1
22
23 package com.liferay.portal.servlet.filters.servletauthorizing;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
28 import com.liferay.portal.kernel.util.GetterUtil;
29 import com.liferay.portal.model.User;
30 import com.liferay.portal.security.auth.CompanyThreadLocal;
31 import com.liferay.portal.security.auth.PrincipalThreadLocal;
32 import com.liferay.portal.security.permission.PermissionChecker;
33 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
34 import com.liferay.portal.security.permission.PermissionThreadLocal;
35 import com.liferay.portal.service.UserLocalServiceUtil;
36 import com.liferay.portal.servlet.filters.BasePortalFilter;
37 import com.liferay.portal.util.PortalInstances;
38 import com.liferay.portal.util.PortalUtil;
39 import com.liferay.portal.util.PropsValues;
40 import com.liferay.portal.util.WebKeys;
41
42 import java.io.IOException;
43
44 import javax.servlet.FilterChain;
45 import javax.servlet.ServletException;
46 import javax.servlet.http.HttpServletRequest;
47 import javax.servlet.http.HttpServletResponse;
48 import javax.servlet.http.HttpSession;
49
50 import org.apache.struts.Globals;
51
52
58 public class ServletAuthorizingFilter extends BasePortalFilter {
59
60 protected void processFilter(
61 HttpServletRequest request, HttpServletResponse response,
62 FilterChain filterChain)
63 throws IOException, ServletException {
64
65 HttpSession session = request.getSession();
66
67
69 long companyId = PortalInstances.getCompanyId(request);
70
71
74 request.setAttribute(WebKeys.COMPANY_ID, new Long(companyId));
75
76
78 long userId = PortalUtil.getUserId(request);
79 String remoteUser = request.getRemoteUser();
80
81 if (!PropsValues.PORTAL_JAAS_ENABLE) {
82 String jRemoteUser = (String)session.getAttribute("j_remoteuser");
83
84 if (jRemoteUser != null) {
85 remoteUser = jRemoteUser;
86
87 session.removeAttribute("j_remoteuser");
88 }
89 }
90
91 if ((userId > 0) && (remoteUser == null)) {
92 remoteUser = String.valueOf(userId);
93 }
94
95
101 request = new ProtectedServletRequest(request, remoteUser);
102
103 if ((userId > 0) || (remoteUser != null)) {
104
105
107 String name = String.valueOf(userId);
108
109 if (remoteUser != null) {
110 name = remoteUser;
111 }
112
113 PrincipalThreadLocal.setName(name);
114
115
117 userId = GetterUtil.getLong(name);
118
119 try {
120
121
123 User user = UserLocalServiceUtil.getUserById(userId);
124
125
127 PermissionChecker permissionChecker =
128 PermissionCheckerFactoryUtil.create(user, true);
129
130 PermissionThreadLocal.setPermissionChecker(permissionChecker);
131
132
134 session.setAttribute(WebKeys.USER_ID, new Long(userId));
135
136
138 session.setAttribute(Globals.LOCALE_KEY, user.getLocale());
139 }
140 catch (Exception e) {
141 _log.error(e, e);
142 }
143 }
144
145 try {
146 processFilter(
147 ServletAuthorizingFilter.class, request, response, filterChain);
148 }
149 finally {
150
151
153 CompanyThreadLocal.setCompanyId(0);
154
155
157 PrincipalThreadLocal.setName(null);
158 }
159 }
160
161 private static Log _log =
162 LogFactoryUtil.getLog(ServletAuthorizingFilter.class);
163
164 }