001
014
015 package com.liferay.portal.servlet;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.util.GetterUtil;
023 import com.liferay.portal.kernel.util.MethodHandler;
024 import com.liferay.portal.kernel.util.MethodInvoker;
025 import com.liferay.portal.kernel.util.MethodWrapper;
026 import com.liferay.portal.kernel.util.ObjectValuePair;
027 import com.liferay.portal.kernel.util.Validator;
028 import com.liferay.portal.model.User;
029 import com.liferay.portal.security.auth.HttpPrincipal;
030 import com.liferay.portal.security.auth.PrincipalThreadLocal;
031 import com.liferay.portal.security.permission.PermissionChecker;
032 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
033 import com.liferay.portal.security.permission.PermissionThreadLocal;
034 import com.liferay.portal.service.UserLocalServiceUtil;
035 import com.liferay.portal.util.PortalInstances;
036
037 import java.io.IOException;
038 import java.io.ObjectInputStream;
039 import java.io.ObjectOutputStream;
040
041 import java.lang.reflect.InvocationTargetException;
042
043 import javax.servlet.http.HttpServlet;
044 import javax.servlet.http.HttpServletRequest;
045 import javax.servlet.http.HttpServletResponse;
046
047
051 @SuppressWarnings("deprecation")
052 public class TunnelServlet extends HttpServlet {
053
054 public void doPost(HttpServletRequest request, HttpServletResponse response)
055 throws IOException {
056
057 ObjectInputStream ois = new ObjectInputStream(
058 request.getInputStream());
059
060 Object returnObj = null;
061
062 try {
063 ObjectValuePair<HttpPrincipal, Object> ovp =
064 (ObjectValuePair<HttpPrincipal, Object>)ois.readObject();
065
066 HttpPrincipal httpPrincipal = ovp.getKey();
067 Object ovpValue = ovp.getValue();
068
069 MethodHandler methodHandler = null;
070 MethodWrapper methodWrapper = null;
071
072 if (ovpValue instanceof MethodHandler) {
073 methodHandler = (MethodHandler)ovpValue;
074 }
075 else {
076 methodWrapper = (MethodWrapper)ovpValue;
077 }
078
079 if (methodHandler != null) {
080 if (!isValidRequest(methodHandler.getClassName())) {
081 return;
082 }
083 }
084 else {
085 if (!isValidRequest(methodWrapper.getClassName())) {
086 return;
087 }
088 }
089
090 long companyId = PortalInstances.getCompanyId(request);
091
092 if (Validator.isNotNull(httpPrincipal.getLogin())) {
093 User user = null;
094
095 try {
096 user = UserLocalServiceUtil.getUserByEmailAddress(
097 companyId, httpPrincipal.getLogin());
098 }
099 catch (NoSuchUserException nsue) {
100 }
101
102 if (user == null) {
103 try {
104 user = UserLocalServiceUtil.getUserByScreenName(
105 companyId, httpPrincipal.getLogin());
106 }
107 catch (NoSuchUserException nsue) {
108 }
109 }
110
111 if (user == null) {
112 try {
113 user = UserLocalServiceUtil.getUserById(
114 GetterUtil.getLong(httpPrincipal.getLogin()));
115 }
116 catch (NoSuchUserException nsue) {
117 }
118 }
119
120 if (user != null) {
121 PrincipalThreadLocal.setName(user.getUserId());
122
123 PermissionChecker permissionChecker =
124 PermissionCheckerFactoryUtil.create(user, true);
125
126 PermissionThreadLocal.setPermissionChecker(
127 permissionChecker);
128 }
129 }
130
131 if (returnObj == null) {
132 if (methodHandler != null) {
133 returnObj = methodHandler.invoke(true);
134 }
135 else {
136 returnObj = MethodInvoker.invoke(methodWrapper);
137 }
138 }
139 }
140 catch (InvocationTargetException ite) {
141 returnObj = ite.getCause();
142
143 if (!(returnObj instanceof PortalException)) {
144 ite.printStackTrace();
145
146 returnObj = new SystemException();
147 }
148 }
149 catch (Exception e) {
150 _log.error(e, e);
151 }
152
153 if (returnObj != null) {
154 ObjectOutputStream oos = new ObjectOutputStream(
155 response.getOutputStream());
156
157 oos.writeObject(returnObj);
158
159 oos.flush();
160 oos.close();
161 }
162 }
163
164 protected boolean isValidRequest(String className) {
165 if (className.contains(".service.") &&
166 className.endsWith("ServiceUtil") &&
167 !className.endsWith("LocalServiceUtil")) {
168
169 return true;
170 }
171 else {
172 return false;
173 }
174 }
175
176 private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
177
178 }