1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   * 
13   */
14  
15  package com.liferay.portal.servlet;
16  
17  import com.liferay.portal.NoSuchUserException;
18  import com.liferay.portal.PortalException;
19  import com.liferay.portal.SystemException;
20  import com.liferay.portal.kernel.log.Log;
21  import com.liferay.portal.kernel.log.LogFactoryUtil;
22  import com.liferay.portal.kernel.util.GetterUtil;
23  import com.liferay.portal.kernel.util.MethodInvoker;
24  import com.liferay.portal.kernel.util.MethodWrapper;
25  import com.liferay.portal.kernel.util.ObjectValuePair;
26  import com.liferay.portal.kernel.util.Validator;
27  import com.liferay.portal.model.User;
28  import com.liferay.portal.security.auth.HttpPrincipal;
29  import com.liferay.portal.security.auth.PrincipalThreadLocal;
30  import com.liferay.portal.security.permission.PermissionChecker;
31  import com.liferay.portal.security.permission.PermissionCheckerFactory;
32  import com.liferay.portal.security.permission.PermissionThreadLocal;
33  import com.liferay.portal.service.UserLocalServiceUtil;
34  import com.liferay.portal.util.PortalInstances;
35  
36  import java.io.IOException;
37  import java.io.ObjectInputStream;
38  import java.io.ObjectOutputStream;
39  
40  import java.lang.reflect.InvocationTargetException;
41  
42  import javax.servlet.http.HttpServlet;
43  import javax.servlet.http.HttpServletRequest;
44  import javax.servlet.http.HttpServletResponse;
45  
46  /**
47   * <a href="TunnelServlet.java.html"><b><i>View Source</i></b></a>
48   *
49   * @author Michael Weisser
50   * @author Brian Wing Shun Chan
51   */
52  public class TunnelServlet extends HttpServlet {
53  
54      public void doPost(HttpServletRequest request, HttpServletResponse response)
55          throws IOException {
56  
57          PermissionChecker permissionChecker = null;
58  
59          ObjectInputStream ois = new ObjectInputStream(
60              request.getInputStream());
61  
62          Object returnObj = null;
63  
64          try {
65              ObjectValuePair<HttpPrincipal, MethodWrapper> ovp =
66                  (ObjectValuePair<HttpPrincipal, MethodWrapper>)
67                      ois.readObject();
68  
69              HttpPrincipal httpPrincipal = ovp.getKey();
70              MethodWrapper methodWrapper = ovp.getValue();
71  
72              if (!isValidRequest(methodWrapper)) {
73                  return;
74              }
75  
76              long companyId = PortalInstances.getCompanyId(request);
77  
78              if (Validator.isNotNull(httpPrincipal.getLogin())) {
79                  User user = null;
80  
81                  try {
82                      user = UserLocalServiceUtil.getUserByEmailAddress(
83                          companyId, httpPrincipal.getLogin());
84                  }
85                  catch (NoSuchUserException nsue) {
86                  }
87  
88                  if (user == null) {
89                      try {
90                          user = UserLocalServiceUtil.getUserByScreenName(
91                              companyId, httpPrincipal.getLogin());
92                      }
93                      catch (NoSuchUserException nsue) {
94                      }
95                  }
96  
97                  if (user == null) {
98                      try {
99                          user = UserLocalServiceUtil.getUserById(
100                             GetterUtil.getLong(httpPrincipal.getLogin()));
101                     }
102                     catch (NoSuchUserException nsue) {
103                     }
104                 }
105 
106                 if (user != null) {
107                     PrincipalThreadLocal.setName(user.getUserId());
108 
109                     permissionChecker = PermissionCheckerFactory.create(
110                         user, true);
111 
112                     PermissionThreadLocal.setPermissionChecker(
113                         permissionChecker);
114                 }
115             }
116 
117             if (returnObj == null) {
118                 returnObj = MethodInvoker.invoke(methodWrapper);
119             }
120         }
121         catch (InvocationTargetException ite) {
122             returnObj = ite.getCause();
123 
124             if (!(returnObj instanceof PortalException)) {
125                 ite.printStackTrace();
126 
127                 returnObj = new SystemException();
128             }
129         }
130         catch (Exception e) {
131             _log.error(e, e);
132         }
133         finally {
134             try {
135                 PermissionCheckerFactory.recycle(permissionChecker);
136             }
137             catch (Exception e) {
138             }
139         }
140 
141         if (returnObj != null) {
142             ObjectOutputStream oos = new ObjectOutputStream(
143                 response.getOutputStream());
144 
145             oos.writeObject(returnObj);
146 
147             oos.flush();
148             oos.close();
149         }
150     }
151 
152     protected boolean isValidRequest(MethodWrapper methodWrapper) {
153         String className = methodWrapper.getClassName();
154 
155         if (className.contains(".service.") &&
156             className.endsWith("ServiceUtil") &&
157             !className.endsWith("LocalServiceUtil")) {
158 
159             return true;
160         }
161         else {
162             return false;
163         }
164     }
165 
166     private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
167 
168 }