1   /**
2    * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.servlet;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.kernel.util.MethodInvoker;
28  import com.liferay.portal.kernel.util.MethodWrapper;
29  import com.liferay.portal.kernel.util.ObjectValuePair;
30  import com.liferay.portal.model.User;
31  import com.liferay.portal.security.auth.CompanyThreadLocal;
32  import com.liferay.portal.security.auth.HttpPrincipal;
33  import com.liferay.portal.security.auth.PrincipalThreadLocal;
34  import com.liferay.portal.security.permission.PermissionCheckerFactory;
35  import com.liferay.portal.security.permission.PermissionCheckerImpl;
36  import com.liferay.portal.security.permission.PermissionThreadLocal;
37  import com.liferay.portal.service.UserLocalServiceUtil;
38  import com.liferay.portal.util.PortalInstances;
39  
40  import java.io.IOException;
41  import java.io.ObjectInputStream;
42  import java.io.ObjectOutputStream;
43  
44  import java.lang.reflect.InvocationTargetException;
45  
46  import javax.servlet.ServletException;
47  import javax.servlet.http.HttpServlet;
48  import javax.servlet.http.HttpServletRequest;
49  import javax.servlet.http.HttpServletResponse;
50  
51  import org.apache.commons.logging.Log;
52  import org.apache.commons.logging.LogFactory;
53  
54  /**
55   * <a href="TunnelServlet.java.html"><b><i>View Source</i></b></a>
56   *
57   * @author Michael Weisser
58   * @author Brian Wing Shun Chan
59   *
60   */
61  public class TunnelServlet extends HttpServlet {
62  
63      public void doPost(HttpServletRequest req, HttpServletResponse res)
64          throws IOException, ServletException {
65  
66          PermissionCheckerImpl permissionChecker = null;
67  
68          try {
69              ObjectInputStream ois = new ObjectInputStream(req.getInputStream());
70  
71              Object returnObj = null;
72  
73              try {
74                  ObjectValuePair<HttpPrincipal, MethodWrapper> ovp =
75                      (ObjectValuePair<HttpPrincipal, MethodWrapper>)
76                          ois.readObject();
77  
78                  HttpPrincipal httpPrincipal = ovp.getKey();
79                  MethodWrapper methodWrapper = ovp.getValue();
80  
81                  long companyId = PortalInstances.getCompanyId(req);
82  
83                  CompanyThreadLocal.setCompanyId(companyId);
84  
85                  if (httpPrincipal.getUserId() > 0) {
86                      PrincipalThreadLocal.setName(httpPrincipal.getUserId());
87  
88                      User user = UserLocalServiceUtil.getUserById(
89                          httpPrincipal.getUserId());
90  
91                      permissionChecker =
92                          PermissionCheckerFactory.create(user, true);
93  
94                      PermissionThreadLocal.setPermissionChecker(
95                          permissionChecker);
96                  }
97  
98                  if (returnObj == null) {
99                      returnObj = MethodInvoker.invoke(methodWrapper);
100                 }
101             }
102             catch (InvocationTargetException ite) {
103                 returnObj = ite.getCause();
104 
105                 if (!(returnObj instanceof PortalException)) {
106                     ite.printStackTrace();
107 
108                     returnObj = new SystemException();
109                 }
110             }
111             catch (Exception e) {
112                 _log.error(e, e);
113             }
114 
115             if (returnObj != null) {
116                 ObjectOutputStream oos =
117                     new ObjectOutputStream(res.getOutputStream());
118 
119                 oos.writeObject(returnObj);
120 
121                 oos.flush();
122                 oos.close();
123             }
124         }
125         finally {
126             try {
127                 PermissionCheckerFactory.recycle(permissionChecker);
128             }
129             catch (Exception e) {
130             }
131         }
132     }
133 
134     private static Log _log = LogFactory.getLog(TunnelServlet.class);
135 
136 }