Monday, August 5, 2013

Filters in Liferay

For the security reasons we need to provide the " Secured URL Filters " as per our requirements rather than default filters in Liferay.

To override that we need use Hook.

Step 1 : Create the Filter class in which you want to write the logic extending "BaseFilter "

             ex : public class SecureURLFilter extends BaseFilter

 Step 2 : In liferay-hook.xml give the details about the Filter.( In Liferay, Hook can be create in two ways one is by using the plugin and the another way is Inside the portlet itself we can create the " WEB-INF/liferay-hook.xml" )

         <servlet-filter>
<servlet-filter-name>Secure URL Filter</servlet-filter-name>
<servlet-filter-impl>com.portal.filter.SecureURLFilter</servlet-filter-impl>
</servlet-filter>

Step 3 : Write the logic inside SecureURLFilter.java based upon your requirement

/**
 *
 */
package com.portal.filter;

import java.io.IOException;

import javax.portlet.PortletException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.servlet.BaseFilter;
import com.liferay.portal.kernel.util.HttpUtil;
import com.liferay.portal.util.PortalUtil;

public class SecureURLFilter extends BaseFilter {

private static Log _log = LogFactoryUtil.getLog(
SecureURLFilter.class);

public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {

HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;

try {
processFilter(request, response, filterChain);
} catch (Exception e) {
e.printStackTrace();
}
}


protected void processFilter(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws Exception {

if (_log.isDebugEnabled()) {
_log.debug("");
}

String currentCompleteURL = PortalUtil.getCurrentCompleteURL(request);

boolean isSecureURL = isSecureURL(currentCompleteURL);

if(!isSecureURL) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
//response.sendRedirect("/home");
return;
}

processFilter(SecureURLFilter.class, request, response, filterChain);

}

/**
* @param currentURL
* @return
* @throws PortletException
*/
private static boolean isSecureURL(String currentURL)
throws PortletException {

String script = HttpUtil.encodeURL("<script>");

String script1 = HttpUtil.encodeURL("<script");

String script2 = "<script>";
String script3 = "<script";

String xmlEncoded = HttpUtil.encodeURL("<!");
String xml = HttpUtil.encodeURL("<")+"!";

String filePath = HttpUtil.encodeURL("../");
String filePathTraversal = "../";

String strangeString = HttpUtil.encodeURL("\"(\" \"Select\" \")\"");
String strangeString1 = "\"(\" \"Select\" \")\"";

String selectString = HttpUtil.encodeURL("(select 1)");
String selectString1 = HttpUtil.encodeURL("(select 1,2)");

String selectString2 =  "(select 1,2)";
String selectString3 = "(select 1,2)";

String selectString4 = "(select";
String selectString5 = HttpUtil.encodeURL("(select");

if (currentURL.contains(script) || currentURL.contains(script1)
|| currentURL.contains(filePath) || currentURL.contains(filePathTraversal)
|| currentURL.contains(xml) || currentURL.contains(xmlEncoded)
|| currentURL.contains(strangeString) || currentURL.contains(strangeString1)
|| currentURL.contains(selectString) || currentURL.contains(selectString1)
|| currentURL.contains(selectString2) || currentURL.contains(selectString3)
|| currentURL.contains(script2) || currentURL.contains(script3)
|| currentURL.contains(selectString4) || currentURL.contains(selectString5)) {

return false;
}
return true;
}

public boolean isFilterEnabled() {
return _FILTER_ENABLED;
}

private static final boolean _FILTER_ENABLED = true;

protected Log getLog() {

return _log;
}
}
            
at No comments:
Labels: , ,

Sunday, August 4, 2013

Redirecting from the Render Method in Liferay

Redirecting from the Action method is easy when compare with the Redirecting from the Render Method.To Redirect from the Action method we simply use the below code.

" actionResponse.sendRedirect(PortalUtil.getLayoutURL(themeDisplay)); "

 PortalUtil.getLayoutURL(themeDisplay)  : example URL where you want to redirect the after the performing some action 

 To Redirect From the Render method the below code can be Used :-

 viewTemplate="/particular page URL";

                           or

try {
HttpServletResponse servletResponse = PortalUtil.getHttpServletResponse(actionResponse);
PrintWriter pw;
           try {
               pw = servletResponse.getWriter();
               pw.write(PortalUtil.getLayoutURL(themeDisplay).toString());
       pw.close();
           } catch (IOException e) {
               e.printStackTrace();
   }
}catch(Exception e) {
        e.printStackTrace();
}
at No comments:
Labels: ,

Creating a schedular in Liferay

This post will explain how to create a " Schedular " in Lifeay .
Mainly we create a schedular to perform a particular Task in Particular Time without any Action.
eg: we need trigger a mails daily at particular time or we need to trigger for every 12 hours.

Step 1:
 First you want to create a class ( Which is nothing bur your own schedular class) in your portlet inside the "src" folder.
     ex : i created the schedular class in src folder in the path "com.portal.product.scheduler.Scheduler"

Step 2:
Next you want to create a "schedular entry" to that particular portlet inside the liferay-portlet.xml

 <liferay-portlet-app>
      <portlet>
            <portlet-name>product</portlet-name>
            <icon>/icon.png</icon>
            <scheduler-entry>
                   <scheduler-event-listener-class>com.portal.product.scheduler.Scheduler</scheduler-event-listener-class>// path of the schedular class which  u created in the first step
                    <trigger>
                               <simple>
<simple-trigger-value>12</simple-trigger-value>
<time-unit>hour</time-unit>
</simple>
                                <cron>
                                        <cron-trigger-value>  0 0 8 * * ? * </cron-trigger-value>
                                </cron>
                  </trigger>
            </scheduler-entry>
      </portlet>
</liferay-portlet-app>

 Note: Either you want use  <simple>( to run for every 12 hours)  or  <cron> ( to run in particular ). here i am running the schedular on every day 8'o clock . To know detail about <cron> ( http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger    ,  http://www.cronmaker.com/  )

 Step 3:  U have to write the Business Logic inside the schedular class

Scheduler.java

 package com.portal.product.scheduler;

 public class Scheduler implements MessageListener{

                 public void receive(Message message) throws MessageListenerException {
              
                   // here u want to write the business logic based upon your requirement
                        dailyMail(); 
                }
               private void dailyMail() throws SystemException {
MailUtil.senddailyEmail();

}
}
at No comments:
Labels: ,
Subscribe to: Posts (Atom)

Liferay DXP JNDI Data Source Cofiguration

 This Blog will help us to learn about the JNDI Data Source Configuration in Liferay DXP. We have tested this with Liferay 7.3 with Tomcat. ...