1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.servlet;
16  
17  import com.liferay.portal.NoSuchUserException;
18  import com.liferay.portal.kernel.exception.PortalException;
19  import com.liferay.portal.kernel.exception.SystemException;
20  import com.liferay.portal.kernel.log.Log;
21  import com.liferay.portal.kernel.log.LogFactoryUtil;
22  import com.liferay.portal.kernel.util.GetterUtil;
23  import com.liferay.portal.kernel.util.MethodInvoker;
24  import com.liferay.portal.kernel.util.MethodWrapper;
25  import com.liferay.portal.kernel.util.ObjectValuePair;
26  import com.liferay.portal.kernel.util.Validator;
27  import com.liferay.portal.model.User;
28  import com.liferay.portal.security.auth.HttpPrincipal;
29  import com.liferay.portal.security.auth.PrincipalThreadLocal;
30  import com.liferay.portal.security.permission.PermissionChecker;
31  import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
32  import com.liferay.portal.security.permission.PermissionThreadLocal;
33  import com.liferay.portal.service.UserLocalServiceUtil;
34  import com.liferay.portal.util.PortalInstances;
35  
36  import java.io.IOException;
37  import java.io.ObjectInputStream;
38  import java.io.ObjectOutputStream;
39  
40  import java.lang.reflect.InvocationTargetException;
41  
42  import javax.servlet.http.HttpServlet;
43  import javax.servlet.http.HttpServletRequest;
44  import javax.servlet.http.HttpServletResponse;
45  
46  /**
47   * <a href="TunnelServlet.java.html"><b><i>View Source</i></b></a>
48   *
49   * @author Michael Weisser
50   * @author Brian Wing Shun Chan
51   */
52  public class TunnelServlet extends HttpServlet {
53  
54      public void doPost(HttpServletRequest request, HttpServletResponse response)
55          throws IOException {
56  
57          ObjectInputStream ois = new ObjectInputStream(
58              request.getInputStream());
59  
60          Object returnObj = null;
61  
62          try {
63              ObjectValuePair<HttpPrincipal, MethodWrapper> ovp =
64                  (ObjectValuePair<HttpPrincipal, MethodWrapper>)
65                      ois.readObject();
66  
67              HttpPrincipal httpPrincipal = ovp.getKey();
68              MethodWrapper methodWrapper = ovp.getValue();
69  
70              if (!isValidRequest(methodWrapper)) {
71                  return;
72              }
73  
74              long companyId = PortalInstances.getCompanyId(request);
75  
76              if (Validator.isNotNull(httpPrincipal.getLogin())) {
77                  User user = null;
78  
79                  try {
80                      user = UserLocalServiceUtil.getUserByEmailAddress(
81                          companyId, httpPrincipal.getLogin());
82                  }
83                  catch (NoSuchUserException nsue) {
84                  }
85  
86                  if (user == null) {
87                      try {
88                          user = UserLocalServiceUtil.getUserByScreenName(
89                              companyId, httpPrincipal.getLogin());
90                      }
91                      catch (NoSuchUserException nsue) {
92                      }
93                  }
94  
95                  if (user == null) {
96                      try {
97                          user = UserLocalServiceUtil.getUserById(
98                              GetterUtil.getLong(httpPrincipal.getLogin()));
99                      }
100                     catch (NoSuchUserException nsue) {
101                     }
102                 }
103 
104                 if (user != null) {
105                     PrincipalThreadLocal.setName(user.getUserId());
106 
107                     PermissionChecker permissionChecker =
108                         PermissionCheckerFactoryUtil.create(user, true);
109 
110                     PermissionThreadLocal.setPermissionChecker(
111                         permissionChecker);
112                 }
113             }
114 
115             if (returnObj == null) {
116                 returnObj = MethodInvoker.invoke(methodWrapper);
117             }
118         }
119         catch (InvocationTargetException ite) {
120             returnObj = ite.getCause();
121 
122             if (!(returnObj instanceof PortalException)) {
123                 ite.printStackTrace();
124 
125                 returnObj = new SystemException();
126             }
127         }
128         catch (Exception e) {
129             _log.error(e, e);
130         }
131 
132         if (returnObj != null) {
133             ObjectOutputStream oos = new ObjectOutputStream(
134                 response.getOutputStream());
135 
136             oos.writeObject(returnObj);
137 
138             oos.flush();
139             oos.close();
140         }
141     }
142 
143     protected boolean isValidRequest(MethodWrapper methodWrapper) {
144         String className = methodWrapper.getClassName();
145 
146         if (className.contains(".service.") &&
147             className.endsWith("ServiceUtil") &&
148             !className.endsWith("LocalServiceUtil")) {
149 
150             return true;
151         }
152         else {
153             return false;
154         }
155     }
156 
157     private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
158 
159 }