001
014
015 package com.liferay.portal.servlet;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.security.access.control.AccessControlThreadLocal;
022 import com.liferay.portal.kernel.util.MethodHandler;
023 import com.liferay.portal.kernel.util.MethodKey;
024 import com.liferay.portal.kernel.util.ObjectValuePair;
025 import com.liferay.portal.security.auth.HttpPrincipal;
026 import com.liferay.portal.util.PortalUtil;
027
028 import java.io.IOException;
029 import java.io.ObjectInputStream;
030 import java.io.ObjectOutputStream;
031
032 import java.lang.reflect.InvocationTargetException;
033
034 import javax.servlet.ServletException;
035 import javax.servlet.http.HttpServlet;
036 import javax.servlet.http.HttpServletRequest;
037 import javax.servlet.http.HttpServletResponse;
038
039
043 public class TunnelServlet extends HttpServlet {
044
045 @Override
046 public void doPost(HttpServletRequest request, HttpServletResponse response)
047 throws IOException {
048
049 ObjectInputStream ois = null;
050
051 try {
052 ois = new ObjectInputStream(request.getInputStream());
053 }
054 catch (IOException ioe) {
055 if (_log.isWarnEnabled()) {
056 _log.warn(ioe, ioe);
057 }
058
059 return;
060 }
061
062 Object returnObj = null;
063
064 boolean remoteAccess = AccessControlThreadLocal.isRemoteAccess();
065
066 try {
067 AccessControlThreadLocal.setRemoteAccess(true);
068
069 ObjectValuePair<HttpPrincipal, MethodHandler> ovp =
070 (ObjectValuePair<HttpPrincipal, MethodHandler>)ois.readObject();
071
072 MethodHandler methodHandler = ovp.getValue();
073
074 if (methodHandler != null) {
075 MethodKey methodKey = methodHandler.getMethodKey();
076
077 if (!isValidRequest(methodKey.getDeclaringClass())) {
078 return;
079 }
080
081 returnObj = methodHandler.invoke();
082 }
083 }
084 catch (InvocationTargetException ite) {
085 returnObj = ite.getCause();
086
087 if (!(returnObj instanceof PortalException)) {
088 _log.error(ite, ite);
089
090 if (returnObj != null) {
091 Throwable throwable = (Throwable)returnObj;
092
093 returnObj = new SystemException(throwable.getMessage());
094 }
095 else {
096 returnObj = new SystemException();
097 }
098 }
099 }
100 catch (Exception e) {
101 _log.error(e, e);
102 }
103 finally {
104 AccessControlThreadLocal.setRemoteAccess(remoteAccess);
105 }
106
107 if (returnObj != null) {
108 try (ObjectOutputStream oos = new ObjectOutputStream(
109 response.getOutputStream())) {
110
111 oos.writeObject(returnObj);
112 }
113 catch (IOException ioe) {
114 _log.error(ioe, ioe);
115
116 throw ioe;
117 }
118 }
119 }
120
121 @Override
122 protected void doGet(
123 HttpServletRequest request, HttpServletResponse response)
124 throws IOException, ServletException {
125
126 PortalUtil.sendError(
127 HttpServletResponse.SC_NOT_FOUND,
128 new IllegalArgumentException("The GET method is not supported"),
129 request, response);
130 }
131
132 protected boolean isValidRequest(Class<?> clazz) {
133 String className = clazz.getName();
134
135 if (className.contains(".service.") &&
136 className.endsWith("ServiceUtil") &&
137 !className.endsWith("LocalServiceUtil")) {
138
139 return true;
140 }
141 else {
142 return false;
143 }
144 }
145
146 private static final Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
147
148 }