001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.struts;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.json.JSONFactoryUtil;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.servlet.HttpHeaders;
022    import com.liferay.portal.kernel.servlet.ServletContextPool;
023    import com.liferay.portal.kernel.util.ContentTypes;
024    import com.liferay.portal.kernel.util.GetterUtil;
025    import com.liferay.portal.kernel.util.ParamUtil;
026    import com.liferay.portal.kernel.util.SetUtil;
027    import com.liferay.portal.kernel.util.StringPool;
028    import com.liferay.portal.kernel.util.Validator;
029    import com.liferay.portal.security.auth.AuthTokenUtil;
030    import com.liferay.portal.security.auth.PrincipalException;
031    import com.liferay.portal.servlet.SharedSessionServletRequest;
032    import com.liferay.portal.util.PortalUtil;
033    import com.liferay.portal.util.PropsValues;
034    import com.liferay.portal.util.WebKeys;
035    
036    import java.io.OutputStream;
037    
038    import java.util.Set;
039    
040    import javax.servlet.RequestDispatcher;
041    import javax.servlet.ServletContext;
042    import javax.servlet.http.HttpServletRequest;
043    import javax.servlet.http.HttpServletResponse;
044    
045    import org.apache.struts.action.Action;
046    import org.apache.struts.action.ActionForm;
047    import org.apache.struts.action.ActionForward;
048    import org.apache.struts.action.ActionMapping;
049    
050    /**
051     * @author Ming-Gih Lam
052     * @author Brian Wing Shun Chan
053     * @author Tomas Polesovsky
054     */
055    public abstract class JSONAction extends Action {
056    
057            @Override
058            public ActionForward execute(
059                            ActionMapping actionMapping, ActionForm actionForm,
060                            HttpServletRequest request, HttpServletResponse response)
061                    throws Exception {
062    
063                    if (rerouteExecute(request, response)) {
064                            return null;
065                    }
066    
067                    String callback = ParamUtil.getString(request, "callback");
068                    String instance = ParamUtil.getString(request, "inst");
069    
070                    String json = null;
071    
072                    try {
073                            checkAuthToken(request);
074    
075                            json = getJSON(actionMapping, actionForm, request, response);
076    
077                            if (Validator.isNotNull(callback)) {
078                                    json = callback + "(" + json + ");";
079                            }
080                            else if (Validator.isNotNull(instance)) {
081                                    json = "var " + instance + "=" + json + ";";
082                            }
083                    }
084                    catch (PrincipalException pe) {
085                            if (_log.isWarnEnabled()) {
086                                    _log.warn(pe.getMessage());
087                            }
088    
089                            json = JSONFactoryUtil.serializeException(pe);
090                    }
091                    catch (Exception e) {
092                            _log.error(e, e);
093    
094                            PortalUtil.sendError(
095                                    HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e, request,
096                                    response);
097    
098                            return null;
099                    }
100    
101                    boolean refresh = ParamUtil.getBoolean(request, "refresh");
102    
103                    if (refresh) {
104                            return actionMapping.findForward(ActionConstants.COMMON_REFERER);
105                    }
106                    else if (Validator.isNotNull(json)) {
107                            response.setCharacterEncoding(StringPool.UTF8);
108                            response.setContentType(ContentTypes.APPLICATION_JSON);
109                            response.setHeader(
110                                    HttpHeaders.CACHE_CONTROL,
111                                    HttpHeaders.CACHE_CONTROL_NO_CACHE_VALUE);
112    
113                            OutputStream outputStream = response.getOutputStream();
114    
115                            byte[] bytes = json.getBytes(StringPool.UTF8);
116    
117                            outputStream.write(bytes);
118    
119                            outputStream.close();
120                    }
121    
122                    return null;
123            }
124    
125            public abstract String getJSON(
126                            ActionMapping actionMapping, ActionForm actionForm,
127                            HttpServletRequest request, HttpServletResponse response)
128                    throws Exception;
129    
130            public void setServletContext(ServletContext servletContext) {
131                    _servletContext = servletContext;
132            }
133    
134            protected void checkAuthToken(HttpServletRequest request)
135                    throws PortalException {
136    
137                    String authType = GetterUtil.getString(request.getAuthType());
138    
139                    if (authType.equals(HttpServletRequest.BASIC_AUTH) ||
140                            authType.equals(HttpServletRequest.DIGEST_AUTH)) {
141    
142                            return;
143                    }
144    
145                    if (PropsValues.AUTH_TOKEN_CHECK_ENABLED &&
146                            PropsValues.JSON_SERVICE_AUTH_TOKEN_ENABLED) {
147    
148                            if (!isAccessAllowed(request, _hostsAllowed)) {
149                                    AuthTokenUtil.check(request);
150                            }
151                    }
152            }
153    
154            protected String getReroutePath() {
155                    return null;
156            }
157    
158            protected boolean isAccessAllowed(
159                    HttpServletRequest request, Set<String> hostsAllowed) {
160    
161                    if (hostsAllowed.isEmpty()) {
162                            return true;
163                    }
164    
165                    String remoteAddr = request.getRemoteAddr();
166    
167                    if (hostsAllowed.contains(remoteAddr)) {
168                            return true;
169                    }
170    
171                    String computerAddress = PortalUtil.getComputerAddress();
172    
173                    if (computerAddress.equals(remoteAddr) &&
174                            hostsAllowed.contains(_SERVER_IP)) {
175    
176                            return true;
177                    }
178    
179                    return false;
180            }
181    
182            protected boolean rerouteExecute(
183                            HttpServletRequest request, HttpServletResponse response)
184                    throws Exception {
185    
186                    String reroutePath = getReroutePath();
187    
188                    if (Validator.isNull(reroutePath)) {
189                            return false;
190                    }
191    
192                    String requestServletContextName = ParamUtil.getString(
193                            request, "servletContextName");
194    
195                    if (Validator.isNull(requestServletContextName)) {
196                            return false;
197                    }
198    
199                    ServletContext servletContext = _servletContext;
200    
201                    if (servletContext == null) {
202                            servletContext = (ServletContext)request.getAttribute(WebKeys.CTX);
203                    }
204    
205                    String servletContextName = GetterUtil.getString(
206                            servletContext.getServletContextName());
207    
208                    if (servletContextName.equals(requestServletContextName)) {
209                            return false;
210                    }
211    
212                    ServletContext requestServletContext = ServletContextPool.get(
213                            requestServletContextName);
214    
215                    if (requestServletContext == null) {
216                            return false;
217                    }
218    
219                    RequestDispatcher requestDispatcher =
220                            requestServletContext.getRequestDispatcher(reroutePath);
221    
222                    if (requestDispatcher == null) {
223                            return false;
224                    }
225    
226                    requestDispatcher.forward(
227                            new SharedSessionServletRequest(request, true), response);
228    
229                    return true;
230            }
231    
232            private static final String _SERVER_IP = "SERVER_IP";
233    
234            private static Log _log = LogFactoryUtil.getLog(JSONAction.class);
235    
236            private Set<String> _hostsAllowed = SetUtil.fromArray(
237                    PropsValues.JSON_SERVICE_AUTH_TOKEN_HOSTS_ALLOWED);
238            private ServletContext _servletContext;
239    
240    }