001
014
015 package com.liferay.portal.struts;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.json.JSONFactoryUtil;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.servlet.HttpHeaders;
022 import com.liferay.portal.kernel.servlet.ServletContextPool;
023 import com.liferay.portal.kernel.util.ContentTypes;
024 import com.liferay.portal.kernel.util.GetterUtil;
025 import com.liferay.portal.kernel.util.ParamUtil;
026 import com.liferay.portal.kernel.util.SetUtil;
027 import com.liferay.portal.kernel.util.StringPool;
028 import com.liferay.portal.kernel.util.Validator;
029 import com.liferay.portal.security.auth.AuthTokenUtil;
030 import com.liferay.portal.security.auth.PrincipalException;
031 import com.liferay.portal.servlet.SharedSessionServletRequest;
032 import com.liferay.portal.util.PortalUtil;
033 import com.liferay.portal.util.PropsValues;
034 import com.liferay.portal.util.WebKeys;
035
036 import java.io.OutputStream;
037
038 import java.util.Set;
039
040 import javax.servlet.RequestDispatcher;
041 import javax.servlet.ServletContext;
042 import javax.servlet.http.HttpServletRequest;
043 import javax.servlet.http.HttpServletResponse;
044
045 import org.apache.struts.action.Action;
046 import org.apache.struts.action.ActionForm;
047 import org.apache.struts.action.ActionForward;
048 import org.apache.struts.action.ActionMapping;
049
050
055 public abstract class JSONAction extends Action {
056
057 @Override
058 public ActionForward execute(
059 ActionMapping actionMapping, ActionForm actionForm,
060 HttpServletRequest request, HttpServletResponse response)
061 throws Exception {
062
063 if (rerouteExecute(request, response)) {
064 return null;
065 }
066
067 String callback = ParamUtil.getString(request, "callback");
068 String instance = ParamUtil.getString(request, "inst");
069
070 String json = null;
071
072 try {
073 checkAuthToken(request);
074
075 json = getJSON(actionMapping, actionForm, request, response);
076
077 if (Validator.isNotNull(callback)) {
078 json = callback + "(" + json + ");";
079 }
080 else if (Validator.isNotNull(instance)) {
081 json = "var " + instance + "=" + json + ";";
082 }
083 }
084 catch (PrincipalException pe) {
085 if (_log.isWarnEnabled()) {
086 _log.warn(pe.getMessage());
087 }
088
089 json = JSONFactoryUtil.serializeException(pe);
090 }
091 catch (Exception e) {
092 _log.error(e, e);
093
094 PortalUtil.sendError(
095 HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e, request,
096 response);
097
098 return null;
099 }
100
101 boolean refresh = ParamUtil.getBoolean(request, "refresh");
102
103 if (refresh) {
104 return actionMapping.findForward(ActionConstants.COMMON_REFERER);
105 }
106 else if (Validator.isNotNull(json)) {
107 response.setCharacterEncoding(StringPool.UTF8);
108 response.setContentType(ContentTypes.APPLICATION_JSON);
109 response.setHeader(
110 HttpHeaders.CACHE_CONTROL,
111 HttpHeaders.CACHE_CONTROL_NO_CACHE_VALUE);
112
113 OutputStream outputStream = response.getOutputStream();
114
115 byte[] bytes = json.getBytes(StringPool.UTF8);
116
117 outputStream.write(bytes);
118
119 outputStream.close();
120 }
121
122 return null;
123 }
124
125 public abstract String getJSON(
126 ActionMapping actionMapping, ActionForm actionForm,
127 HttpServletRequest request, HttpServletResponse response)
128 throws Exception;
129
130 public void setServletContext(ServletContext servletContext) {
131 _servletContext = servletContext;
132 }
133
134 protected void checkAuthToken(HttpServletRequest request)
135 throws PortalException {
136
137 String authType = GetterUtil.getString(request.getAuthType());
138
139 if (authType.equals(HttpServletRequest.BASIC_AUTH) ||
140 authType.equals(HttpServletRequest.DIGEST_AUTH)) {
141
142 return;
143 }
144
145 if (PropsValues.AUTH_TOKEN_CHECK_ENABLED &&
146 PropsValues.JSON_SERVICE_AUTH_TOKEN_ENABLED) {
147
148 if (!isAccessAllowed(request, _hostsAllowed)) {
149 AuthTokenUtil.check(request);
150 }
151 }
152 }
153
154 protected String getReroutePath() {
155 return null;
156 }
157
158 protected boolean isAccessAllowed(
159 HttpServletRequest request, Set<String> hostsAllowed) {
160
161 if (hostsAllowed.isEmpty()) {
162 return true;
163 }
164
165 String remoteAddr = request.getRemoteAddr();
166
167 if (hostsAllowed.contains(remoteAddr)) {
168 return true;
169 }
170
171 String computerAddress = PortalUtil.getComputerAddress();
172
173 if (computerAddress.equals(remoteAddr) &&
174 hostsAllowed.contains(_SERVER_IP)) {
175
176 return true;
177 }
178
179 return false;
180 }
181
182 protected boolean rerouteExecute(
183 HttpServletRequest request, HttpServletResponse response)
184 throws Exception {
185
186 String reroutePath = getReroutePath();
187
188 if (Validator.isNull(reroutePath)) {
189 return false;
190 }
191
192 String requestServletContextName = ParamUtil.getString(
193 request, "servletContextName");
194
195 if (Validator.isNull(requestServletContextName)) {
196 return false;
197 }
198
199 ServletContext servletContext = _servletContext;
200
201 if (servletContext == null) {
202 servletContext = (ServletContext)request.getAttribute(WebKeys.CTX);
203 }
204
205 String servletContextName = GetterUtil.getString(
206 servletContext.getServletContextName());
207
208 if (servletContextName.equals(requestServletContextName)) {
209 return false;
210 }
211
212 ServletContext requestServletContext = ServletContextPool.get(
213 requestServletContextName);
214
215 if (requestServletContext == null) {
216 return false;
217 }
218
219 RequestDispatcher requestDispatcher =
220 requestServletContext.getRequestDispatcher(reroutePath);
221
222 if (requestDispatcher == null) {
223 return false;
224 }
225
226 requestDispatcher.forward(
227 new SharedSessionServletRequest(request, true), response);
228
229 return true;
230 }
231
232 private static final String _SERVER_IP = "SERVER_IP";
233
234 private static Log _log = LogFactoryUtil.getLog(JSONAction.class);
235
236 private Set<String> _hostsAllowed = SetUtil.fromArray(
237 PropsValues.JSON_SERVICE_AUTH_TOKEN_HOSTS_ALLOWED);
238 private ServletContext _servletContext;
239
240 }