1
22
23 package com.liferay.portal.servlet;
24
25 import com.liferay.portal.PortalException;
26 import com.liferay.portal.SystemException;
27 import com.liferay.portal.kernel.util.MethodInvoker;
28 import com.liferay.portal.kernel.util.MethodWrapper;
29 import com.liferay.portal.kernel.util.ObjectValuePair;
30 import com.liferay.portal.model.User;
31 import com.liferay.portal.security.auth.CompanyThreadLocal;
32 import com.liferay.portal.security.auth.HttpPrincipal;
33 import com.liferay.portal.security.auth.PrincipalThreadLocal;
34 import com.liferay.portal.security.permission.PermissionCheckerFactory;
35 import com.liferay.portal.security.permission.PermissionCheckerImpl;
36 import com.liferay.portal.security.permission.PermissionThreadLocal;
37 import com.liferay.portal.service.UserLocalServiceUtil;
38 import com.liferay.portal.util.PortalInstances;
39
40 import java.io.IOException;
41 import java.io.ObjectInputStream;
42 import java.io.ObjectOutputStream;
43
44 import java.lang.reflect.InvocationTargetException;
45
46 import javax.servlet.ServletException;
47 import javax.servlet.http.HttpServlet;
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50
51 import org.apache.commons.logging.Log;
52 import org.apache.commons.logging.LogFactory;
53
54
61 public class TunnelServlet extends HttpServlet {
62
63 public void doPost(HttpServletRequest req, HttpServletResponse res)
64 throws IOException, ServletException {
65
66 PermissionCheckerImpl permissionChecker = null;
67
68 try {
69 ObjectInputStream ois = new ObjectInputStream(req.getInputStream());
70
71 Object returnObj = null;
72
73 try {
74 ObjectValuePair<HttpPrincipal, MethodWrapper> ovp =
75 (ObjectValuePair<HttpPrincipal, MethodWrapper>)
76 ois.readObject();
77
78 HttpPrincipal httpPrincipal = ovp.getKey();
79 MethodWrapper methodWrapper = ovp.getValue();
80
81 long companyId = PortalInstances.getCompanyId(req);
82
83 CompanyThreadLocal.setCompanyId(companyId);
84
85 if (httpPrincipal.getUserId() > 0) {
86 PrincipalThreadLocal.setName(httpPrincipal.getUserId());
87
88 User user = UserLocalServiceUtil.getUserById(
89 httpPrincipal.getUserId());
90
91 permissionChecker =
92 PermissionCheckerFactory.create(user, true);
93
94 PermissionThreadLocal.setPermissionChecker(
95 permissionChecker);
96 }
97
98 if (returnObj == null) {
99 returnObj = MethodInvoker.invoke(methodWrapper);
100 }
101 }
102 catch (InvocationTargetException ite) {
103 returnObj = ite.getCause();
104
105 if (!(returnObj instanceof PortalException)) {
106 ite.printStackTrace();
107
108 returnObj = new SystemException();
109 }
110 }
111 catch (Exception e) {
112 _log.error(e, e);
113 }
114
115 if (returnObj != null) {
116 ObjectOutputStream oos =
117 new ObjectOutputStream(res.getOutputStream());
118
119 oos.writeObject(returnObj);
120
121 oos.flush();
122 oos.close();
123 }
124 }
125 finally {
126 try {
127 PermissionCheckerFactory.recycle(permissionChecker);
128 }
129 catch (Exception e) {
130 }
131 }
132 }
133
134 private static Log _log = LogFactory.getLog(TunnelServlet.class);
135
136 }