001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet;
016    
017    import com.liferay.portal.action.JSONServiceAction;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.servlet.PluginContextListener;
021    import com.liferay.portal.kernel.util.GetterUtil;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.auth.PrincipalThreadLocal;
024    import com.liferay.portal.security.permission.PermissionChecker;
025    import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
026    import com.liferay.portal.security.permission.PermissionThreadLocal;
027    import com.liferay.portal.service.UserLocalServiceUtil;
028    import com.liferay.portal.struts.JSONAction;
029    import com.liferay.portal.util.ClassLoaderUtil;
030    
031    import java.io.IOException;
032    
033    import javax.servlet.ServletConfig;
034    import javax.servlet.ServletContext;
035    import javax.servlet.ServletException;
036    import javax.servlet.http.HttpServlet;
037    import javax.servlet.http.HttpServletRequest;
038    import javax.servlet.http.HttpServletResponse;
039    
040    /**
041     * @author Brian Wing Shun Chan
042     */
043    public class JSONServlet extends HttpServlet {
044    
045            @Override
046            public void init(ServletConfig servletConfig) {
047                    ServletContext servletContext = servletConfig.getServletContext();
048    
049                    _pluginClassLoader = (ClassLoader)servletContext.getAttribute(
050                            PluginContextListener.PLUGIN_CLASS_LOADER);
051    
052                    _jsonAction = getJSONAction(servletContext);
053            }
054    
055            @Override
056            @SuppressWarnings("unused")
057            public void service(
058                            HttpServletRequest request, HttpServletResponse response)
059                    throws IOException, ServletException {
060    
061                    try {
062                            resolveRemoteUser(request);
063    
064                            if (_pluginClassLoader == null) {
065                                    _jsonAction.execute(null, null, request, response);
066                            }
067                            else {
068                                    ClassLoader contextClassLoader =
069                                            ClassLoaderUtil.getContextClassLoader();
070    
071                                    try {
072                                            ClassLoaderUtil.setContextClassLoader(_pluginClassLoader);
073    
074                                            _jsonAction.execute(null, null, request, response);
075                                    }
076                                    finally {
077                                            ClassLoaderUtil.setContextClassLoader(contextClassLoader);
078                                    }
079                            }
080                    }
081                    catch (Exception e) {
082                            _log.error(e, e);
083                    }
084            }
085    
086            protected JSONAction getJSONAction(ServletContext servletContext) {
087                    JSONAction jsonAction = new JSONServiceAction();
088    
089                    jsonAction.setServletContext(servletContext);
090    
091                    return jsonAction;
092            }
093    
094            protected void resolveRemoteUser(HttpServletRequest request)
095                    throws Exception {
096    
097                    String remoteUser = request.getRemoteUser();
098    
099                    if (_log.isDebugEnabled()) {
100                            _log.debug("Remote user " + remoteUser);
101                    }
102    
103                    if (remoteUser != null) {
104                            PrincipalThreadLocal.setName(remoteUser);
105    
106                            long userId = GetterUtil.getLong(remoteUser);
107    
108                            User user = UserLocalServiceUtil.getUserById(userId);
109    
110                            PermissionChecker permissionChecker =
111                                    PermissionCheckerFactoryUtil.create(user);
112    
113                            PermissionThreadLocal.setPermissionChecker(permissionChecker);
114                    }
115            }
116    
117            private static Log _log = LogFactoryUtil.getLog(JSONServlet.class);
118    
119            private JSONAction _jsonAction;
120            private ClassLoader _pluginClassLoader;
121    
122    }