1
22
23 package com.liferay.portal.servlet.filters.servletauthorizing;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
28 import com.liferay.portal.kernel.util.GetterUtil;
29 import com.liferay.portal.model.User;
30 import com.liferay.portal.security.auth.CompanyThreadLocal;
31 import com.liferay.portal.security.auth.PrincipalThreadLocal;
32 import com.liferay.portal.security.permission.PermissionChecker;
33 import com.liferay.portal.security.permission.PermissionCheckerFactory;
34 import com.liferay.portal.security.permission.PermissionThreadLocal;
35 import com.liferay.portal.service.UserLocalServiceUtil;
36 import com.liferay.portal.servlet.filters.BasePortalFilter;
37 import com.liferay.portal.util.PortalInstances;
38 import com.liferay.portal.util.PortalUtil;
39 import com.liferay.portal.util.PropsValues;
40 import com.liferay.portal.util.WebKeys;
41
42 import java.io.IOException;
43
44 import javax.servlet.FilterChain;
45 import javax.servlet.ServletException;
46 import javax.servlet.http.HttpServletRequest;
47 import javax.servlet.http.HttpServletResponse;
48 import javax.servlet.http.HttpSession;
49
50 import org.apache.struts.Globals;
51
52
58 public class ServletAuthorizingFilter extends BasePortalFilter {
59
60 protected void processFilter(
61 HttpServletRequest request, HttpServletResponse response,
62 FilterChain filterChain)
63 throws IOException, ServletException {
64
65 HttpSession session = request.getSession();
66
67
69 long companyId = PortalInstances.getCompanyId(request);
70
71
74 request.setAttribute(WebKeys.COMPANY_ID, new Long(companyId));
75
76
78 long userId = PortalUtil.getUserId(request);
79 String remoteUser = request.getRemoteUser();
80
81 if (!PropsValues.PORTAL_JAAS_ENABLE) {
82 String jRemoteUser = (String)session.getAttribute("j_remoteuser");
83
84 if (jRemoteUser != null) {
85 remoteUser = jRemoteUser;
86
87 session.removeAttribute("j_remoteuser");
88 }
89 }
90
91 if ((userId > 0) && (remoteUser == null)) {
92 remoteUser = String.valueOf(userId);
93 }
94
95
101 request = new ProtectedServletRequest(request, remoteUser);
102
103 PermissionChecker permissionChecker = null;
104
105 if ((userId > 0) || (remoteUser != null)) {
106
107
109 String name = String.valueOf(userId);
110
111 if (remoteUser != null) {
112 name = remoteUser;
113 }
114
115 PrincipalThreadLocal.setName(name);
116
117
119 userId = GetterUtil.getLong(name);
120
121 try {
122
123
125 User user = UserLocalServiceUtil.getUserById(userId);
126
127
129 permissionChecker = PermissionCheckerFactory.create(user, true);
130
131 PermissionThreadLocal.setPermissionChecker(permissionChecker);
132
133
135 session.setAttribute(WebKeys.USER_ID, new Long(userId));
136
137
139 session.setAttribute(Globals.LOCALE_KEY, user.getLocale());
140 }
141 catch (Exception e) {
142 _log.error(e, e);
143 }
144 }
145
146 try {
147 processFilter(
148 ServletAuthorizingFilter.class, request, response, filterChain);
149 }
150 finally {
151 try {
152
153
155 PermissionCheckerFactory.recycle(permissionChecker);
156 }
157 catch (Exception e) {
158 _log.error(e, e);
159 }
160
161
163 CompanyThreadLocal.setCompanyId(0);
164
165
167 PrincipalThreadLocal.setName(null);
168 }
169 }
170
171 private static Log _log =
172 LogFactoryUtil.getLog(ServletAuthorizingFilter.class);
173
174 }