001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet;
016    
017    import com.liferay.portal.action.JSONServiceAction;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.servlet.PortletServlet;
021    import com.liferay.portal.kernel.util.GetterUtil;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.auth.PrincipalThreadLocal;
024    import com.liferay.portal.security.permission.PermissionChecker;
025    import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
026    import com.liferay.portal.security.permission.PermissionThreadLocal;
027    import com.liferay.portal.service.UserLocalServiceUtil;
028    import com.liferay.portal.struts.JSONAction;
029    
030    import java.io.IOException;
031    
032    import javax.servlet.ServletConfig;
033    import javax.servlet.ServletContext;
034    import javax.servlet.ServletException;
035    import javax.servlet.http.HttpServlet;
036    import javax.servlet.http.HttpServletRequest;
037    import javax.servlet.http.HttpServletResponse;
038    
039    /**
040     * @author Brian Wing Shun Chan
041     */
042    public class JSONServlet extends HttpServlet {
043    
044            @Override
045            public void init(ServletConfig servletConfig) {
046                    ServletContext servletContext = servletConfig.getServletContext();
047    
048                    _portletClassLoader = (ClassLoader)servletContext.getAttribute(
049                            PortletServlet.PORTLET_CLASS_LOADER);
050    
051                    _jsonAction = getJSONAction(servletContext);
052            }
053    
054            @Override
055            @SuppressWarnings("unused")
056            public void service(
057                            HttpServletRequest request, HttpServletResponse response)
058                    throws IOException, ServletException {
059    
060                    try {
061                            resolveRemoteUser(request);
062    
063                            if (_portletClassLoader == null) {
064                                    _jsonAction.execute(null, null, request, response);
065                            }
066                            else {
067                                    Thread currentThread = Thread.currentThread();
068    
069                                    ClassLoader contextClassLoader =
070                                            currentThread.getContextClassLoader();
071    
072                                    try {
073                                            currentThread.setContextClassLoader(_portletClassLoader);
074    
075                                            _jsonAction.execute(null, null, request, response);
076                                    }
077                                    finally {
078                                            currentThread.setContextClassLoader(contextClassLoader);
079                                    }
080                            }
081                    }
082                    catch (Exception e) {
083                            _log.error(e, e);
084                    }
085            }
086    
087            protected JSONAction getJSONAction(ServletContext servletContext) {
088                    JSONAction jsonAction = new JSONServiceAction();
089    
090                    jsonAction.setServletContext(servletContext);
091    
092                    return jsonAction;
093            }
094    
095            protected void resolveRemoteUser(HttpServletRequest request)
096                    throws Exception {
097    
098                    String remoteUser = request.getRemoteUser();
099    
100                    if (_log.isDebugEnabled()) {
101                            _log.debug("Remote user " + remoteUser);
102                    }
103    
104                    if (remoteUser != null) {
105                            PrincipalThreadLocal.setName(remoteUser);
106    
107                            long userId = GetterUtil.getLong(remoteUser);
108    
109                            User user = UserLocalServiceUtil.getUserById(userId);
110    
111                            PermissionChecker permissionChecker =
112                                    PermissionCheckerFactoryUtil.create(user);
113    
114                            PermissionThreadLocal.setPermissionChecker(permissionChecker);
115                    }
116            }
117    
118            private static Log _log = LogFactoryUtil.getLog(JSONServlet.class);
119    
120            private JSONAction _jsonAction;
121            private ClassLoader _portletClassLoader;
122    
123    }