001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.servlet;
016    
017    import com.liferay.portal.action.JSONServiceAction;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.servlet.PluginContextListener;
021    import com.liferay.portal.kernel.util.GetterUtil;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.auth.PrincipalThreadLocal;
024    import com.liferay.portal.security.pacl.PACLClassLoaderUtil;
025    import com.liferay.portal.security.permission.PermissionChecker;
026    import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
027    import com.liferay.portal.security.permission.PermissionThreadLocal;
028    import com.liferay.portal.service.UserLocalServiceUtil;
029    import com.liferay.portal.struts.JSONAction;
030    
031    import java.io.IOException;
032    
033    import javax.servlet.ServletConfig;
034    import javax.servlet.ServletContext;
035    import javax.servlet.ServletException;
036    import javax.servlet.http.HttpServlet;
037    import javax.servlet.http.HttpServletRequest;
038    import javax.servlet.http.HttpServletResponse;
039    
040    /**
041     * @author Brian Wing Shun Chan
042     */
043    public class JSONServlet extends HttpServlet {
044    
045            @Override
046            public void init(ServletConfig servletConfig) {
047                    ServletContext servletContext = servletConfig.getServletContext();
048    
049                    _pluginClassLoader = (ClassLoader)servletContext.getAttribute(
050                            PluginContextListener.PLUGIN_CLASS_LOADER);
051    
052                    _jsonAction = getJSONAction(servletContext);
053            }
054    
055            @Override
056            @SuppressWarnings("unused")
057            public void service(
058                            HttpServletRequest request, HttpServletResponse response)
059                    throws IOException, ServletException {
060    
061                    try {
062                            resolveRemoteUser(request);
063    
064                            if (_pluginClassLoader == null) {
065                                    _jsonAction.execute(null, null, request, response);
066                            }
067                            else {
068                                    ClassLoader contextClassLoader =
069                                            PACLClassLoaderUtil.getContextClassLoader();
070    
071                                    try {
072                                            PACLClassLoaderUtil.setContextClassLoader(
073                                                    _pluginClassLoader);
074    
075                                            _jsonAction.execute(null, null, request, response);
076                                    }
077                                    finally {
078                                            PACLClassLoaderUtil.setContextClassLoader(
079                                                    contextClassLoader);
080                                    }
081                            }
082                    }
083                    catch (Exception e) {
084                            _log.error(e, e);
085                    }
086            }
087    
088            protected JSONAction getJSONAction(ServletContext servletContext) {
089                    JSONAction jsonAction = new JSONServiceAction();
090    
091                    jsonAction.setServletContext(servletContext);
092    
093                    return jsonAction;
094            }
095    
096            protected void resolveRemoteUser(HttpServletRequest request)
097                    throws Exception {
098    
099                    String remoteUser = request.getRemoteUser();
100    
101                    if (_log.isDebugEnabled()) {
102                            _log.debug("Remote user " + remoteUser);
103                    }
104    
105                    if (remoteUser != null) {
106                            PrincipalThreadLocal.setName(remoteUser);
107    
108                            long userId = GetterUtil.getLong(remoteUser);
109    
110                            User user = UserLocalServiceUtil.getUserById(userId);
111    
112                            PermissionChecker permissionChecker =
113                                    PermissionCheckerFactoryUtil.create(user);
114    
115                            PermissionThreadLocal.setPermissionChecker(permissionChecker);
116                    }
117            }
118    
119            private static Log _log = LogFactoryUtil.getLog(JSONServlet.class);
120    
121            private JSONAction _jsonAction;
122            private ClassLoader _pluginClassLoader;
123    
124    }