1
14
15 package com.liferay.portal.servlet.filters.servletauthorizing;
16
17 import com.liferay.portal.kernel.log.Log;
18 import com.liferay.portal.kernel.log.LogFactoryUtil;
19 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
20 import com.liferay.portal.kernel.util.GetterUtil;
21 import com.liferay.portal.model.User;
22 import com.liferay.portal.security.auth.PrincipalThreadLocal;
23 import com.liferay.portal.security.permission.PermissionChecker;
24 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
25 import com.liferay.portal.security.permission.PermissionThreadLocal;
26 import com.liferay.portal.service.UserLocalServiceUtil;
27 import com.liferay.portal.servlet.filters.BasePortalFilter;
28 import com.liferay.portal.util.PortalInstances;
29 import com.liferay.portal.util.PortalUtil;
30 import com.liferay.portal.util.PropsValues;
31 import com.liferay.portal.util.WebKeys;
32
33 import javax.servlet.FilterChain;
34 import javax.servlet.http.HttpServletRequest;
35 import javax.servlet.http.HttpServletResponse;
36 import javax.servlet.http.HttpSession;
37
38 import org.apache.struts.Globals;
39
40
45 public class ServletAuthorizingFilter extends BasePortalFilter {
46
47 protected void processFilter(
48 HttpServletRequest request, HttpServletResponse response,
49 FilterChain filterChain)
50 throws Exception {
51
52 HttpSession session = request.getSession();
53
54
56 PortalInstances.getCompanyId(request);
57
58
60 long userId = PortalUtil.getUserId(request);
61 String remoteUser = request.getRemoteUser();
62
63 if (!PropsValues.PORTAL_JAAS_ENABLE) {
64 String jRemoteUser = (String)session.getAttribute("j_remoteuser");
65
66 if (jRemoteUser != null) {
67 remoteUser = jRemoteUser;
68
69 session.removeAttribute("j_remoteuser");
70 }
71 }
72
73 if ((userId > 0) && (remoteUser == null)) {
74 remoteUser = String.valueOf(userId);
75 }
76
77
83 request = new ProtectedServletRequest(request, remoteUser);
84
85 if ((userId > 0) || (remoteUser != null)) {
86
87
89 String name = String.valueOf(userId);
90
91 if (remoteUser != null) {
92 name = remoteUser;
93 }
94
95 PrincipalThreadLocal.setName(name);
96
97
99 userId = GetterUtil.getLong(name);
100
101 try {
102
103
105 User user = UserLocalServiceUtil.getUserById(userId);
106
107
109 PermissionChecker permissionChecker =
110 PermissionCheckerFactoryUtil.create(user, true);
111
112 PermissionThreadLocal.setPermissionChecker(permissionChecker);
113
114
116 session.setAttribute(WebKeys.USER_ID, new Long(userId));
117
118
120 session.setAttribute(Globals.LOCALE_KEY, user.getLocale());
121 }
122 catch (Exception e) {
123 _log.error(e, e);
124 }
125 }
126
127 processFilter(
128 ServletAuthorizingFilter.class, request, response, filterChain);
129 }
130
131 private static Log _log = LogFactoryUtil.getLog(
132 ServletAuthorizingFilter.class);
133
134 }