1
22
23 package com.liferay.portal.servlet;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.PortalException;
27 import com.liferay.portal.SystemException;
28 import com.liferay.portal.kernel.log.Log;
29 import com.liferay.portal.kernel.log.LogFactoryUtil;
30 import com.liferay.portal.kernel.util.GetterUtil;
31 import com.liferay.portal.kernel.util.MethodInvoker;
32 import com.liferay.portal.kernel.util.MethodWrapper;
33 import com.liferay.portal.kernel.util.ObjectValuePair;
34 import com.liferay.portal.kernel.util.Validator;
35 import com.liferay.portal.model.User;
36 import com.liferay.portal.security.auth.CompanyThreadLocal;
37 import com.liferay.portal.security.auth.HttpPrincipal;
38 import com.liferay.portal.security.auth.PrincipalThreadLocal;
39 import com.liferay.portal.security.permission.PermissionChecker;
40 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
41 import com.liferay.portal.security.permission.PermissionThreadLocal;
42 import com.liferay.portal.service.UserLocalServiceUtil;
43 import com.liferay.portal.util.PortalInstances;
44
45 import java.io.IOException;
46 import java.io.ObjectInputStream;
47 import java.io.ObjectOutputStream;
48
49 import java.lang.reflect.InvocationTargetException;
50
51 import javax.servlet.http.HttpServlet;
52 import javax.servlet.http.HttpServletRequest;
53 import javax.servlet.http.HttpServletResponse;
54
55
62 public class TunnelServlet extends HttpServlet {
63
64 public void doPost(HttpServletRequest request, HttpServletResponse response)
65 throws IOException {
66
67 ObjectInputStream ois = new ObjectInputStream(
68 request.getInputStream());
69
70 Object returnObj = null;
71
72 try {
73 ObjectValuePair<HttpPrincipal, MethodWrapper> ovp =
74 (ObjectValuePair<HttpPrincipal, MethodWrapper>)
75 ois.readObject();
76
77 HttpPrincipal httpPrincipal = ovp.getKey();
78 MethodWrapper methodWrapper = ovp.getValue();
79
80 if (!isValidRequest(methodWrapper)) {
81 return;
82 }
83
84 long companyId = PortalInstances.getCompanyId(request);
85
86 CompanyThreadLocal.setCompanyId(companyId);
87
88 if (Validator.isNotNull(httpPrincipal.getLogin())) {
89 User user = null;
90
91 try {
92 user = UserLocalServiceUtil.getUserByEmailAddress(
93 companyId, httpPrincipal.getLogin());
94 }
95 catch (NoSuchUserException nsue) {
96 }
97
98 if (user == null) {
99 try {
100 user = UserLocalServiceUtil.getUserByScreenName(
101 companyId, httpPrincipal.getLogin());
102 }
103 catch (NoSuchUserException nsue) {
104 }
105 }
106
107 if (user == null) {
108 try {
109 user = UserLocalServiceUtil.getUserById(
110 GetterUtil.getLong(httpPrincipal.getLogin()));
111 }
112 catch (NoSuchUserException nsue) {
113 }
114 }
115
116 if (user != null) {
117 PrincipalThreadLocal.setName(user.getUserId());
118
119 PermissionChecker permissionChecker =
120 PermissionCheckerFactoryUtil.create(user, true);
121
122 PermissionThreadLocal.setPermissionChecker(
123 permissionChecker);
124 }
125 }
126
127 if (returnObj == null) {
128 returnObj = MethodInvoker.invoke(methodWrapper);
129 }
130 }
131 catch (InvocationTargetException ite) {
132 returnObj = ite.getCause();
133
134 if (!(returnObj instanceof PortalException)) {
135 ite.printStackTrace();
136
137 returnObj = new SystemException();
138 }
139 }
140 catch (Exception e) {
141 _log.error(e, e);
142 }
143
144 if (returnObj != null) {
145 ObjectOutputStream oos = new ObjectOutputStream(
146 response.getOutputStream());
147
148 oos.writeObject(returnObj);
149
150 oos.flush();
151 oos.close();
152 }
153 }
154
155 protected boolean isValidRequest(MethodWrapper methodWrapper) {
156 String className = methodWrapper.getClassName();
157
158 if (className.contains(".service.") &&
159 className.endsWith("ServiceUtil") &&
160 !className.endsWith("LocalServiceUtil")) {
161
162 return true;
163 }
164 else {
165 return false;
166 }
167 }
168
169 private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
170
171 }