001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.security.access.control.AccessControlThreadLocal;
022    import com.liferay.portal.kernel.util.MethodHandler;
023    import com.liferay.portal.kernel.util.MethodKey;
024    import com.liferay.portal.kernel.util.ObjectValuePair;
025    import com.liferay.portal.security.auth.HttpPrincipal;
026    import com.liferay.portal.util.PortalUtil;
027    
028    import java.io.IOException;
029    import java.io.ObjectInputStream;
030    import java.io.ObjectOutputStream;
031    
032    import java.lang.reflect.InvocationTargetException;
033    
034    import javax.servlet.ServletException;
035    import javax.servlet.http.HttpServlet;
036    import javax.servlet.http.HttpServletRequest;
037    import javax.servlet.http.HttpServletResponse;
038    
039    /**
040     * @author Michael Weisser
041     * @author Brian Wing Shun Chan
042     */
043    public class TunnelServlet extends HttpServlet {
044    
045            @Override
046            public void doPost(HttpServletRequest request, HttpServletResponse response)
047                    throws IOException {
048    
049                    ObjectInputStream ois = null;
050    
051                    try {
052                            ois = new ObjectInputStream(request.getInputStream());
053                    }
054                    catch (IOException ioe) {
055                            if (_log.isWarnEnabled()) {
056                                    _log.warn(ioe, ioe);
057                            }
058    
059                            return;
060                    }
061    
062                    Object returnObj = null;
063    
064                    boolean remoteAccess = AccessControlThreadLocal.isRemoteAccess();
065    
066                    try {
067                            AccessControlThreadLocal.setRemoteAccess(true);
068    
069                            ObjectValuePair<HttpPrincipal, MethodHandler> ovp =
070                                    (ObjectValuePair<HttpPrincipal, MethodHandler>)ois.readObject();
071    
072                            MethodHandler methodHandler = ovp.getValue();
073    
074                            if (methodHandler != null) {
075                                    MethodKey methodKey = methodHandler.getMethodKey();
076    
077                                    if (!isValidRequest(methodKey.getDeclaringClass())) {
078                                            return;
079                                    }
080    
081                                    returnObj = methodHandler.invoke();
082                            }
083                    }
084                    catch (InvocationTargetException ite) {
085                            returnObj = ite.getCause();
086    
087                            if (!(returnObj instanceof PortalException)) {
088                                    _log.error(ite, ite);
089    
090                                    if (returnObj != null) {
091                                            Throwable throwable = (Throwable)returnObj;
092    
093                                            returnObj = new SystemException(throwable.getMessage());
094                                    }
095                                    else {
096                                            returnObj = new SystemException();
097                                    }
098                            }
099                    }
100                    catch (Exception e) {
101                            _log.error(e, e);
102                    }
103                    finally {
104                            AccessControlThreadLocal.setRemoteAccess(remoteAccess);
105                    }
106    
107                    if (returnObj != null) {
108                            try (ObjectOutputStream oos = new ObjectOutputStream(
109                                            response.getOutputStream())) {
110    
111                                    oos.writeObject(returnObj);
112                            }
113                            catch (IOException ioe) {
114                                    _log.error(ioe, ioe);
115    
116                                    throw ioe;
117                            }
118                    }
119            }
120    
121            @Override
122            protected void doGet(
123                            HttpServletRequest request, HttpServletResponse response)
124                    throws IOException, ServletException {
125    
126                    PortalUtil.sendError(
127                            HttpServletResponse.SC_NOT_FOUND,
128                            new IllegalArgumentException("The GET method is not supported"),
129                            request, response);
130            }
131    
132            protected boolean isValidRequest(Class<?> clazz) {
133                    String className = clazz.getName();
134    
135                    if (className.contains(".service.") &&
136                            className.endsWith("ServiceUtil") &&
137                            !className.endsWith("LocalServiceUtil")) {
138    
139                            return true;
140                    }
141                    else {
142                            return false;
143                    }
144            }
145    
146            private static final Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
147    
148    }