001
014
015 package com.liferay.portal.service.http;
016
017 import com.liferay.portal.kernel.servlet.HttpHeaders;
018 import com.liferay.portal.kernel.util.Base64;
019 import com.liferay.portal.kernel.util.ContentTypes;
020 import com.liferay.portal.kernel.util.GetterUtil;
021 import com.liferay.portal.kernel.util.MethodHandler;
022 import com.liferay.portal.kernel.util.MethodWrapper;
023 import com.liferay.portal.kernel.util.ObjectValuePair;
024 import com.liferay.portal.kernel.util.PropsUtil;
025 import com.liferay.portal.kernel.util.StringPool;
026 import com.liferay.portal.kernel.util.Validator;
027 import com.liferay.portal.security.auth.HttpPrincipal;
028 import com.liferay.portal.security.auth.PrincipalException;
029
030 import java.io.EOFException;
031 import java.io.IOException;
032 import java.io.ObjectInputStream;
033 import java.io.ObjectOutputStream;
034
035 import java.net.HttpURLConnection;
036 import java.net.URL;
037
038 import javax.net.ssl.HostnameVerifier;
039 import javax.net.ssl.HttpsURLConnection;
040 import javax.net.ssl.SSLSession;
041
042 import javax.servlet.http.HttpServletRequest;
043
044
047 @SuppressWarnings("deprecation")
048 public class TunnelUtil {
049
050 public static Object invoke(
051 HttpPrincipal httpPrincipal, MethodHandler methodHandler)
052 throws Exception {
053
054 HttpURLConnection urlc = _getConnection(httpPrincipal);
055
056 ObjectOutputStream oos = new ObjectOutputStream(urlc.getOutputStream());
057
058 oos.writeObject(
059 new ObjectValuePair<HttpPrincipal, MethodHandler>(
060 httpPrincipal, methodHandler));
061
062 oos.flush();
063 oos.close();
064
065 Object returnObj = null;
066
067 try {
068 ObjectInputStream ois = new ObjectInputStream(
069 urlc.getInputStream());
070
071 returnObj = ois.readObject();
072
073 ois.close();
074 }
075 catch (EOFException eofe) {
076 }
077 catch (IOException ioe) {
078 String ioeMessage = ioe.getMessage();
079
080 if ((ioeMessage != null) &&
081 ioeMessage.contains("HTTP response code: 401")) {
082
083 throw new PrincipalException(ioeMessage);
084 }
085 else {
086 throw ioe;
087 }
088 }
089
090 if ((returnObj != null) && returnObj instanceof Exception) {
091 throw (Exception)returnObj;
092 }
093
094 return returnObj;
095 }
096
097
100 public static Object invoke(
101 HttpPrincipal httpPrincipal, MethodWrapper methodWrapper)
102 throws Exception {
103
104 HttpURLConnection urlc = _getConnection(httpPrincipal);
105
106 ObjectOutputStream oos = new ObjectOutputStream(urlc.getOutputStream());
107
108 oos.writeObject(
109 new ObjectValuePair<HttpPrincipal, MethodWrapper>(
110 httpPrincipal, methodWrapper));
111
112 oos.flush();
113 oos.close();
114
115 Object returnObj = null;
116
117 try {
118 ObjectInputStream ois = new ObjectInputStream(
119 urlc.getInputStream());
120
121 returnObj = ois.readObject();
122
123 ois.close();
124 }
125 catch (EOFException eofe) {
126 }
127 catch (IOException ioe) {
128 String ioeMessage = ioe.getMessage();
129
130 if ((ioeMessage != null) &&
131 ioeMessage.contains("HTTP response code: 401")) {
132
133 throw new PrincipalException(ioeMessage);
134 }
135 else {
136 throw ioe;
137 }
138 }
139
140 if ((returnObj != null) && returnObj instanceof Exception) {
141 throw (Exception)returnObj;
142 }
143
144 return returnObj;
145 }
146
147 private static HttpURLConnection _getConnection(HttpPrincipal httpPrincipal)
148 throws IOException {
149
150 if ((httpPrincipal == null) || (httpPrincipal.getUrl() == null)) {
151 return null;
152 }
153
154 URL url = null;
155
156 if (Validator.isNull(httpPrincipal.getLogin()) ||
157 Validator.isNull(httpPrincipal.getPassword())) {
158
159 url = new URL(httpPrincipal.getUrl() + "/api/liferay/do");
160 }
161 else {
162 url = new URL(httpPrincipal.getUrl() + "/api/secure/liferay/do");
163 }
164
165 HttpURLConnection httpURLConnection =
166 (HttpURLConnection)url.openConnection();
167
168 httpURLConnection.setDoInput(true);
169 httpURLConnection.setDoOutput(true);
170
171 if (!_VERIFY_SSL_HOSTNAME &&
172 (httpURLConnection instanceof HttpsURLConnection)) {
173
174 HttpsURLConnection httpsURLConnection =
175 (HttpsURLConnection)httpURLConnection;
176
177 httpsURLConnection.setHostnameVerifier(
178 new HostnameVerifier() {
179
180 @Override
181 public boolean verify(String hostname, SSLSession session) {
182 return true;
183 }
184
185 }
186 );
187 }
188
189 httpURLConnection.setRequestProperty(
190 HttpHeaders.CONTENT_TYPE,
191 ContentTypes.APPLICATION_X_JAVA_SERIALIZED_OBJECT);
192 httpURLConnection.setUseCaches(false);
193
194 httpURLConnection.setRequestMethod("POST");
195
196 if (Validator.isNotNull(httpPrincipal.getLogin()) &&
197 Validator.isNotNull(httpPrincipal.getPassword())) {
198
199 String userNameAndPassword =
200 httpPrincipal.getLogin() + StringPool.COLON +
201 httpPrincipal.getPassword();
202
203 httpURLConnection.setRequestProperty(
204 HttpHeaders.AUTHORIZATION,
205 HttpServletRequest.BASIC_AUTH + StringPool.SPACE +
206 Base64.encode(userNameAndPassword.getBytes()));
207 }
208
209 return httpURLConnection;
210 }
211
212 private static final boolean _VERIFY_SSL_HOSTNAME = GetterUtil.getBoolean(
213 PropsUtil.get(TunnelUtil.class.getName() + ".verify.ssl.hostname"));
214
215 }