1
22
23 package com.liferay.portal.servlet.filters.servletauthorizing;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.servlet.BaseFilter;
28 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
29 import com.liferay.portal.kernel.util.GetterUtil;
30 import com.liferay.portal.model.User;
31 import com.liferay.portal.security.auth.CompanyThreadLocal;
32 import com.liferay.portal.security.auth.PrincipalThreadLocal;
33 import com.liferay.portal.security.permission.PermissionCheckerFactory;
34 import com.liferay.portal.security.permission.PermissionCheckerImpl;
35 import com.liferay.portal.security.permission.PermissionThreadLocal;
36 import com.liferay.portal.service.UserLocalServiceUtil;
37 import com.liferay.portal.util.PortalInstances;
38 import com.liferay.portal.util.PortalUtil;
39 import com.liferay.portal.util.PropsValues;
40 import com.liferay.portal.util.WebKeys;
41
42 import java.io.IOException;
43
44 import javax.servlet.FilterChain;
45 import javax.servlet.ServletException;
46 import javax.servlet.ServletRequest;
47 import javax.servlet.ServletResponse;
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpSession;
50
51 import org.apache.struts.Globals;
52
53
59 public class ServletAuthorizingFilter extends BaseFilter {
60
61 public void doFilter(
62 ServletRequest req, ServletResponse res, FilterChain chain)
63 throws IOException, ServletException {
64
65 HttpServletRequest httpReq = (HttpServletRequest)req;
66
67 HttpSession ses = httpReq.getSession();
68
69
71 long companyId = PortalInstances.getCompanyId(httpReq);
72
73
76 httpReq.setAttribute(WebKeys.COMPANY_ID, new Long(companyId));
77
78
80 long userId = PortalUtil.getUserId(httpReq);
81 String remoteUser = httpReq.getRemoteUser();
82
83 if (!PropsValues.PORTAL_JAAS_ENABLE) {
84 String jRemoteUser = (String)ses.getAttribute("j_remoteuser");
85
86 if (jRemoteUser != null) {
87 remoteUser = jRemoteUser;
88
89 ses.removeAttribute("j_remoteuser");
90 }
91 }
92
93 if ((userId > 0) && (remoteUser == null)) {
94 remoteUser = String.valueOf(userId);
95 }
96
97
103 req = new ProtectedServletRequest(httpReq, remoteUser);
104
105 PermissionCheckerImpl permissionChecker = null;
106
107 if ((userId > 0) || (remoteUser != null)) {
108
109
111 String name = String.valueOf(userId);
112
113 if (remoteUser != null) {
114 name = remoteUser;
115 }
116
117 PrincipalThreadLocal.setName(name);
118
119
121 userId = GetterUtil.getLong(name);
122
123 try {
124
125
127 User user = UserLocalServiceUtil.getUserById(userId);
128
129
131 permissionChecker = PermissionCheckerFactory.create(user, true);
132
133 PermissionThreadLocal.setPermissionChecker(permissionChecker);
134
135
137 ses.setAttribute(WebKeys.USER_ID, new Long(userId));
138
139
141 ses.setAttribute(Globals.LOCALE_KEY, user.getLocale());
142 }
143 catch (Exception e) {
144 _log.error(e, e);
145 }
146 }
147
148 try {
149 doFilter(ServletAuthorizingFilter.class, req, res, chain);
150 }
151 finally {
152 try {
153
154
156 PermissionCheckerFactory.recycle(permissionChecker);
157 }
158 catch (Exception e) {
159 _log.error(e, e);
160 }
161
162
164 CompanyThreadLocal.setCompanyId(0);
165
166
168 PrincipalThreadLocal.setName(null);
169 }
170 }
171
172 private static final Log _log =
173 LogFactoryUtil.getLog(ServletAuthorizingFilter.class);
174
175 }