1
14
15 package com.liferay.portal.servlet;
16
17 import com.liferay.portal.NoSuchUserException;
18 import com.liferay.portal.PortalException;
19 import com.liferay.portal.SystemException;
20 import com.liferay.portal.kernel.log.Log;
21 import com.liferay.portal.kernel.log.LogFactoryUtil;
22 import com.liferay.portal.kernel.util.GetterUtil;
23 import com.liferay.portal.kernel.util.MethodHandler;
24 import com.liferay.portal.kernel.util.MethodInvoker;
25 import com.liferay.portal.kernel.util.MethodWrapper;
26 import com.liferay.portal.kernel.util.ObjectValuePair;
27 import com.liferay.portal.kernel.util.Validator;
28 import com.liferay.portal.model.User;
29 import com.liferay.portal.security.auth.HttpPrincipal;
30 import com.liferay.portal.security.auth.PrincipalThreadLocal;
31 import com.liferay.portal.security.permission.PermissionChecker;
32 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
33 import com.liferay.portal.security.permission.PermissionThreadLocal;
34 import com.liferay.portal.service.UserLocalServiceUtil;
35 import com.liferay.portal.util.PortalInstances;
36
37 import java.io.IOException;
38 import java.io.ObjectInputStream;
39 import java.io.ObjectOutputStream;
40
41 import java.lang.reflect.InvocationTargetException;
42
43 import javax.servlet.http.HttpServlet;
44 import javax.servlet.http.HttpServletRequest;
45 import javax.servlet.http.HttpServletResponse;
46
47
53 @SuppressWarnings("deprecation")
54 public class TunnelServlet extends HttpServlet {
55
56 public void doPost(HttpServletRequest request, HttpServletResponse response)
57 throws IOException {
58
59 ObjectInputStream ois = new ObjectInputStream(
60 request.getInputStream());
61
62 Object returnObj = null;
63
64 try {
65 ObjectValuePair<HttpPrincipal, Object> ovp =
66 (ObjectValuePair<HttpPrincipal, Object>)ois.readObject();
67
68 HttpPrincipal httpPrincipal = ovp.getKey();
69 Object ovpValue = ovp.getValue();
70
71 MethodHandler methodHandler = null;
72 MethodWrapper methodWrapper = null;
73
74 if (ovpValue instanceof MethodHandler) {
75 methodHandler = (MethodHandler)ovpValue;
76 }
77 else {
78 methodWrapper = (MethodWrapper)ovpValue;
79 }
80
81 if (methodHandler != null) {
82 if (!isValidRequest(methodHandler.getClassName())) {
83 return;
84 }
85 }
86 else {
87 if (!isValidRequest(methodWrapper.getClassName())) {
88 return;
89 }
90 }
91
92 long companyId = PortalInstances.getCompanyId(request);
93
94 if (Validator.isNotNull(httpPrincipal.getLogin())) {
95 User user = null;
96
97 try {
98 user = UserLocalServiceUtil.getUserByEmailAddress(
99 companyId, httpPrincipal.getLogin());
100 }
101 catch (NoSuchUserException nsue) {
102 }
103
104 if (user == null) {
105 try {
106 user = UserLocalServiceUtil.getUserByScreenName(
107 companyId, httpPrincipal.getLogin());
108 }
109 catch (NoSuchUserException nsue) {
110 }
111 }
112
113 if (user == null) {
114 try {
115 user = UserLocalServiceUtil.getUserById(
116 GetterUtil.getLong(httpPrincipal.getLogin()));
117 }
118 catch (NoSuchUserException nsue) {
119 }
120 }
121
122 if (user != null) {
123 PrincipalThreadLocal.setName(user.getUserId());
124
125 PermissionChecker permissionChecker =
126 PermissionCheckerFactoryUtil.create(user, true);
127
128 PermissionThreadLocal.setPermissionChecker(
129 permissionChecker);
130 }
131 }
132
133 if (returnObj == null) {
134 if (methodHandler != null) {
135 returnObj = methodHandler.invoke(true);
136 }
137 else {
138 returnObj = MethodInvoker.invoke(methodWrapper);
139 }
140 }
141 }
142 catch (InvocationTargetException ite) {
143 returnObj = ite.getCause();
144
145 if (!(returnObj instanceof PortalException)) {
146 ite.printStackTrace();
147
148 returnObj = new SystemException();
149 }
150 }
151 catch (Exception e) {
152 _log.error(e, e);
153 }
154
155 if (returnObj != null) {
156 ObjectOutputStream oos = new ObjectOutputStream(
157 response.getOutputStream());
158
159 oos.writeObject(returnObj);
160
161 oos.flush();
162 oos.close();
163 }
164 }
165
166 protected boolean isValidRequest(String className) {
167 if (className.contains(".service.") &&
168 className.endsWith("ServiceUtil") &&
169 !className.endsWith("LocalServiceUtil")) {
170
171 return true;
172 }
173 else {
174 return false;
175 }
176 }
177
178 private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
179
180 }