1
14
15 package com.liferay.portal.servlet.filters.servletauthorizing;
16
17 import com.liferay.portal.kernel.log.Log;
18 import com.liferay.portal.kernel.log.LogFactoryUtil;
19 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
20 import com.liferay.portal.kernel.util.GetterUtil;
21 import com.liferay.portal.model.User;
22 import com.liferay.portal.security.auth.PrincipalThreadLocal;
23 import com.liferay.portal.security.permission.PermissionChecker;
24 import com.liferay.portal.security.permission.PermissionCheckerFactory;
25 import com.liferay.portal.security.permission.PermissionThreadLocal;
26 import com.liferay.portal.service.UserLocalServiceUtil;
27 import com.liferay.portal.servlet.filters.BasePortalFilter;
28 import com.liferay.portal.util.PortalInstances;
29 import com.liferay.portal.util.PortalUtil;
30 import com.liferay.portal.util.PropsValues;
31 import com.liferay.portal.util.WebKeys;
32
33 import javax.servlet.FilterChain;
34 import javax.servlet.http.HttpServletRequest;
35 import javax.servlet.http.HttpServletResponse;
36 import javax.servlet.http.HttpSession;
37
38 import org.apache.struts.Globals;
39
40
45 public class ServletAuthorizingFilter extends BasePortalFilter {
46
47 protected void processFilter(
48 HttpServletRequest request, HttpServletResponse response,
49 FilterChain filterChain)
50 throws Exception {
51
52 HttpSession session = request.getSession();
53
54
56 PortalInstances.getCompanyId(request);
57
58
60 long userId = PortalUtil.getUserId(request);
61 String remoteUser = request.getRemoteUser();
62
63 if (!PropsValues.PORTAL_JAAS_ENABLE) {
64 String jRemoteUser = (String)session.getAttribute("j_remoteuser");
65
66 if (jRemoteUser != null) {
67 remoteUser = jRemoteUser;
68
69 session.removeAttribute("j_remoteuser");
70 }
71 }
72
73 if ((userId > 0) && (remoteUser == null)) {
74 remoteUser = String.valueOf(userId);
75 }
76
77
83 request = new ProtectedServletRequest(request, remoteUser);
84
85 PermissionChecker permissionChecker = null;
86
87 if ((userId > 0) || (remoteUser != null)) {
88
89
91 String name = String.valueOf(userId);
92
93 if (remoteUser != null) {
94 name = remoteUser;
95 }
96
97 PrincipalThreadLocal.setName(name);
98
99
101 userId = GetterUtil.getLong(name);
102
103 try {
104
105
107 User user = UserLocalServiceUtil.getUserById(userId);
108
109
111 permissionChecker = PermissionCheckerFactory.create(user, true);
112
113 PermissionThreadLocal.setPermissionChecker(permissionChecker);
114
115
117 session.setAttribute(WebKeys.USER_ID, new Long(userId));
118
119
121 session.setAttribute(Globals.LOCALE_KEY, user.getLocale());
122 }
123 catch (Exception e) {
124 _log.error(e, e);
125 }
126 }
127
128 try {
129 processFilter(
130 ServletAuthorizingFilter.class, request, response, filterChain);
131 }
132 finally {
133 try {
134 PermissionCheckerFactory.recycle(permissionChecker);
135 }
136 catch (Exception e) {
137 _log.error(e, e);
138 }
139 }
140 }
141
142 private static Log _log = LogFactoryUtil.getLog(
143 ServletAuthorizingFilter.class);
144
145 }