1
14
15 package com.liferay.portal.servlet;
16
17 import com.liferay.portal.NoSuchUserException;
18 import com.liferay.portal.kernel.exception.PortalException;
19 import com.liferay.portal.kernel.exception.SystemException;
20 import com.liferay.portal.kernel.log.Log;
21 import com.liferay.portal.kernel.log.LogFactoryUtil;
22 import com.liferay.portal.kernel.util.GetterUtil;
23 import com.liferay.portal.kernel.util.MethodInvoker;
24 import com.liferay.portal.kernel.util.MethodWrapper;
25 import com.liferay.portal.kernel.util.ObjectValuePair;
26 import com.liferay.portal.kernel.util.Validator;
27 import com.liferay.portal.model.User;
28 import com.liferay.portal.security.auth.HttpPrincipal;
29 import com.liferay.portal.security.auth.PrincipalThreadLocal;
30 import com.liferay.portal.security.permission.PermissionChecker;
31 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
32 import com.liferay.portal.security.permission.PermissionThreadLocal;
33 import com.liferay.portal.service.UserLocalServiceUtil;
34 import com.liferay.portal.util.PortalInstances;
35
36 import java.io.IOException;
37 import java.io.ObjectInputStream;
38 import java.io.ObjectOutputStream;
39
40 import java.lang.reflect.InvocationTargetException;
41
42 import javax.servlet.http.HttpServlet;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpServletResponse;
45
46
52 public class TunnelServlet extends HttpServlet {
53
54 public void doPost(HttpServletRequest request, HttpServletResponse response)
55 throws IOException {
56
57 ObjectInputStream ois = new ObjectInputStream(
58 request.getInputStream());
59
60 Object returnObj = null;
61
62 try {
63 ObjectValuePair<HttpPrincipal, MethodWrapper> ovp =
64 (ObjectValuePair<HttpPrincipal, MethodWrapper>)
65 ois.readObject();
66
67 HttpPrincipal httpPrincipal = ovp.getKey();
68 MethodWrapper methodWrapper = ovp.getValue();
69
70 if (!isValidRequest(methodWrapper)) {
71 return;
72 }
73
74 long companyId = PortalInstances.getCompanyId(request);
75
76 if (Validator.isNotNull(httpPrincipal.getLogin())) {
77 User user = null;
78
79 try {
80 user = UserLocalServiceUtil.getUserByEmailAddress(
81 companyId, httpPrincipal.getLogin());
82 }
83 catch (NoSuchUserException nsue) {
84 }
85
86 if (user == null) {
87 try {
88 user = UserLocalServiceUtil.getUserByScreenName(
89 companyId, httpPrincipal.getLogin());
90 }
91 catch (NoSuchUserException nsue) {
92 }
93 }
94
95 if (user == null) {
96 try {
97 user = UserLocalServiceUtil.getUserById(
98 GetterUtil.getLong(httpPrincipal.getLogin()));
99 }
100 catch (NoSuchUserException nsue) {
101 }
102 }
103
104 if (user != null) {
105 PrincipalThreadLocal.setName(user.getUserId());
106
107 PermissionChecker permissionChecker =
108 PermissionCheckerFactoryUtil.create(user, true);
109
110 PermissionThreadLocal.setPermissionChecker(
111 permissionChecker);
112 }
113 }
114
115 if (returnObj == null) {
116 returnObj = MethodInvoker.invoke(methodWrapper);
117 }
118 }
119 catch (InvocationTargetException ite) {
120 returnObj = ite.getCause();
121
122 if (!(returnObj instanceof PortalException)) {
123 ite.printStackTrace();
124
125 returnObj = new SystemException();
126 }
127 }
128 catch (Exception e) {
129 _log.error(e, e);
130 }
131
132 if (returnObj != null) {
133 ObjectOutputStream oos = new ObjectOutputStream(
134 response.getOutputStream());
135
136 oos.writeObject(returnObj);
137
138 oos.flush();
139 oos.close();
140 }
141 }
142
143 protected boolean isValidRequest(MethodWrapper methodWrapper) {
144 String className = methodWrapper.getClassName();
145
146 if (className.contains(".service.") &&
147 className.endsWith("ServiceUtil") &&
148 !className.endsWith("LocalServiceUtil")) {
149
150 return true;
151 }
152 else {
153 return false;
154 }
155 }
156
157 private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
158
159 }