001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.util.MethodHandler;
022    import com.liferay.portal.kernel.util.MethodInvoker;
023    import com.liferay.portal.kernel.util.MethodWrapper;
024    import com.liferay.portal.kernel.util.ObjectValuePair;
025    import com.liferay.portal.security.ac.AccessControlThreadLocal;
026    import com.liferay.portal.security.auth.HttpPrincipal;
027    
028    import java.io.IOException;
029    import java.io.ObjectInputStream;
030    import java.io.ObjectOutputStream;
031    
032    import java.lang.reflect.InvocationTargetException;
033    
034    import javax.servlet.http.HttpServlet;
035    import javax.servlet.http.HttpServletRequest;
036    import javax.servlet.http.HttpServletResponse;
037    
038    /**
039     * @author Michael Weisser
040     * @author Brian Wing Shun Chan
041     */
042    @SuppressWarnings("deprecation")
043    public class TunnelServlet extends HttpServlet {
044    
045            @Override
046            public void doPost(HttpServletRequest request, HttpServletResponse response)
047                    throws IOException {
048    
049                    ObjectInputStream ois;
050    
051                    try {
052                            ois = new ObjectInputStream(request.getInputStream());
053                    }
054                    catch (IOException ioe) {
055                            if (_log.isWarnEnabled()) {
056                                    _log.warn(ioe, ioe);
057                            }
058    
059                            return;
060                    }
061    
062                    Object returnObj = null;
063    
064                    boolean remoteAccess = AccessControlThreadLocal.isRemoteAccess();
065    
066                    try {
067                            AccessControlThreadLocal.setRemoteAccess(true);
068    
069                            ObjectValuePair<HttpPrincipal, Object> ovp =
070                                    (ObjectValuePair<HttpPrincipal, Object>)ois.readObject();
071    
072                            Object ovpValue = ovp.getValue();
073    
074                            MethodHandler methodHandler = null;
075                            MethodWrapper methodWrapper = null;
076    
077                            if (ovpValue instanceof MethodHandler) {
078                                    methodHandler = (MethodHandler)ovpValue;
079                            }
080                            else {
081                                    methodWrapper = (MethodWrapper)ovpValue;
082                            }
083    
084                            if (methodHandler != null) {
085                                    if (!isValidRequest(methodHandler.getClassName())) {
086                                            return;
087                                    }
088                            }
089                            else {
090                                    if (!isValidRequest(methodWrapper.getClassName())) {
091                                            return;
092                                    }
093                            }
094    
095                            if (returnObj == null) {
096                                    if (methodHandler != null) {
097                                            returnObj = methodHandler.invoke(true);
098                                    }
099                                    else {
100                                            returnObj = MethodInvoker.invoke(methodWrapper);
101                                    }
102                            }
103                    }
104                    catch (InvocationTargetException ite) {
105                            returnObj = ite.getCause();
106    
107                            if (!(returnObj instanceof PortalException)) {
108                                    ite.printStackTrace();
109    
110                                    returnObj = new SystemException();
111                            }
112                    }
113                    catch (Exception e) {
114                            _log.error(e, e);
115                    }
116                    finally {
117                            AccessControlThreadLocal.setRemoteAccess(remoteAccess);
118                    }
119    
120                    if (returnObj != null) {
121                            try {
122                                    ObjectOutputStream oos = new ObjectOutputStream(
123                                            response.getOutputStream());
124    
125                                    oos.writeObject(returnObj);
126    
127                                    oos.flush();
128                                    oos.close();
129                            }
130                            catch (IOException ioe) {
131                                    _log.error(ioe, ioe);
132    
133                                    throw ioe;
134                            }
135                    }
136            }
137    
138            protected boolean isValidRequest(String className) {
139                    if (className.contains(".service.") &&
140                            className.endsWith("ServiceUtil") &&
141                            !className.endsWith("LocalServiceUtil")) {
142    
143                            return true;
144                    }
145                    else {
146                            return false;
147                    }
148            }
149    
150            private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
151    
152    }