1
14
15 package com.liferay.portal.servlet;
16
17 import com.liferay.portal.NoSuchUserException;
18 import com.liferay.portal.PortalException;
19 import com.liferay.portal.SystemException;
20 import com.liferay.portal.kernel.log.Log;
21 import com.liferay.portal.kernel.log.LogFactoryUtil;
22 import com.liferay.portal.kernel.util.GetterUtil;
23 import com.liferay.portal.kernel.util.MethodInvoker;
24 import com.liferay.portal.kernel.util.MethodWrapper;
25 import com.liferay.portal.kernel.util.ObjectValuePair;
26 import com.liferay.portal.kernel.util.Validator;
27 import com.liferay.portal.model.User;
28 import com.liferay.portal.security.auth.HttpPrincipal;
29 import com.liferay.portal.security.auth.PrincipalThreadLocal;
30 import com.liferay.portal.security.permission.PermissionChecker;
31 import com.liferay.portal.security.permission.PermissionCheckerFactory;
32 import com.liferay.portal.security.permission.PermissionThreadLocal;
33 import com.liferay.portal.service.UserLocalServiceUtil;
34 import com.liferay.portal.util.PortalInstances;
35
36 import java.io.IOException;
37 import java.io.ObjectInputStream;
38 import java.io.ObjectOutputStream;
39
40 import java.lang.reflect.InvocationTargetException;
41
42 import javax.servlet.http.HttpServlet;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpServletResponse;
45
46
52 public class TunnelServlet extends HttpServlet {
53
54 public void doPost(HttpServletRequest request, HttpServletResponse response)
55 throws IOException {
56
57 PermissionChecker permissionChecker = null;
58
59 ObjectInputStream ois = new ObjectInputStream(
60 request.getInputStream());
61
62 Object returnObj = null;
63
64 try {
65 ObjectValuePair<HttpPrincipal, MethodWrapper> ovp =
66 (ObjectValuePair<HttpPrincipal, MethodWrapper>)
67 ois.readObject();
68
69 HttpPrincipal httpPrincipal = ovp.getKey();
70 MethodWrapper methodWrapper = ovp.getValue();
71
72 if (!isValidRequest(methodWrapper)) {
73 return;
74 }
75
76 long companyId = PortalInstances.getCompanyId(request);
77
78 if (Validator.isNotNull(httpPrincipal.getLogin())) {
79 User user = null;
80
81 try {
82 user = UserLocalServiceUtil.getUserByEmailAddress(
83 companyId, httpPrincipal.getLogin());
84 }
85 catch (NoSuchUserException nsue) {
86 }
87
88 if (user == null) {
89 try {
90 user = UserLocalServiceUtil.getUserByScreenName(
91 companyId, httpPrincipal.getLogin());
92 }
93 catch (NoSuchUserException nsue) {
94 }
95 }
96
97 if (user == null) {
98 try {
99 user = UserLocalServiceUtil.getUserById(
100 GetterUtil.getLong(httpPrincipal.getLogin()));
101 }
102 catch (NoSuchUserException nsue) {
103 }
104 }
105
106 if (user != null) {
107 PrincipalThreadLocal.setName(user.getUserId());
108
109 permissionChecker = PermissionCheckerFactory.create(
110 user, true);
111
112 PermissionThreadLocal.setPermissionChecker(
113 permissionChecker);
114 }
115 }
116
117 if (returnObj == null) {
118 returnObj = MethodInvoker.invoke(methodWrapper);
119 }
120 }
121 catch (InvocationTargetException ite) {
122 returnObj = ite.getCause();
123
124 if (!(returnObj instanceof PortalException)) {
125 ite.printStackTrace();
126
127 returnObj = new SystemException();
128 }
129 }
130 catch (Exception e) {
131 _log.error(e, e);
132 }
133 finally {
134 try {
135 PermissionCheckerFactory.recycle(permissionChecker);
136 }
137 catch (Exception e) {
138 }
139 }
140
141 if (returnObj != null) {
142 ObjectOutputStream oos = new ObjectOutputStream(
143 response.getOutputStream());
144
145 oos.writeObject(returnObj);
146
147 oos.flush();
148 oos.close();
149 }
150 }
151
152 protected boolean isValidRequest(MethodWrapper methodWrapper) {
153 String className = methodWrapper.getClassName();
154
155 if (className.contains(".service.") &&
156 className.endsWith("ServiceUtil") &&
157 !className.endsWith("LocalServiceUtil")) {
158
159 return true;
160 }
161 else {
162 return false;
163 }
164 }
165
166 private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
167
168 }