroupAdmin(Authorization, Group)}
 *          </ul>
 *          <p>
 *      <li> Methods that get and set Session and cookie values.
 *          <ul>
 *              <li>{@link #getCookie(HttpServletRequest, String)}
 *              <li>{@link #getCookieValue(HttpServletRequest, String)}
 *              <li>{@link #invalidateCookie(HttpServletRequest, HttpServletResponse, String)}
 *              <li>{@link #remove(HttpServletRequest, HttpServletResponse, String)}
 *              <li>{@link #retrieve(HttpServletRequest, HttpServletResponse, String)}
 *              <li>{@link #retrieve(HttpServletRequest, HttpServletResponse, String, boolean)}
 *              <li>{@link #store(HttpServletRequest, HttpServletResponse, String, String)}
 *              <li>{@link #store(HttpServletRequest, HttpServletResponse, String, String, int)}
 *              <li>{@link #store(HttpServletRequest, HttpServletResponse, String, String, int boolean)}
 *          </ul>
 *          <p>
 *      <li> Other methods.
 *          <ul>
 *              <li>{@link #dateToText(Date)}
 *              <li>(@link #getLastVisisted(HttpServletRequest, HttpServletResponse)}
 *              <li>(@link #getLastVisisted(HttpServletRequest, HttpServletResponse, boolean)}
 *              <li>{@link #isNewMessage(ForumMessage, long)}
 *              <li>(@link #quoteOriginal(ForumMessage, String, int)}
 *          </ul>
 * </ol>
 *
 * All methods conform to the Servlet 1.1 and JSP 1.0 specs for maximum
 * compatibility with application servers. This may yield deprecation warnings
 * if you compile with a newer Servlet/JSP spec; these should be ignored. This
 * class will periodically be updated to the newer specs as app servers mature.
 */
public class SkinUtils {

    /** Name of the authentication token (is stored in the user's session) */
    public static final String JIVE_AUTH_TOKEN = "jiveAuthorization";

    /** Name of the cookie used to store user info for auto-login purposes */
    public static final String JIVE_AUTOLOGIN_COOKIE = "jiveAutoLogin";

    /** Name of the last visited token (is stored in the user's session) */
    public static final String JIVE_LASTVISITED_TOKEN = "jiveLastVisited";

    /** Name of the cookie used to store last visited timestamp */
    public static final String JIVE_LASTVISITED_COOKIE = "jiveLastVisited";

    // XXX keep this????????
    /** Name of the "use last visited" property (is stored in jive.properties) */
    public static final String JIVE_LASTVISITED_PROP = "Site.useLastVisited";

    //Time constants (in milliseconds)
    private static final long SECOND = 1000;
    private static final long MINUTE = 60 * SECOND;
    private static final long HOUR   = 60 * MINUTE;
    private static final long DAY    = 24 * HOUR;
    private static final long WEEK   = 7 * DAY;

    //Default cookie time to live (in seconds).
    private static final int MAX_COOKIE_AGE = (int)(WEEK / 1000) * 8;

    //Days of the week
    private static final String[] DAYS_OF_WEEK =
        { "Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday" };

    // SimpleDateFormat objects for use in the dateToText method
    private static final SimpleDateFormat dateFormatter =
        new SimpleDateFormat("EEEE, MMM d 'at' h:mm a");
    private static final SimpleDateFormat yesterdayFormatter =
        new SimpleDateFormat("'Yesterday at' h:mm a");

    //"Tweakable" parameters for the cookie encoding. NOTE: changing these
    //and recompiling this class will essentially invalidate old cookies.
    private final static int    ENCODE_XORMASK = 0x5A;
    private final static char	ENCODE_DELIMETER = '\002';
    private final static char	ENCODE_CHAR_OFFSET1 = 'A';
    private final static char	ENCODE_CHAR_OFFSET2 = 'h';

    /**
     * Returns an Authorization token for the user. The following steps are
     * performed to determine the token:<ol>
     *
     * <li>Check the session for the existence of a Jive authorization token.
     *     If one is found, it is returned as we assume that the user has logged
     *     in and is authorized.
     * <li>Check the Jive authorization cookie for a username and password. If found,
     *     attempt to create a Jive authorization token using that data. If
     *     successful, save the token to the session and return it.
     *     NOTE: This check can be skipped by setting
     *     <code>checkJiveCookie</code> to false.
     * </ol><p>
     *
     * @param request the HttpServletRequest object, known as "request" in a
     *      JSP page.
     * @param response the HttpServletResponse object, known as "response" in
     *      a JSP page.
     * @param checkJiveCookie a boolean that indicates whether or not we want
     *      to use a cookie for authorization.
     * @return the authorization token if authenticated, otherwise
     *      <code>null</code>.
     * @see Authorization
     */
    public static Authorization getUserAuthorization(HttpServletRequest request,
            HttpServletResponse response, boolean checkJiveCookie)
    {
        // we can get the session object from the request object:
        HttpSession session = request.getSession();

        // Check 1: check for the jive authentication token in the user's session.
        Authorization authToken = (Authorization)session.getValue(JIVE_AUTH_TOKEN);
        if (authToken != null) {
            return authToken;
        }

        // Check 2: check the jive cookie for username and password, if we're allowing that
        if( checkJiveCookie ) {
            Cookie cookie = getCookie(request, JIVE_AUTOLOGIN_COOKIE);
            try {
                if( cookie != null ) {
                    // at this point, we found a cookie so grab the username & password
                    // from it, create an authorization token and store that in the session
                    String[] values = decodePasswordCookie(cookie.getValue());
                    String username = values[0];
                    String password = values[1];
                    // try to validate the user based on the info from the cookie
                    authToken = AuthorizationFactory.getAuthorization(username,password);

                    // put that token in the user's session:
                    session.putValue( JIVE_AUTH_TOKEN, authToken );

                    // return the authorization token
                    return authToken;
                }
            }
            catch( Exception e ) {
                //We want any exceptions in this block to be caught so that an
                //anonymous authorization token can be returned. The
                //getAuthorzation(username,password) method above throws an
                //UnauthorizedException. In the case of this exception or others,
                //the cookie holds invalid login info, so we should remove it:
                cookie = new Cookie(JIVE_AUTOLOGIN_COOKIE,null);
                cookie.setMaxAge(0); // zero value causes cookie to be deleted
                response.addCookie(cookie);
            }
        }

        //Got this far, so return null.
        return null;
    }

    /**
     * Returns an Authorization token for the user. This is a convenience method
     * that that calls the other getUserAuthorization method with
     * <code>checkJiveCookie</code set to true.
     *
     * @param request the HttpServletRequest object, known as "request" in a
     *      JSP page.
     * @param response The HttpServletResponse object, known as "response" in
     *      a JSP page.
     * @return The authorization token if authenticated, otherwise
     *      <code>null</code>.
     * @see SkinUtils#getUserAuthorization(HttpServletRequest,HttpServletResponse,boolean)
     */
    public static Authorization getUserAuthorization
            ( HttpServletRequest request, HttpServletResponse response )
    {
        return getUserAuthorization(request, response, true);
    }

    /**
     * Validates the user and optionally enables auto-login by creating an
     * auto-login cookie.
     *
     * @param request the HttpServletRequest object, known as "request" in a JSP page.
     * @param response the HttpServletResponse object, known as "response" in a JSP page.
     * @param username the username.
     * @param password the password.
     * @param autoLogin if <code>true</code> create a cookie that enables auto-login.
     * @throws UserNotFoundException
     * @throws UnauthorizedException
     */
    public static Authorization setUserAuthorization(HttpServletRequest request,
            HttpServletResponse response, String username, String password,
            boolean autoLogin) throws UserNotFoundException, UnauthorizedException
    {
        HttpSession session = request.getSession();
        Authorization authToken = AuthorizationFactory.getAuthorization(username, password);
        session.putValue(JIVE_AUTH_TOKEN, authToken);

        if (autoLogin) {