001
014
015 package com.liferay.portal.servlet;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.util.MethodHandler;
022 import com.liferay.portal.kernel.util.MethodInvoker;
023 import com.liferay.portal.kernel.util.MethodWrapper;
024 import com.liferay.portal.kernel.util.ObjectValuePair;
025 import com.liferay.portal.security.ac.AccessControlThreadLocal;
026 import com.liferay.portal.security.auth.HttpPrincipal;
027
028 import java.io.IOException;
029 import java.io.ObjectInputStream;
030 import java.io.ObjectOutputStream;
031
032 import java.lang.reflect.InvocationTargetException;
033
034 import javax.servlet.http.HttpServlet;
035 import javax.servlet.http.HttpServletRequest;
036 import javax.servlet.http.HttpServletResponse;
037
038
042 @SuppressWarnings("deprecation")
043 public class TunnelServlet extends HttpServlet {
044
045 @Override
046 public void doPost(HttpServletRequest request, HttpServletResponse response)
047 throws IOException {
048
049 ObjectInputStream ois;
050
051 try {
052 ois = new ObjectInputStream(request.getInputStream());
053 }
054 catch (IOException ioe) {
055 if (_log.isWarnEnabled()) {
056 _log.warn(ioe, ioe);
057 }
058
059 return;
060 }
061
062 Object returnObj = null;
063
064 boolean remoteAccess = AccessControlThreadLocal.isRemoteAccess();
065
066 try {
067 AccessControlThreadLocal.setRemoteAccess(true);
068
069 ObjectValuePair<HttpPrincipal, Object> ovp =
070 (ObjectValuePair<HttpPrincipal, Object>)ois.readObject();
071
072 Object ovpValue = ovp.getValue();
073
074 MethodHandler methodHandler = null;
075 MethodWrapper methodWrapper = null;
076
077 if (ovpValue instanceof MethodHandler) {
078 methodHandler = (MethodHandler)ovpValue;
079 }
080 else {
081 methodWrapper = (MethodWrapper)ovpValue;
082 }
083
084 if (methodHandler != null) {
085 if (!isValidRequest(methodHandler.getClassName())) {
086 return;
087 }
088 }
089 else {
090 if (!isValidRequest(methodWrapper.getClassName())) {
091 return;
092 }
093 }
094
095 if (returnObj == null) {
096 if (methodHandler != null) {
097 returnObj = methodHandler.invoke(true);
098 }
099 else {
100 returnObj = MethodInvoker.invoke(methodWrapper);
101 }
102 }
103 }
104 catch (InvocationTargetException ite) {
105 returnObj = ite.getCause();
106
107 if (!(returnObj instanceof PortalException)) {
108 ite.printStackTrace();
109
110 returnObj = new SystemException();
111 }
112 }
113 catch (Exception e) {
114 _log.error(e, e);
115 }
116 finally {
117 AccessControlThreadLocal.setRemoteAccess(remoteAccess);
118 }
119
120 if (returnObj != null) {
121 try {
122 ObjectOutputStream oos = new ObjectOutputStream(
123 response.getOutputStream());
124
125 oos.writeObject(returnObj);
126
127 oos.flush();
128 oos.close();
129 }
130 catch (IOException ioe) {
131 _log.error(ioe, ioe);
132
133 throw ioe;
134 }
135 }
136 }
137
138 protected boolean isValidRequest(String className) {
139 if (className.contains(".service.") &&
140 className.endsWith("ServiceUtil") &&
141 !className.endsWith("LocalServiceUtil")) {
142
143 return true;
144 }
145 else {
146 return false;
147 }
148 }
149
150 private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
151
152 }