001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.access.control;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.security.access.control.AccessControl;
019    import com.liferay.portal.kernel.security.access.control.AccessControlThreadLocal;
020    import com.liferay.portal.kernel.security.access.control.AccessControlUtil;
021    import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierResult;
022    import com.liferay.portal.kernel.security.pacl.DoPrivileged;
023    import com.liferay.portal.model.User;
024    import com.liferay.portal.security.auth.AccessControlContext;
025    import com.liferay.portal.security.auth.AuthException;
026    import com.liferay.portal.security.auth.AuthVerifierPipeline;
027    import com.liferay.portal.security.auth.CompanyThreadLocal;
028    import com.liferay.portal.security.auth.PrincipalThreadLocal;
029    import com.liferay.portal.security.permission.PermissionChecker;
030    import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
031    import com.liferay.portal.security.permission.PermissionThreadLocal;
032    import com.liferay.portal.service.UserLocalServiceUtil;
033    
034    import java.util.Map;
035    
036    import javax.servlet.http.HttpServletRequest;
037    import javax.servlet.http.HttpServletResponse;
038    
039    /**
040     * @author Raymond Aug??
041     */
042    @DoPrivileged
043    public class AccessControlImpl implements AccessControl {
044    
045            @Override
046            public void initAccessControlContext(
047                    HttpServletRequest request, HttpServletResponse response,
048                    Map<String, Object> settings) {
049    
050                    AccessControlContext accessControlContext =
051                            AccessControlUtil.getAccessControlContext();
052    
053                    if (accessControlContext != null) {
054                            throw new IllegalStateException(
055                                    "Authentication context is already initialized");
056                    }
057    
058                    accessControlContext = new AccessControlContext();
059    
060                    accessControlContext.setRequest(request);
061                    accessControlContext.setResponse(response);
062    
063                    Map<String, Object> accessControlContextSettings =
064                            accessControlContext.getSettings();
065    
066                    accessControlContextSettings.putAll(settings);
067    
068                    AccessControlUtil.setAccessControlContext(accessControlContext);
069            }
070    
071            @Override
072            public void initContextUser(long userId) throws AuthException {
073                    try {
074                            User user = UserLocalServiceUtil.getUser(userId);
075    
076                            CompanyThreadLocal.setCompanyId(user.getCompanyId());
077    
078                            PrincipalThreadLocal.setName(userId);
079    
080                            PermissionChecker permissionChecker =
081                                    PermissionCheckerFactoryUtil.create(user);
082    
083                            PermissionThreadLocal.setPermissionChecker(permissionChecker);
084    
085                            AccessControlThreadLocal.setRemoteAccess(false);
086                    }
087                    catch (Exception e) {
088                            throw new AuthException(e.getMessage(), e);
089                    }
090            }
091    
092            @Override
093            public AuthVerifierResult.State verifyRequest() throws PortalException {
094                    AccessControlContext accessControlContext =
095                            AccessControlUtil.getAccessControlContext();
096    
097                    AuthVerifierResult authVerifierResult =
098                            AuthVerifierPipeline.verifyRequest(accessControlContext);
099    
100                    Map<String, Object> authVerifierResultSettings =
101                            authVerifierResult.getSettings();
102    
103                    if (authVerifierResultSettings != null) {
104                            Map<String, Object> settings = accessControlContext.getSettings();
105    
106                            settings.putAll(authVerifierResultSettings);
107                    }
108    
109                    accessControlContext.setAuthVerifierResult(authVerifierResult);
110    
111                    return authVerifierResult.getState();
112            }
113    
114    }