001
014
015 package com.liferay.portal.servlet.filters.servletauthorizing;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
020 import com.liferay.portal.kernel.util.GetterUtil;
021 import com.liferay.portal.model.User;
022 import com.liferay.portal.security.auth.PrincipalThreadLocal;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
025 import com.liferay.portal.security.permission.PermissionThreadLocal;
026 import com.liferay.portal.service.UserLocalServiceUtil;
027 import com.liferay.portal.servlet.filters.BasePortalFilter;
028 import com.liferay.portal.util.PortalInstances;
029 import com.liferay.portal.util.PortalUtil;
030 import com.liferay.portal.util.PropsValues;
031 import com.liferay.portal.util.WebKeys;
032
033 import javax.servlet.FilterChain;
034 import javax.servlet.http.HttpServletRequest;
035 import javax.servlet.http.HttpServletResponse;
036 import javax.servlet.http.HttpSession;
037
038 import org.apache.struts.Globals;
039
040
043 public class ServletAuthorizingFilter extends BasePortalFilter {
044
045 @Override
046 protected void processFilter(
047 HttpServletRequest request, HttpServletResponse response,
048 FilterChain filterChain)
049 throws Exception {
050
051 HttpSession session = request.getSession();
052
053
054
055 PortalInstances.getCompanyId(request);
056
057
058
059 long userId = PortalUtil.getUserId(request);
060 String remoteUser = request.getRemoteUser();
061
062 if (!PropsValues.PORTAL_JAAS_ENABLE) {
063 String jRemoteUser = (String)session.getAttribute("j_remoteuser");
064
065 if (jRemoteUser != null) {
066 remoteUser = jRemoteUser;
067
068 session.removeAttribute("j_remoteuser");
069 }
070 }
071
072 if ((userId > 0) && (remoteUser == null)) {
073 remoteUser = String.valueOf(userId);
074 }
075
076
077
078
079
080
081
082 request = new ProtectedServletRequest(request, remoteUser);
083
084 if ((userId > 0) || (remoteUser != null)) {
085
086
087
088 String name = String.valueOf(userId);
089
090 if (remoteUser != null) {
091 name = remoteUser;
092 }
093
094 PrincipalThreadLocal.setName(name);
095
096
097
098 userId = GetterUtil.getLong(name);
099
100 try {
101
102
103
104 User user = UserLocalServiceUtil.getUserById(userId);
105
106
107
108 PermissionChecker permissionChecker =
109 PermissionCheckerFactoryUtil.create(user);
110
111 PermissionThreadLocal.setPermissionChecker(permissionChecker);
112
113
114
115 session.setAttribute(WebKeys.USER_ID, new Long(userId));
116
117
118
119 session.setAttribute(Globals.LOCALE_KEY, user.getLocale());
120 }
121 catch (Exception e) {
122 _log.error(e, e);
123 }
124 }
125
126 processFilter(
127 ServletAuthorizingFilter.class, request, response, filterChain);
128 }
129
130 private static Log _log = LogFactoryUtil.getLog(
131 ServletAuthorizingFilter.class);
132
133 }