001
014
015 package com.liferay.portal.servlet;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.io.ProtectedObjectInputStream;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.security.access.control.AccessControlThreadLocal;
023 import com.liferay.portal.kernel.util.MethodHandler;
024 import com.liferay.portal.kernel.util.MethodKey;
025 import com.liferay.portal.kernel.util.ObjectValuePair;
026 import com.liferay.portal.security.auth.HttpPrincipal;
027 import com.liferay.portal.util.PortalUtil;
028
029 import java.io.IOException;
030 import java.io.ObjectInputStream;
031 import java.io.ObjectOutputStream;
032
033 import java.lang.reflect.InvocationTargetException;
034
035 import javax.servlet.ServletException;
036 import javax.servlet.http.HttpServlet;
037 import javax.servlet.http.HttpServletRequest;
038 import javax.servlet.http.HttpServletResponse;
039
040
044 public class TunnelServlet extends HttpServlet {
045
046 @Override
047 public void doPost(HttpServletRequest request, HttpServletResponse response)
048 throws IOException {
049
050 ObjectInputStream ois = null;
051
052 try {
053 ois = new ProtectedObjectInputStream(request.getInputStream());
054 }
055 catch (IOException ioe) {
056 if (_log.isWarnEnabled()) {
057 _log.warn(ioe, ioe);
058 }
059
060 return;
061 }
062
063 Object returnObj = null;
064
065 boolean remoteAccess = AccessControlThreadLocal.isRemoteAccess();
066
067 try {
068 AccessControlThreadLocal.setRemoteAccess(true);
069
070 ObjectValuePair<HttpPrincipal, MethodHandler> ovp =
071 (ObjectValuePair<HttpPrincipal, MethodHandler>)ois.readObject();
072
073 MethodHandler methodHandler = ovp.getValue();
074
075 if (methodHandler != null) {
076 MethodKey methodKey = methodHandler.getMethodKey();
077
078 if (!isValidRequest(methodKey.getDeclaringClass())) {
079 return;
080 }
081
082 returnObj = methodHandler.invoke();
083 }
084 }
085 catch (InvocationTargetException ite) {
086 returnObj = ite.getCause();
087
088 if (!(returnObj instanceof PortalException)) {
089 _log.error(ite, ite);
090
091 if (returnObj != null) {
092 Throwable throwable = (Throwable)returnObj;
093
094 returnObj = new SystemException(throwable.getMessage());
095 }
096 else {
097 returnObj = new SystemException();
098 }
099 }
100 }
101 catch (Exception e) {
102 _log.error(e, e);
103 }
104 finally {
105 AccessControlThreadLocal.setRemoteAccess(remoteAccess);
106 }
107
108 if (returnObj != null) {
109 try (ObjectOutputStream oos = new ObjectOutputStream(
110 response.getOutputStream())) {
111
112 oos.writeObject(returnObj);
113 }
114 catch (IOException ioe) {
115 _log.error(ioe, ioe);
116
117 throw ioe;
118 }
119 }
120 }
121
122 @Override
123 protected void doGet(
124 HttpServletRequest request, HttpServletResponse response)
125 throws IOException, ServletException {
126
127 PortalUtil.sendError(
128 HttpServletResponse.SC_NOT_FOUND,
129 new IllegalArgumentException("The GET method is not supported"),
130 request, response);
131 }
132
133 protected boolean isValidRequest(Class<?> clazz) {
134 String className = clazz.getName();
135
136 if (className.contains(".service.") &&
137 className.endsWith("ServiceUtil") &&
138 !className.endsWith("LocalServiceUtil")) {
139
140 return true;
141 }
142 else {
143 return false;
144 }
145 }
146
147 private static final Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
148
149 }