001
014
015 package com.liferay.portal.servlet.filters.servletauthorizing;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
020 import com.liferay.portal.kernel.util.GetterUtil;
021 import com.liferay.portal.model.User;
022 import com.liferay.portal.security.auth.PrincipalThreadLocal;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
025 import com.liferay.portal.security.permission.PermissionThreadLocal;
026 import com.liferay.portal.service.UserLocalServiceUtil;
027 import com.liferay.portal.servlet.filters.BasePortalFilter;
028 import com.liferay.portal.util.PortalInstances;
029 import com.liferay.portal.util.PortalUtil;
030 import com.liferay.portal.util.PropsValues;
031 import com.liferay.portal.util.WebKeys;
032
033 import javax.servlet.FilterChain;
034 import javax.servlet.http.HttpServletRequest;
035 import javax.servlet.http.HttpServletResponse;
036 import javax.servlet.http.HttpSession;
037
038 import org.apache.struts.Globals;
039
040
043 public class ServletAuthorizingFilter extends BasePortalFilter {
044
045 protected void processFilter(
046 HttpServletRequest request, HttpServletResponse response,
047 FilterChain filterChain)
048 throws Exception {
049
050 HttpSession session = request.getSession();
051
052
053
054 PortalInstances.getCompanyId(request);
055
056
057
058 long userId = PortalUtil.getUserId(request);
059 String remoteUser = request.getRemoteUser();
060
061 if (!PropsValues.PORTAL_JAAS_ENABLE) {
062 String jRemoteUser = (String)session.getAttribute("j_remoteuser");
063
064 if (jRemoteUser != null) {
065 remoteUser = jRemoteUser;
066
067 session.removeAttribute("j_remoteuser");
068 }
069 }
070
071 if ((userId > 0) && (remoteUser == null)) {
072 remoteUser = String.valueOf(userId);
073 }
074
075
076
077
078
079
080
081 request = new ProtectedServletRequest(request, remoteUser);
082
083 if ((userId > 0) || (remoteUser != null)) {
084
085
086
087 String name = String.valueOf(userId);
088
089 if (remoteUser != null) {
090 name = remoteUser;
091 }
092
093 PrincipalThreadLocal.setName(name);
094
095
096
097 userId = GetterUtil.getLong(name);
098
099 try {
100
101
102
103 User user = UserLocalServiceUtil.getUserById(userId);
104
105
106
107 PermissionChecker permissionChecker =
108 PermissionCheckerFactoryUtil.create(user, true);
109
110 PermissionThreadLocal.setPermissionChecker(permissionChecker);
111
112
113
114 session.setAttribute(WebKeys.USER_ID, new Long(userId));
115
116
117
118 session.setAttribute(Globals.LOCALE_KEY, user.getLocale());
119 }
120 catch (Exception e) {
121 _log.error(e, e);
122 }
123 }
124
125 processFilter(
126 ServletAuthorizingFilter.class, request, response, filterChain);
127 }
128
129 private static Log _log = LogFactoryUtil.getLog(
130 ServletAuthorizingFilter.class);
131
132 }