1
22
23 package com.liferay.portal.servlet.filters.servletauthorizing;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
28 import com.liferay.portal.kernel.util.GetterUtil;
29 import com.liferay.portal.model.User;
30 import com.liferay.portal.security.auth.CompanyThreadLocal;
31 import com.liferay.portal.security.auth.PrincipalThreadLocal;
32 import com.liferay.portal.security.permission.PermissionChecker;
33 import com.liferay.portal.security.permission.PermissionCheckerFactory;
34 import com.liferay.portal.security.permission.PermissionThreadLocal;
35 import com.liferay.portal.service.UserLocalServiceUtil;
36 import com.liferay.portal.servlet.filters.BasePortalFilter;
37 import com.liferay.portal.util.PortalInstances;
38 import com.liferay.portal.util.PortalUtil;
39 import com.liferay.portal.util.PropsValues;
40 import com.liferay.portal.util.WebKeys;
41
42 import javax.servlet.FilterChain;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpServletResponse;
45 import javax.servlet.http.HttpSession;
46
47 import org.apache.struts.Globals;
48
49
55 public class ServletAuthorizingFilter extends BasePortalFilter {
56
57 protected void processFilter(
58 HttpServletRequest request, HttpServletResponse response,
59 FilterChain filterChain)
60 throws Exception {
61
62 HttpSession session = request.getSession();
63
64
66 long companyId = PortalInstances.getCompanyId(request);
67
68
71 request.setAttribute(WebKeys.COMPANY_ID, new Long(companyId));
72
73
75 long userId = PortalUtil.getUserId(request);
76 String remoteUser = request.getRemoteUser();
77
78 if (!PropsValues.PORTAL_JAAS_ENABLE) {
79 String jRemoteUser = (String)session.getAttribute("j_remoteuser");
80
81 if (jRemoteUser != null) {
82 remoteUser = jRemoteUser;
83
84 session.removeAttribute("j_remoteuser");
85 }
86 }
87
88 if ((userId > 0) && (remoteUser == null)) {
89 remoteUser = String.valueOf(userId);
90 }
91
92
98 request = new ProtectedServletRequest(request, remoteUser);
99
100 PermissionChecker permissionChecker = null;
101
102 if ((userId > 0) || (remoteUser != null)) {
103
104
106 String name = String.valueOf(userId);
107
108 if (remoteUser != null) {
109 name = remoteUser;
110 }
111
112 PrincipalThreadLocal.setName(name);
113
114
116 userId = GetterUtil.getLong(name);
117
118 try {
119
120
122 User user = UserLocalServiceUtil.getUserById(userId);
123
124
126 permissionChecker = PermissionCheckerFactory.create(user, true);
127
128 PermissionThreadLocal.setPermissionChecker(permissionChecker);
129
130
132 session.setAttribute(WebKeys.USER_ID, new Long(userId));
133
134
136 session.setAttribute(Globals.LOCALE_KEY, user.getLocale());
137 }
138 catch (Exception e) {
139 _log.error(e, e);
140 }
141 }
142
143 try {
144 processFilter(
145 ServletAuthorizingFilter.class, request, response, filterChain);
146 }
147 finally {
148 try {
149
150
152 PermissionCheckerFactory.recycle(permissionChecker);
153 }
154 catch (Exception e) {
155 _log.error(e, e);
156 }
157
158
160 CompanyThreadLocal.setCompanyId(0);
161
162
164 PrincipalThreadLocal.setName(null);
165 }
166 }
167
168 private static Log _log =
169 LogFactoryUtil.getLog(ServletAuthorizingFilter.class);
170
171 }