001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet;
016    
017    import com.liferay.portal.NoSuchUserException;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.exception.SystemException;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.util.GetterUtil;
023    import com.liferay.portal.kernel.util.MethodInvoker;
024    import com.liferay.portal.kernel.util.MethodWrapper;
025    import com.liferay.portal.kernel.util.ObjectValuePair;
026    import com.liferay.portal.kernel.util.Validator;
027    import com.liferay.portal.model.User;
028    import com.liferay.portal.security.auth.HttpPrincipal;
029    import com.liferay.portal.security.auth.PrincipalThreadLocal;
030    import com.liferay.portal.security.permission.PermissionChecker;
031    import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
032    import com.liferay.portal.security.permission.PermissionThreadLocal;
033    import com.liferay.portal.service.UserLocalServiceUtil;
034    import com.liferay.portal.util.PortalInstances;
035    
036    import java.io.IOException;
037    import java.io.ObjectInputStream;
038    import java.io.ObjectOutputStream;
039    
040    import java.lang.reflect.InvocationTargetException;
041    
042    import javax.servlet.http.HttpServlet;
043    import javax.servlet.http.HttpServletRequest;
044    import javax.servlet.http.HttpServletResponse;
045    
046    /**
047     * @author Michael Weisser
048     * @author Brian Wing Shun Chan
049     */
050    public class TunnelServlet extends HttpServlet {
051    
052            public void doPost(HttpServletRequest request, HttpServletResponse response)
053                    throws IOException {
054    
055                    ObjectInputStream ois = new ObjectInputStream(
056                            request.getInputStream());
057    
058                    Object returnObj = null;
059    
060                    try {
061                            ObjectValuePair<HttpPrincipal, MethodWrapper> ovp =
062                                    (ObjectValuePair<HttpPrincipal, MethodWrapper>)
063                                            ois.readObject();
064    
065                            HttpPrincipal httpPrincipal = ovp.getKey();
066                            MethodWrapper methodWrapper = ovp.getValue();
067    
068                            if (!isValidRequest(methodWrapper)) {
069                                    return;
070                            }
071    
072                            long companyId = PortalInstances.getCompanyId(request);
073    
074                            if (Validator.isNotNull(httpPrincipal.getLogin())) {
075                                    User user = null;
076    
077                                    try {
078                                            user = UserLocalServiceUtil.getUserByEmailAddress(
079                                                    companyId, httpPrincipal.getLogin());
080                                    }
081                                    catch (NoSuchUserException nsue) {
082                                    }
083    
084                                    if (user == null) {
085                                            try {
086                                                    user = UserLocalServiceUtil.getUserByScreenName(
087                                                            companyId, httpPrincipal.getLogin());
088                                            }
089                                            catch (NoSuchUserException nsue) {
090                                            }
091                                    }
092    
093                                    if (user == null) {
094                                            try {
095                                                    user = UserLocalServiceUtil.getUserById(
096                                                            GetterUtil.getLong(httpPrincipal.getLogin()));
097                                            }
098                                            catch (NoSuchUserException nsue) {
099                                            }
100                                    }
101    
102                                    if (user != null) {
103                                            PrincipalThreadLocal.setName(user.getUserId());
104    
105                                            PermissionChecker permissionChecker =
106                                                    PermissionCheckerFactoryUtil.create(user, true);
107    
108                                            PermissionThreadLocal.setPermissionChecker(
109                                                    permissionChecker);
110                                    }
111                            }
112    
113                            if (returnObj == null) {
114                                    returnObj = MethodInvoker.invoke(methodWrapper);
115                            }
116                    }
117                    catch (InvocationTargetException ite) {
118                            returnObj = ite.getCause();
119    
120                            if (!(returnObj instanceof PortalException)) {
121                                    ite.printStackTrace();
122    
123                                    returnObj = new SystemException();
124                            }
125                    }
126                    catch (Exception e) {
127                            _log.error(e, e);
128                    }
129    
130                    if (returnObj != null) {
131                            ObjectOutputStream oos = new ObjectOutputStream(
132                                    response.getOutputStream());
133    
134                            oos.writeObject(returnObj);
135    
136                            oos.flush();
137                            oos.close();
138                    }
139            }
140    
141            protected boolean isValidRequest(MethodWrapper methodWrapper) {
142                    String className = methodWrapper.getClassName();
143    
144                    if (className.contains(".service.") &&
145                            className.endsWith("ServiceUtil") &&
146                            !className.endsWith("LocalServiceUtil")) {
147    
148                            return true;
149                    }
150                    else {
151                            return false;
152                    }
153            }
154    
155            private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
156    
157    }