001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet;
016    
017    import com.liferay.portal.NoSuchUserException;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.exception.SystemException;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.util.GetterUtil;
023    import com.liferay.portal.kernel.util.MethodHandler;
024    import com.liferay.portal.kernel.util.MethodInvoker;
025    import com.liferay.portal.kernel.util.MethodWrapper;
026    import com.liferay.portal.kernel.util.ObjectValuePair;
027    import com.liferay.portal.kernel.util.Validator;
028    import com.liferay.portal.model.User;
029    import com.liferay.portal.security.auth.HttpPrincipal;
030    import com.liferay.portal.security.auth.PrincipalThreadLocal;
031    import com.liferay.portal.security.permission.PermissionChecker;
032    import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
033    import com.liferay.portal.security.permission.PermissionThreadLocal;
034    import com.liferay.portal.service.UserLocalServiceUtil;
035    import com.liferay.portal.util.PortalInstances;
036    
037    import java.io.IOException;
038    import java.io.ObjectInputStream;
039    import java.io.ObjectOutputStream;
040    
041    import java.lang.reflect.InvocationTargetException;
042    
043    import javax.servlet.http.HttpServlet;
044    import javax.servlet.http.HttpServletRequest;
045    import javax.servlet.http.HttpServletResponse;
046    
047    /**
048     * @author Michael Weisser
049     * @author Brian Wing Shun Chan
050     */
051    @SuppressWarnings("deprecation")
052    public class TunnelServlet extends HttpServlet {
053    
054            @Override
055            public void doPost(HttpServletRequest request, HttpServletResponse response)
056                    throws IOException {
057    
058                    ObjectInputStream ois;
059    
060                    try {
061                            ois = new ObjectInputStream(request.getInputStream());
062                    }
063                    catch (IOException ioe) {
064                            if (_log.isWarnEnabled()) {
065                                    _log.warn(ioe, ioe);
066                            }
067    
068                            return;
069                    }
070    
071                    Object returnObj = null;
072    
073                    try {
074                            ObjectValuePair<HttpPrincipal, Object> ovp =
075                                    (ObjectValuePair<HttpPrincipal, Object>)ois.readObject();
076    
077                            HttpPrincipal httpPrincipal = ovp.getKey();
078                            Object ovpValue = ovp.getValue();
079    
080                            MethodHandler methodHandler = null;
081                            MethodWrapper methodWrapper = null;
082    
083                            if (ovpValue instanceof MethodHandler) {
084                                    methodHandler = (MethodHandler)ovpValue;
085                            }
086                            else {
087                                    methodWrapper = (MethodWrapper)ovpValue;
088                            }
089    
090                            if (methodHandler != null) {
091                                    if (!isValidRequest(methodHandler.getClassName())) {
092                                            return;
093                                    }
094                            }
095                            else {
096                                    if (!isValidRequest(methodWrapper.getClassName())) {
097                                            return;
098                                    }
099                            }
100    
101                            long companyId = PortalInstances.getCompanyId(request);
102    
103                            if (Validator.isNotNull(httpPrincipal.getLogin())) {
104                                    User user = null;
105    
106                                    try {
107                                            user = UserLocalServiceUtil.getUserByEmailAddress(
108                                                    companyId, httpPrincipal.getLogin());
109                                    }
110                                    catch (NoSuchUserException nsue) {
111                                    }
112    
113                                    if (user == null) {
114                                            try {
115                                                    user = UserLocalServiceUtil.getUserByScreenName(
116                                                            companyId, httpPrincipal.getLogin());
117                                            }
118                                            catch (NoSuchUserException nsue) {
119                                            }
120                                    }
121    
122                                    if (user == null) {
123                                            try {
124                                                    user = UserLocalServiceUtil.getUserById(
125                                                            GetterUtil.getLong(httpPrincipal.getLogin()));
126                                            }
127                                            catch (NoSuchUserException nsue) {
128                                            }
129                                    }
130    
131                                    if (user != null) {
132                                            PrincipalThreadLocal.setName(user.getUserId());
133    
134                                            PermissionChecker permissionChecker =
135                                                    PermissionCheckerFactoryUtil.create(user);
136    
137                                            PermissionThreadLocal.setPermissionChecker(
138                                                    permissionChecker);
139                                    }
140                            }
141    
142                            if (returnObj == null) {
143                                    if (methodHandler != null) {
144                                            returnObj = methodHandler.invoke(true);
145                                    }
146                                    else {
147                                            returnObj = MethodInvoker.invoke(methodWrapper);
148                                    }
149                            }
150                    }
151                    catch (InvocationTargetException ite) {
152                            returnObj = ite.getCause();
153    
154                            if (!(returnObj instanceof PortalException)) {
155                                    ite.printStackTrace();
156    
157                                    returnObj = new SystemException();
158                            }
159                    }
160                    catch (Exception e) {
161                            _log.error(e, e);
162                    }
163    
164                    if (returnObj != null) {
165                            try {
166                                    ObjectOutputStream oos = new ObjectOutputStream(
167                                            response.getOutputStream());
168    
169                                    oos.writeObject(returnObj);
170    
171                                    oos.flush();
172                                    oos.close();
173                            }
174                            catch (IOException ioe) {
175                                    _log.error(ioe, ioe);
176    
177                                    throw ioe;
178                            }
179                    }
180            }
181    
182            protected boolean isValidRequest(String className) {
183                    if (className.contains(".service.") &&
184                            className.endsWith("ServiceUtil") &&
185                            !className.endsWith("LocalServiceUtil")) {
186    
187                            return true;
188                    }
189                    else {
190                            return false;
191                    }
192            }
193    
194            private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
195    
196    }