1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.servlet;
16  
17  import com.liferay.portal.NoSuchUserException;
18  import com.liferay.portal.PortalException;
19  import com.liferay.portal.SystemException;
20  import com.liferay.portal.kernel.log.Log;
21  import com.liferay.portal.kernel.log.LogFactoryUtil;
22  import com.liferay.portal.kernel.util.GetterUtil;
23  import com.liferay.portal.kernel.util.MethodHandler;
24  import com.liferay.portal.kernel.util.MethodInvoker;
25  import com.liferay.portal.kernel.util.MethodWrapper;
26  import com.liferay.portal.kernel.util.ObjectValuePair;
27  import com.liferay.portal.kernel.util.Validator;
28  import com.liferay.portal.model.User;
29  import com.liferay.portal.security.auth.HttpPrincipal;
30  import com.liferay.portal.security.auth.PrincipalThreadLocal;
31  import com.liferay.portal.security.permission.PermissionChecker;
32  import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
33  import com.liferay.portal.security.permission.PermissionThreadLocal;
34  import com.liferay.portal.service.UserLocalServiceUtil;
35  import com.liferay.portal.util.PortalInstances;
36  
37  import java.io.IOException;
38  import java.io.ObjectInputStream;
39  import java.io.ObjectOutputStream;
40  
41  import java.lang.reflect.InvocationTargetException;
42  
43  import javax.servlet.http.HttpServlet;
44  import javax.servlet.http.HttpServletRequest;
45  import javax.servlet.http.HttpServletResponse;
46  
47  /**
48   * <a href="TunnelServlet.java.html"><b><i>View Source</i></b></a>
49   *
50   * @author Michael Weisser
51   * @author Brian Wing Shun Chan
52   */
53  @SuppressWarnings("deprecation")
54  public class TunnelServlet extends HttpServlet {
55  
56      public void doPost(HttpServletRequest request, HttpServletResponse response)
57          throws IOException {
58  
59          ObjectInputStream ois = new ObjectInputStream(
60              request.getInputStream());
61  
62          Object returnObj = null;
63  
64          try {
65              ObjectValuePair<HttpPrincipal, Object> ovp =
66                  (ObjectValuePair<HttpPrincipal, Object>)ois.readObject();
67  
68              HttpPrincipal httpPrincipal = ovp.getKey();
69              Object ovpValue = ovp.getValue();
70  
71              MethodHandler methodHandler = null;
72              MethodWrapper methodWrapper = null;
73  
74              if (ovpValue instanceof MethodHandler) {
75                  methodHandler = (MethodHandler)ovpValue;
76              }
77              else {
78                  methodWrapper = (MethodWrapper)ovpValue;
79              }
80  
81              if (methodHandler != null) {
82                  if (!isValidRequest(methodHandler.getClassName())) {
83                      return;
84                  }
85              }
86              else {
87                  if (!isValidRequest(methodWrapper.getClassName())) {
88                      return;
89                  }
90              }
91  
92              long companyId = PortalInstances.getCompanyId(request);
93  
94              if (Validator.isNotNull(httpPrincipal.getLogin())) {
95                  User user = null;
96  
97                  try {
98                      user = UserLocalServiceUtil.getUserByEmailAddress(
99                          companyId, httpPrincipal.getLogin());
100                 }
101                 catch (NoSuchUserException nsue) {
102                 }
103 
104                 if (user == null) {
105                     try {
106                         user = UserLocalServiceUtil.getUserByScreenName(
107                             companyId, httpPrincipal.getLogin());
108                     }
109                     catch (NoSuchUserException nsue) {
110                     }
111                 }
112 
113                 if (user == null) {
114                     try {
115                         user = UserLocalServiceUtil.getUserById(
116                             GetterUtil.getLong(httpPrincipal.getLogin()));
117                     }
118                     catch (NoSuchUserException nsue) {
119                     }
120                 }
121 
122                 if (user != null) {
123                     PrincipalThreadLocal.setName(user.getUserId());
124 
125                     PermissionChecker permissionChecker =
126                         PermissionCheckerFactoryUtil.create(user, true);
127 
128                     PermissionThreadLocal.setPermissionChecker(
129                         permissionChecker);
130                 }
131             }
132 
133             if (returnObj == null) {
134                 if (methodHandler != null) {
135                     returnObj = methodHandler.invoke(true);
136                 }
137                 else {
138                     returnObj = MethodInvoker.invoke(methodWrapper);
139                 }
140             }
141         }
142         catch (InvocationTargetException ite) {
143             returnObj = ite.getCause();
144 
145             if (!(returnObj instanceof PortalException)) {
146                 ite.printStackTrace();
147 
148                 returnObj = new SystemException();
149             }
150         }
151         catch (Exception e) {
152             _log.error(e, e);
153         }
154 
155         if (returnObj != null) {
156             ObjectOutputStream oos = new ObjectOutputStream(
157                 response.getOutputStream());
158 
159             oos.writeObject(returnObj);
160 
161             oos.flush();
162             oos.close();
163         }
164     }
165 
166     protected boolean isValidRequest(String className) {
167         if (className.contains(".service.") &&
168             className.endsWith("ServiceUtil") &&
169             !className.endsWith("LocalServiceUtil")) {
170 
171             return true;
172         }
173         else {
174             return false;
175         }
176     }
177 
178     private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
179 
180 }