1
22
23 package com.liferay.portal.servlet.filters.servletauthorizing;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
28 import com.liferay.portal.kernel.util.GetterUtil;
29 import com.liferay.portal.model.User;
30 import com.liferay.portal.security.auth.CompanyThreadLocal;
31 import com.liferay.portal.security.auth.PrincipalThreadLocal;
32 import com.liferay.portal.security.permission.PermissionChecker;
33 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
34 import com.liferay.portal.security.permission.PermissionThreadLocal;
35 import com.liferay.portal.service.UserLocalServiceUtil;
36 import com.liferay.portal.servlet.filters.BasePortalFilter;
37 import com.liferay.portal.util.PortalInstances;
38 import com.liferay.portal.util.PortalUtil;
39 import com.liferay.portal.util.PropsValues;
40 import com.liferay.portal.util.WebKeys;
41
42 import javax.servlet.FilterChain;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpServletResponse;
45 import javax.servlet.http.HttpSession;
46
47 import org.apache.struts.Globals;
48
49
55 public class ServletAuthorizingFilter extends BasePortalFilter {
56
57 protected void processFilter(
58 HttpServletRequest request, HttpServletResponse response,
59 FilterChain filterChain)
60 throws Exception {
61
62 HttpSession session = request.getSession();
63
64
66 long companyId = PortalInstances.getCompanyId(request);
67
68
71 request.setAttribute(WebKeys.COMPANY_ID, new Long(companyId));
72
73
75 long userId = PortalUtil.getUserId(request);
76 String remoteUser = request.getRemoteUser();
77
78 if (!PropsValues.PORTAL_JAAS_ENABLE) {
79 String jRemoteUser = (String)session.getAttribute("j_remoteuser");
80
81 if (jRemoteUser != null) {
82 remoteUser = jRemoteUser;
83
84 session.removeAttribute("j_remoteuser");
85 }
86 }
87
88 if ((userId > 0) && (remoteUser == null)) {
89 remoteUser = String.valueOf(userId);
90 }
91
92
98 request = new ProtectedServletRequest(request, remoteUser);
99
100 if ((userId > 0) || (remoteUser != null)) {
101
102
104 String name = String.valueOf(userId);
105
106 if (remoteUser != null) {
107 name = remoteUser;
108 }
109
110 PrincipalThreadLocal.setName(name);
111
112
114 userId = GetterUtil.getLong(name);
115
116 try {
117
118
120 User user = UserLocalServiceUtil.getUserById(userId);
121
122
124 PermissionChecker permissionChecker =
125 PermissionCheckerFactoryUtil.create(user, true);
126
127 PermissionThreadLocal.setPermissionChecker(permissionChecker);
128
129
131 session.setAttribute(WebKeys.USER_ID, new Long(userId));
132
133
135 session.setAttribute(Globals.LOCALE_KEY, user.getLocale());
136 }
137 catch (Exception e) {
138 _log.error(e, e);
139 }
140 }
141
142 try {
143 processFilter(
144 ServletAuthorizingFilter.class, request, response, filterChain);
145 }
146 finally {
147
148
150 CompanyThreadLocal.setCompanyId(0);
151
152
154 PrincipalThreadLocal.setName(null);
155 }
156 }
157
158 private static Log _log =
159 LogFactoryUtil.getLog(ServletAuthorizingFilter.class);
160
161 }