001
014
015 package com.liferay.portal.servlet;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.util.GetterUtil;
023 import com.liferay.portal.kernel.util.MethodInvoker;
024 import com.liferay.portal.kernel.util.MethodWrapper;
025 import com.liferay.portal.kernel.util.ObjectValuePair;
026 import com.liferay.portal.kernel.util.Validator;
027 import com.liferay.portal.model.User;
028 import com.liferay.portal.security.auth.HttpPrincipal;
029 import com.liferay.portal.security.auth.PrincipalThreadLocal;
030 import com.liferay.portal.security.permission.PermissionChecker;
031 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
032 import com.liferay.portal.security.permission.PermissionThreadLocal;
033 import com.liferay.portal.service.UserLocalServiceUtil;
034 import com.liferay.portal.util.PortalInstances;
035
036 import java.io.IOException;
037 import java.io.ObjectInputStream;
038 import java.io.ObjectOutputStream;
039
040 import java.lang.reflect.InvocationTargetException;
041
042 import javax.servlet.http.HttpServlet;
043 import javax.servlet.http.HttpServletRequest;
044 import javax.servlet.http.HttpServletResponse;
045
046
050 public class TunnelServlet extends HttpServlet {
051
052 public void doPost(HttpServletRequest request, HttpServletResponse response)
053 throws IOException {
054
055 ObjectInputStream ois = new ObjectInputStream(
056 request.getInputStream());
057
058 Object returnObj = null;
059
060 try {
061 ObjectValuePair<HttpPrincipal, MethodWrapper> ovp =
062 (ObjectValuePair<HttpPrincipal, MethodWrapper>)
063 ois.readObject();
064
065 HttpPrincipal httpPrincipal = ovp.getKey();
066 MethodWrapper methodWrapper = ovp.getValue();
067
068 if (!isValidRequest(methodWrapper)) {
069 return;
070 }
071
072 long companyId = PortalInstances.getCompanyId(request);
073
074 if (Validator.isNotNull(httpPrincipal.getLogin())) {
075 User user = null;
076
077 try {
078 user = UserLocalServiceUtil.getUserByEmailAddress(
079 companyId, httpPrincipal.getLogin());
080 }
081 catch (NoSuchUserException nsue) {
082 }
083
084 if (user == null) {
085 try {
086 user = UserLocalServiceUtil.getUserByScreenName(
087 companyId, httpPrincipal.getLogin());
088 }
089 catch (NoSuchUserException nsue) {
090 }
091 }
092
093 if (user == null) {
094 try {
095 user = UserLocalServiceUtil.getUserById(
096 GetterUtil.getLong(httpPrincipal.getLogin()));
097 }
098 catch (NoSuchUserException nsue) {
099 }
100 }
101
102 if (user != null) {
103 PrincipalThreadLocal.setName(user.getUserId());
104
105 PermissionChecker permissionChecker =
106 PermissionCheckerFactoryUtil.create(user, true);
107
108 PermissionThreadLocal.setPermissionChecker(
109 permissionChecker);
110 }
111 }
112
113 if (returnObj == null) {
114 returnObj = MethodInvoker.invoke(methodWrapper);
115 }
116 }
117 catch (InvocationTargetException ite) {
118 returnObj = ite.getCause();
119
120 if (!(returnObj instanceof PortalException)) {
121 ite.printStackTrace();
122
123 returnObj = new SystemException();
124 }
125 }
126 catch (Exception e) {
127 _log.error(e, e);
128 }
129
130 if (returnObj != null) {
131 ObjectOutputStream oos = new ObjectOutputStream(
132 response.getOutputStream());
133
134 oos.writeObject(returnObj);
135
136 oos.flush();
137 oos.close();
138 }
139 }
140
141 protected boolean isValidRequest(MethodWrapper methodWrapper) {
142 String className = methodWrapper.getClassName();
143
144 if (className.contains(".service.") &&
145 className.endsWith("ServiceUtil") &&
146 !className.endsWith("LocalServiceUtil")) {
147
148 return true;
149 }
150 else {
151 return false;
152 }
153 }
154
155 private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
156
157 }