001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.servlet;
016    
017    import com.liferay.portal.NoSuchUserException;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.exception.SystemException;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.util.GetterUtil;
023    import com.liferay.portal.kernel.util.MethodHandler;
024    import com.liferay.portal.kernel.util.MethodInvoker;
025    import com.liferay.portal.kernel.util.MethodWrapper;
026    import com.liferay.portal.kernel.util.ObjectValuePair;
027    import com.liferay.portal.kernel.util.Validator;
028    import com.liferay.portal.model.User;
029    import com.liferay.portal.security.auth.HttpPrincipal;
030    import com.liferay.portal.security.auth.PrincipalThreadLocal;
031    import com.liferay.portal.security.permission.PermissionChecker;
032    import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
033    import com.liferay.portal.security.permission.PermissionThreadLocal;
034    import com.liferay.portal.service.UserLocalServiceUtil;
035    import com.liferay.portal.util.PortalInstances;
036    
037    import java.io.IOException;
038    import java.io.ObjectInputStream;
039    import java.io.ObjectOutputStream;
040    
041    import java.lang.reflect.InvocationTargetException;
042    
043    import javax.servlet.http.HttpServlet;
044    import javax.servlet.http.HttpServletRequest;
045    import javax.servlet.http.HttpServletResponse;
046    
047    /**
048     * @author Michael Weisser
049     * @author Brian Wing Shun Chan
050     */
051    @SuppressWarnings("deprecation")
052    public class TunnelServlet extends HttpServlet {
053    
054            public void doPost(HttpServletRequest request, HttpServletResponse response)
055                    throws IOException {
056    
057                    ObjectInputStream ois = new ObjectInputStream(
058                            request.getInputStream());
059    
060                    Object returnObj = null;
061    
062                    try {
063                            ObjectValuePair<HttpPrincipal, Object> ovp =
064                                    (ObjectValuePair<HttpPrincipal, Object>)ois.readObject();
065    
066                            HttpPrincipal httpPrincipal = ovp.getKey();
067                            Object ovpValue = ovp.getValue();
068    
069                            MethodHandler methodHandler = null;
070                            MethodWrapper methodWrapper = null;
071    
072                            if (ovpValue instanceof MethodHandler) {
073                                    methodHandler = (MethodHandler)ovpValue;
074                            }
075                            else {
076                                    methodWrapper = (MethodWrapper)ovpValue;
077                            }
078    
079                            if (methodHandler != null) {
080                                    if (!isValidRequest(methodHandler.getClassName())) {
081                                            return;
082                                    }
083                            }
084                            else {
085                                    if (!isValidRequest(methodWrapper.getClassName())) {
086                                            return;
087                                    }
088                            }
089    
090                            long companyId = PortalInstances.getCompanyId(request);
091    
092                            if (Validator.isNotNull(httpPrincipal.getLogin())) {
093                                    User user = null;
094    
095                                    try {
096                                            user = UserLocalServiceUtil.getUserByEmailAddress(
097                                                    companyId, httpPrincipal.getLogin());
098                                    }
099                                    catch (NoSuchUserException nsue) {
100                                    }
101    
102                                    if (user == null) {
103                                            try {
104                                                    user = UserLocalServiceUtil.getUserByScreenName(
105                                                            companyId, httpPrincipal.getLogin());
106                                            }
107                                            catch (NoSuchUserException nsue) {
108                                            }
109                                    }
110    
111                                    if (user == null) {
112                                            try {
113                                                    user = UserLocalServiceUtil.getUserById(
114                                                            GetterUtil.getLong(httpPrincipal.getLogin()));
115                                            }
116                                            catch (NoSuchUserException nsue) {
117                                            }
118                                    }
119    
120                                    if (user != null) {
121                                            PrincipalThreadLocal.setName(user.getUserId());
122    
123                                            PermissionChecker permissionChecker =
124                                                    PermissionCheckerFactoryUtil.create(user, true);
125    
126                                            PermissionThreadLocal.setPermissionChecker(
127                                                    permissionChecker);
128                                    }
129                            }
130    
131                            if (returnObj == null) {
132                                    if (methodHandler != null) {
133                                            returnObj = methodHandler.invoke(true);
134                                    }
135                                    else {
136                                            returnObj = MethodInvoker.invoke(methodWrapper);
137                                    }
138                            }
139                    }
140                    catch (InvocationTargetException ite) {
141                            returnObj = ite.getCause();
142    
143                            if (!(returnObj instanceof PortalException)) {
144                                    ite.printStackTrace();
145    
146                                    returnObj = new SystemException();
147                            }
148                    }
149                    catch (Exception e) {
150                            _log.error(e, e);
151                    }
152    
153                    if (returnObj != null) {
154                            ObjectOutputStream oos = new ObjectOutputStream(
155                                    response.getOutputStream());
156    
157                            oos.writeObject(returnObj);
158    
159                            oos.flush();
160                            oos.close();
161                    }
162            }
163    
164            protected boolean isValidRequest(String className) {
165                    if (className.contains(".service.") &&
166                            className.endsWith("ServiceUtil") &&
167                            !className.endsWith("LocalServiceUtil")) {
168    
169                            return true;
170                    }
171                    else {
172                            return false;
173                    }
174            }
175    
176            private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
177    
178    }