001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.spring.servlet;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.model.User;
021    import com.liferay.portal.security.auth.PrincipalThreadLocal;
022    import com.liferay.portal.security.permission.PermissionChecker;
023    import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
024    import com.liferay.portal.security.permission.PermissionThreadLocal;
025    import com.liferay.portal.service.UserLocalServiceUtil;
026    import com.liferay.portal.spring.context.TunnelApplicationContext;
027    import com.liferay.portal.util.PortalInstances;
028    
029    import javax.servlet.ServletException;
030    import javax.servlet.http.HttpServletRequest;
031    import javax.servlet.http.HttpServletResponse;
032    
033    import org.springframework.web.servlet.DispatcherServlet;
034    
035    /**
036     * @author Brian Wing Shun Chan
037     */
038    public class RemotingServlet extends DispatcherServlet {
039    
040            public static final String CONTEXT_CLASS =
041                    TunnelApplicationContext.class.getName();
042    
043            public static final String CONTEXT_CONFIG_LOCATION =
044                    "/WEB-INF/remoting-servlet.xml,/WEB-INF/remoting-servlet-ext.xml";
045    
046            @Override
047            public Class<?> getContextClass() {
048                    try {
049                            return Class.forName(CONTEXT_CLASS);
050                    }
051                    catch (Exception e) {
052                            _log.error(e);
053                    }
054    
055                    return null;
056            }
057    
058            @Override
059            public String getContextConfigLocation() {
060                    return CONTEXT_CONFIG_LOCATION;
061            }
062    
063            @Override
064            public void service(
065                            HttpServletRequest request, HttpServletResponse response)
066                    throws ServletException {
067    
068                    try {
069                            PortalInstances.getCompanyId(request);
070    
071                            String remoteUser = request.getRemoteUser();
072    
073                            if (_log.isDebugEnabled()) {
074                                    _log.debug("Remote user " + remoteUser);
075                            }
076    
077                            if (remoteUser != null) {
078                                    PrincipalThreadLocal.setName(remoteUser);
079    
080                                    long userId = GetterUtil.getLong(remoteUser);
081    
082                                    User user = UserLocalServiceUtil.getUserById(userId);
083    
084                                    PermissionChecker permissionChecker =
085                                            PermissionCheckerFactoryUtil.create(user);
086    
087                                    PermissionThreadLocal.setPermissionChecker(permissionChecker);
088                            }
089                            else {
090                                    if (_log.isWarnEnabled()) {
091                                            _log.warn(
092                                                    "User id is not provided. An exception will be " +
093                                                            "thrown if a protected method is accessed.");
094                                    }
095                            }
096    
097                            super.service(request, response);
098                    }
099                    catch (Exception e) {
100                            throw new ServletException(e);
101                    }
102            }
103    
104            private static Log _log = LogFactoryUtil.getLog(RemotingServlet.class);
105    
106    }