001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.jsonwebservice;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.servlet.PluginContextListener;
020    import com.liferay.portal.kernel.upload.UploadServletRequest;
021    import com.liferay.portal.kernel.util.ContextPathUtil;
022    import com.liferay.portal.kernel.util.GetterUtil;
023    import com.liferay.portal.kernel.util.HttpUtil;
024    import com.liferay.portal.kernel.util.StreamUtil;
025    import com.liferay.portal.kernel.util.StringPool;
026    import com.liferay.portal.kernel.util.Validator;
027    import com.liferay.portal.model.User;
028    import com.liferay.portal.security.auth.CompanyThreadLocal;
029    import com.liferay.portal.security.permission.PermissionChecker;
030    import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
031    import com.liferay.portal.security.permission.PermissionThreadLocal;
032    import com.liferay.portal.servlet.JSONServlet;
033    import com.liferay.portal.servlet.UserResolver;
034    import com.liferay.portal.struts.JSONAction;
035    import com.liferay.portal.upload.UploadServletRequestImpl;
036    import com.liferay.portal.util.PortalUtil;
037    import com.liferay.portal.util.PropsValues;
038    
039    import java.io.IOException;
040    import java.io.InputStream;
041    import java.io.OutputStream;
042    
043    import java.net.URL;
044    
045    import javax.servlet.RequestDispatcher;
046    import javax.servlet.ServletContext;
047    import javax.servlet.ServletException;
048    import javax.servlet.http.HttpServletRequest;
049    import javax.servlet.http.HttpServletResponse;
050    import javax.servlet.http.HttpSession;
051    
052    /**
053     * @author Igor Spasic
054     */
055    public class JSONWebServiceServlet extends JSONServlet {
056    
057            @Override
058            public void destroy() {
059                    _jsonWebServiceServiceAction.destroy();
060    
061                    super.destroy();
062            }
063    
064            @Override
065            public void service(
066                            HttpServletRequest request, HttpServletResponse response)
067                    throws IOException, ServletException {
068    
069                    if (PortalUtil.isMultipartRequest(request)) {
070                            UploadServletRequest uploadServletRequest =
071                                    new UploadServletRequestImpl(request);
072    
073                            request = uploadServletRequest;
074                    }
075    
076                    String path = GetterUtil.getString(request.getPathInfo());
077    
078                    if (!path.equals(StringPool.SLASH) && !path.equals(StringPool.BLANK)) {
079                            super.service(request, response);
080    
081                            return;
082                    }
083    
084                    String uri = request.getRequestURI();
085    
086                    int pos = uri.indexOf("/secure/");
087    
088                    if (pos != -1) {
089                            uri = uri.substring(0, pos) + uri.substring(pos + 7);
090    
091                            String queryString = request.getQueryString();
092    
093                            if (queryString != null) {
094                                    uri = uri.concat(StringPool.QUESTION).concat(queryString);
095                            }
096    
097                            if (_log.isDebugEnabled()) {
098                                    _log.debug("Redirect from secure to public");
099                            }
100    
101                            response.sendRedirect(uri);
102    
103                            return;
104                    }
105    
106                    if (_log.isDebugEnabled()) {
107                            _log.debug("Servlet context " + request.getContextPath());
108                    }
109    
110                    String apiPath = PortalUtil.getPathMain() + "/portal/api/jsonws";
111    
112                    HttpSession session = request.getSession();
113    
114                    ServletContext servletContext = session.getServletContext();
115    
116                    if (servletContext.getContext(PropsValues.PORTAL_CTX) != null) {
117                            RequestDispatcher requestDispatcher = request.getRequestDispatcher(
118                                    apiPath);
119    
120                            requestDispatcher.forward(request, response);
121                    }
122                    else {
123                            String requestURI = request.getRequestURI();
124                            String requestURL = String.valueOf(request.getRequestURL());
125    
126                            String serverURL = requestURL.substring(
127                                    0, requestURL.length() - requestURI.length());
128    
129                            String queryString = request.getQueryString();
130    
131                            if (Validator.isNull(queryString)) {
132                                    queryString = StringPool.BLANK;
133                            }
134                            else {
135                                    queryString += StringPool.AMPERSAND;
136                            }
137    
138                            String servletContextPath = ContextPathUtil.getContextPath(
139                                    servletContext);
140    
141                            queryString +=
142                                    "contextPath=" + HttpUtil.encodeURL(servletContextPath);
143    
144                            apiPath = serverURL + apiPath + StringPool.QUESTION + queryString;
145    
146                            URL url = new URL(apiPath);
147    
148                            InputStream inputStream = null;
149    
150                            try {
151                                    inputStream = url.openStream();
152    
153                                    OutputStream outputStream = response.getOutputStream();
154    
155                                    StreamUtil.transfer(inputStream, outputStream);
156                            }
157                            finally {
158                                    StreamUtil.cleanUp(inputStream);
159                            }
160                    }
161            }
162    
163            @Override
164            protected JSONAction getJSONAction(ServletContext servletContext) {
165                    ClassLoader classLoader = (ClassLoader)servletContext.getAttribute(
166                            PluginContextListener.PLUGIN_CLASS_LOADER);
167    
168                    _jsonWebServiceServiceAction = new JSONWebServiceServiceAction(
169                            ContextPathUtil.getContextPath(servletContext), classLoader);
170    
171                    _jsonWebServiceServiceAction.setServletContext(servletContext);
172    
173                    return _jsonWebServiceServiceAction;
174            }
175    
176            @Override
177            protected void resolveRemoteUser(HttpServletRequest request)
178                    throws Exception {
179    
180                    UserResolver userResolver = new UserResolver(request);
181    
182                    CompanyThreadLocal.setCompanyId(userResolver.getCompanyId());
183    
184                    request.setAttribute("companyId", userResolver.getCompanyId());
185    
186                    User user = userResolver.getUser();
187    
188                    if (user != null) {
189                            PermissionChecker permissionChecker =
190                                    PermissionCheckerFactoryUtil.create(user);
191    
192                            PermissionThreadLocal.setPermissionChecker(permissionChecker);
193    
194                            request.setAttribute("user", user);
195                            request.setAttribute("userId", user.getUserId());
196                    }
197            }
198    
199            private static Log _log = LogFactoryUtil.getLog(
200                    JSONWebServiceServlet.class);
201    
202            private JSONWebServiceServiceAction _jsonWebServiceServiceAction;
203    
204    }