001
014
015 package com.liferay.portal.servlet;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.util.GetterUtil;
023 import com.liferay.portal.kernel.util.MethodHandler;
024 import com.liferay.portal.kernel.util.MethodInvoker;
025 import com.liferay.portal.kernel.util.MethodWrapper;
026 import com.liferay.portal.kernel.util.ObjectValuePair;
027 import com.liferay.portal.kernel.util.Validator;
028 import com.liferay.portal.model.User;
029 import com.liferay.portal.security.auth.HttpPrincipal;
030 import com.liferay.portal.security.auth.PrincipalThreadLocal;
031 import com.liferay.portal.security.permission.PermissionChecker;
032 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
033 import com.liferay.portal.security.permission.PermissionThreadLocal;
034 import com.liferay.portal.service.UserLocalServiceUtil;
035 import com.liferay.portal.util.PortalInstances;
036
037 import java.io.IOException;
038 import java.io.ObjectInputStream;
039 import java.io.ObjectOutputStream;
040
041 import java.lang.reflect.InvocationTargetException;
042
043 import javax.servlet.http.HttpServlet;
044 import javax.servlet.http.HttpServletRequest;
045 import javax.servlet.http.HttpServletResponse;
046
047
051 @SuppressWarnings("deprecation")
052 public class TunnelServlet extends HttpServlet {
053
054 @Override
055 public void doPost(HttpServletRequest request, HttpServletResponse response)
056 throws IOException {
057
058 ObjectInputStream ois;
059
060 try {
061 ois = new ObjectInputStream(request.getInputStream());
062 }
063 catch (IOException ioe) {
064 if (_log.isWarnEnabled()) {
065 _log.warn(ioe, ioe);
066 }
067
068 return;
069 }
070
071 Object returnObj = null;
072
073 try {
074 ObjectValuePair<HttpPrincipal, Object> ovp =
075 (ObjectValuePair<HttpPrincipal, Object>)ois.readObject();
076
077 HttpPrincipal httpPrincipal = ovp.getKey();
078 Object ovpValue = ovp.getValue();
079
080 MethodHandler methodHandler = null;
081 MethodWrapper methodWrapper = null;
082
083 if (ovpValue instanceof MethodHandler) {
084 methodHandler = (MethodHandler)ovpValue;
085 }
086 else {
087 methodWrapper = (MethodWrapper)ovpValue;
088 }
089
090 if (methodHandler != null) {
091 if (!isValidRequest(methodHandler.getClassName())) {
092 return;
093 }
094 }
095 else {
096 if (!isValidRequest(methodWrapper.getClassName())) {
097 return;
098 }
099 }
100
101 long companyId = PortalInstances.getCompanyId(request);
102
103 if (Validator.isNotNull(httpPrincipal.getLogin())) {
104 User user = null;
105
106 try {
107 user = UserLocalServiceUtil.getUserByEmailAddress(
108 companyId, httpPrincipal.getLogin());
109 }
110 catch (NoSuchUserException nsue) {
111 }
112
113 if (user == null) {
114 try {
115 user = UserLocalServiceUtil.getUserByScreenName(
116 companyId, httpPrincipal.getLogin());
117 }
118 catch (NoSuchUserException nsue) {
119 }
120 }
121
122 if (user == null) {
123 try {
124 user = UserLocalServiceUtil.getUserById(
125 GetterUtil.getLong(httpPrincipal.getLogin()));
126 }
127 catch (NoSuchUserException nsue) {
128 }
129 }
130
131 if (user != null) {
132 PrincipalThreadLocal.setName(user.getUserId());
133
134 PermissionChecker permissionChecker =
135 PermissionCheckerFactoryUtil.create(user);
136
137 PermissionThreadLocal.setPermissionChecker(
138 permissionChecker);
139 }
140 }
141
142 if (returnObj == null) {
143 if (methodHandler != null) {
144 returnObj = methodHandler.invoke(true);
145 }
146 else {
147 returnObj = MethodInvoker.invoke(methodWrapper);
148 }
149 }
150 }
151 catch (InvocationTargetException ite) {
152 returnObj = ite.getCause();
153
154 if (!(returnObj instanceof PortalException)) {
155 ite.printStackTrace();
156
157 returnObj = new SystemException();
158 }
159 }
160 catch (Exception e) {
161 _log.error(e, e);
162 }
163
164 if (returnObj != null) {
165 try {
166 ObjectOutputStream oos = new ObjectOutputStream(
167 response.getOutputStream());
168
169 oos.writeObject(returnObj);
170
171 oos.flush();
172 oos.close();
173 }
174 catch (IOException ioe) {
175 _log.error(ioe, ioe);
176
177 throw ioe;
178 }
179 }
180 }
181
182 protected boolean isValidRequest(String className) {
183 if (className.contains(".service.") &&
184 className.endsWith("ServiceUtil") &&
185 !className.endsWith("LocalServiceUtil")) {
186
187 return true;
188 }
189 else {
190 return false;
191 }
192 }
193
194 private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
195
196 }