001
014
015 package com.liferay.portal.servlet;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.util.MethodHandler;
022 import com.liferay.portal.kernel.util.MethodKey;
023 import com.liferay.portal.kernel.util.ObjectValuePair;
024 import com.liferay.portal.security.ac.AccessControlThreadLocal;
025 import com.liferay.portal.security.auth.HttpPrincipal;
026
027 import java.io.IOException;
028 import java.io.ObjectInputStream;
029 import java.io.ObjectOutputStream;
030
031 import java.lang.reflect.InvocationTargetException;
032
033 import javax.servlet.http.HttpServlet;
034 import javax.servlet.http.HttpServletRequest;
035 import javax.servlet.http.HttpServletResponse;
036
037
041 public class TunnelServlet extends HttpServlet {
042
043 @Override
044 public void doPost(HttpServletRequest request, HttpServletResponse response)
045 throws IOException {
046
047 ObjectInputStream ois;
048
049 try {
050 ois = new ObjectInputStream(request.getInputStream());
051 }
052 catch (IOException ioe) {
053 if (_log.isWarnEnabled()) {
054 _log.warn(ioe, ioe);
055 }
056
057 return;
058 }
059
060 Object returnObj = null;
061
062 boolean remoteAccess = AccessControlThreadLocal.isRemoteAccess();
063
064 try {
065 AccessControlThreadLocal.setRemoteAccess(true);
066
067 ObjectValuePair<HttpPrincipal, MethodHandler> ovp =
068 (ObjectValuePair<HttpPrincipal, MethodHandler>)ois.readObject();
069
070 MethodHandler methodHandler = ovp.getValue();
071
072 if (methodHandler != null) {
073 MethodKey methodKey = methodHandler.getMethodKey();
074
075 if (!isValidRequest(methodKey.getDeclaringClass())) {
076 return;
077 }
078
079 returnObj = methodHandler.invoke(true);
080 }
081 }
082 catch (InvocationTargetException ite) {
083 returnObj = ite.getCause();
084
085 if (!(returnObj instanceof PortalException)) {
086 _log.error(ite, ite);
087
088 if (returnObj != null) {
089 Throwable throwable = (Throwable)returnObj;
090
091 returnObj = new SystemException(throwable.getMessage());
092 }
093 else {
094 returnObj = new SystemException();
095 }
096 }
097 }
098 catch (Exception e) {
099 _log.error(e, e);
100 }
101 finally {
102 AccessControlThreadLocal.setRemoteAccess(remoteAccess);
103 }
104
105 if (returnObj != null) {
106 try {
107 ObjectOutputStream oos = new ObjectOutputStream(
108 response.getOutputStream());
109
110 oos.writeObject(returnObj);
111
112 oos.flush();
113 oos.close();
114 }
115 catch (IOException ioe) {
116 _log.error(ioe, ioe);
117
118 throw ioe;
119 }
120 }
121 }
122
123 protected boolean isValidRequest(Class<?> clazz) {
124 String className = clazz.getName();
125
126 if (className.contains(".service.") &&
127 className.endsWith("ServiceUtil") &&
128 !className.endsWith("LocalServiceUtil")) {
129
130 return true;
131 }
132 else {
133 return false;
134 }
135 }
136
137 private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
138
139 }