001
014
015 package com.liferay.portal.struts;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.json.JSONFactoryUtil;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.servlet.HttpHeaders;
022 import com.liferay.portal.kernel.servlet.ServletContextPool;
023 import com.liferay.portal.kernel.util.ContentTypes;
024 import com.liferay.portal.kernel.util.GetterUtil;
025 import com.liferay.portal.kernel.util.ParamUtil;
026 import com.liferay.portal.kernel.util.SetUtil;
027 import com.liferay.portal.kernel.util.StringPool;
028 import com.liferay.portal.kernel.util.Validator;
029 import com.liferay.portal.security.ac.AccessControlUtil;
030 import com.liferay.portal.security.auth.AuthSettingsUtil;
031 import com.liferay.portal.security.auth.AuthTokenUtil;
032 import com.liferay.portal.security.auth.PortalSessionAuthVerifier;
033 import com.liferay.portal.servlet.SharedSessionServletRequest;
034 import com.liferay.portal.util.PortalUtil;
035 import com.liferay.portal.util.PropsValues;
036 import com.liferay.portal.util.WebKeys;
037
038 import java.io.OutputStream;
039
040 import java.util.Set;
041
042 import javax.servlet.RequestDispatcher;
043 import javax.servlet.ServletContext;
044 import javax.servlet.http.HttpServletRequest;
045 import javax.servlet.http.HttpServletResponse;
046
047 import org.apache.struts.action.Action;
048 import org.apache.struts.action.ActionForm;
049 import org.apache.struts.action.ActionForward;
050 import org.apache.struts.action.ActionMapping;
051
052
057 public abstract class JSONAction extends Action {
058
059 @Override
060 public ActionForward execute(
061 ActionMapping actionMapping, ActionForm actionForm,
062 HttpServletRequest request, HttpServletResponse response)
063 throws Exception {
064
065 if (rerouteExecute(request, response)) {
066 return null;
067 }
068
069 String callback = ParamUtil.getString(request, "callback");
070 String instance = ParamUtil.getString(request, "inst");
071
072 String json = null;
073
074 try {
075 checkAuthToken(request);
076
077 json = getJSON(actionMapping, actionForm, request, response);
078
079 if (Validator.isNotNull(callback)) {
080 json = callback + "(" + json + ");";
081 }
082 else if (Validator.isNotNull(instance)) {
083 json = "var " + instance + "=" + json + ";";
084 }
085 }
086 catch (SecurityException se) {
087 if (_log.isWarnEnabled()) {
088 _log.warn(se.getMessage());
089 }
090
091 json = JSONFactoryUtil.serializeException(se);
092 }
093 catch (Exception e) {
094 _log.error(e, e);
095
096 PortalUtil.sendError(
097 HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e, request,
098 response);
099
100 return null;
101 }
102
103 boolean refresh = ParamUtil.getBoolean(request, "refresh");
104
105 if (refresh) {
106 return actionMapping.findForward(ActionConstants.COMMON_REFERER);
107 }
108 else if (Validator.isNotNull(json)) {
109 response.setCharacterEncoding(StringPool.UTF8);
110 response.setContentType(ContentTypes.APPLICATION_JSON);
111 response.setHeader(
112 HttpHeaders.CACHE_CONTROL,
113 HttpHeaders.CACHE_CONTROL_NO_CACHE_VALUE);
114
115 OutputStream outputStream = response.getOutputStream();
116
117 byte[] bytes = json.getBytes(StringPool.UTF8);
118
119 outputStream.write(bytes);
120
121 outputStream.close();
122 }
123
124 return null;
125 }
126
127 public abstract String getJSON(
128 ActionMapping actionMapping, ActionForm actionForm,
129 HttpServletRequest request, HttpServletResponse response)
130 throws Exception;
131
132 public void setServletContext(ServletContext servletContext) {
133 _servletContext = servletContext;
134 }
135
136 protected void checkAuthToken(HttpServletRequest request)
137 throws PortalException {
138
139 String authType = GetterUtil.getString(request.getAuthType());
140
141
142
143 if (AccessControlUtil.getAccessControlContext() == null) {
144 if (authType.equals(HttpServletRequest.BASIC_AUTH) ||
145 authType.equals(HttpServletRequest.DIGEST_AUTH)) {
146
147 return;
148 }
149 }
150 else {
151
152
153
154
155 if (!authType.equals(PortalSessionAuthVerifier.AUTH_TYPE)) {
156 return;
157 }
158 }
159
160 if (PropsValues.AUTH_TOKEN_CHECK_ENABLED &&
161 PropsValues.JSON_SERVICE_AUTH_TOKEN_ENABLED) {
162
163 if (!AuthSettingsUtil.isAccessAllowed(request, _hostsAllowed)) {
164 AuthTokenUtil.check(request);
165 }
166 }
167 }
168
169 protected String getReroutePath() {
170 return null;
171 }
172
173 protected boolean rerouteExecute(
174 HttpServletRequest request, HttpServletResponse response)
175 throws Exception {
176
177 String reroutePath = getReroutePath();
178
179 if (Validator.isNull(reroutePath)) {
180 return false;
181 }
182
183 String requestServletContextName = ParamUtil.getString(
184 request, "servletContextName");
185
186 if (Validator.isNull(requestServletContextName)) {
187 return false;
188 }
189
190 ServletContext servletContext = _servletContext;
191
192 if (servletContext == null) {
193 servletContext = (ServletContext)request.getAttribute(WebKeys.CTX);
194 }
195
196 String servletContextName = GetterUtil.getString(
197 servletContext.getServletContextName());
198
199 if (servletContextName.equals(requestServletContextName)) {
200 return false;
201 }
202
203 ServletContext requestServletContext = ServletContextPool.get(
204 requestServletContextName);
205
206 if (requestServletContext == null) {
207 return false;
208 }
209
210 RequestDispatcher requestDispatcher =
211 requestServletContext.getRequestDispatcher(reroutePath);
212
213 if (requestDispatcher == null) {
214 return false;
215 }
216
217 requestDispatcher.forward(
218 new SharedSessionServletRequest(request, true), response);
219
220 return true;
221 }
222
223 private static Log _log = LogFactoryUtil.getLog(JSONAction.class);
224
225 private Set<String> _hostsAllowed = SetUtil.fromArray(
226 PropsValues.JSON_SERVICE_AUTH_TOKEN_HOSTS_ALLOWED);
227 private ServletContext _servletContext;
228
229 }