001
014
015 package com.liferay.portal.servlet;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.io.ProtectedObjectInputStream;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.util.MethodHandler;
023 import com.liferay.portal.kernel.util.MethodKey;
024 import com.liferay.portal.kernel.util.ObjectValuePair;
025 import com.liferay.portal.security.ac.AccessControlThreadLocal;
026 import com.liferay.portal.security.auth.HttpPrincipal;
027
028 import java.io.IOException;
029 import java.io.ObjectInputStream;
030 import java.io.ObjectOutputStream;
031
032 import java.lang.reflect.InvocationTargetException;
033
034 import javax.servlet.http.HttpServlet;
035 import javax.servlet.http.HttpServletRequest;
036 import javax.servlet.http.HttpServletResponse;
037
038
042 public class TunnelServlet extends HttpServlet {
043
044 @Override
045 public void doPost(HttpServletRequest request, HttpServletResponse response)
046 throws IOException {
047
048 ObjectInputStream ois;
049
050 try {
051 ois = new ProtectedObjectInputStream(request.getInputStream());
052 }
053 catch (IOException ioe) {
054 if (_log.isWarnEnabled()) {
055 _log.warn(ioe, ioe);
056 }
057
058 return;
059 }
060
061 Object returnObj = null;
062
063 boolean remoteAccess = AccessControlThreadLocal.isRemoteAccess();
064
065 try {
066 AccessControlThreadLocal.setRemoteAccess(true);
067
068 ObjectValuePair<HttpPrincipal, MethodHandler> ovp =
069 (ObjectValuePair<HttpPrincipal, MethodHandler>)ois.readObject();
070
071 MethodHandler methodHandler = ovp.getValue();
072
073 if (methodHandler != null) {
074 MethodKey methodKey = methodHandler.getMethodKey();
075
076 if (!isValidRequest(methodKey.getDeclaringClass())) {
077 return;
078 }
079
080 returnObj = methodHandler.invoke(true);
081 }
082 }
083 catch (InvocationTargetException ite) {
084 returnObj = ite.getCause();
085
086 if (!(returnObj instanceof PortalException)) {
087 _log.error(ite, ite);
088
089 if (returnObj != null) {
090 Throwable throwable = (Throwable)returnObj;
091
092 returnObj = new SystemException(throwable.getMessage());
093 }
094 else {
095 returnObj = new SystemException();
096 }
097 }
098 }
099 catch (Exception e) {
100 _log.error(e, e);
101 }
102 finally {
103 AccessControlThreadLocal.setRemoteAccess(remoteAccess);
104 }
105
106 if (returnObj != null) {
107 try {
108 ObjectOutputStream oos = new ObjectOutputStream(
109 response.getOutputStream());
110
111 oos.writeObject(returnObj);
112
113 oos.flush();
114 oos.close();
115 }
116 catch (IOException ioe) {
117 _log.error(ioe, ioe);
118
119 throw ioe;
120 }
121 }
122 }
123
124 protected boolean isValidRequest(Class<?> clazz) {
125 String className = clazz.getName();
126
127 if (className.contains(".service.") &&
128 className.endsWith("ServiceUtil") &&
129 !className.endsWith("LocalServiceUtil")) {
130
131 return true;
132 }
133 else {
134 return false;
135 }
136 }
137
138 private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
139
140 }