1
22
23 package com.liferay.portal.servlet.filters.servletauthorizing;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
28 import com.liferay.portal.kernel.util.GetterUtil;
29 import com.liferay.portal.model.User;
30 import com.liferay.portal.security.auth.CompanyThreadLocal;
31 import com.liferay.portal.security.auth.PrincipalThreadLocal;
32 import com.liferay.portal.security.permission.PermissionChecker;
33 import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
34 import com.liferay.portal.security.permission.PermissionThreadLocal;
35 import com.liferay.portal.service.UserLocalServiceUtil;
36 import com.liferay.portal.servlet.filters.BasePortalFilter;
37 import com.liferay.portal.util.PortalInstances;
38 import com.liferay.portal.util.PortalUtil;
39 import com.liferay.portal.util.PropsValues;
40 import com.liferay.portal.util.WebKeys;
41
42 import javax.servlet.FilterChain;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpServletResponse;
45 import javax.servlet.http.HttpSession;
46
47 import org.apache.struts.Globals;
48
49
54 public class ServletAuthorizingFilter extends BasePortalFilter {
55
56 protected void processFilter(
57 HttpServletRequest request, HttpServletResponse response,
58 FilterChain filterChain)
59 throws Exception {
60
61 HttpSession session = request.getSession();
62
63
65 long companyId = PortalInstances.getCompanyId(request);
66
67
70 request.setAttribute(WebKeys.COMPANY_ID, new Long(companyId));
71
72
74 long userId = PortalUtil.getUserId(request);
75 String remoteUser = request.getRemoteUser();
76
77 if (!PropsValues.PORTAL_JAAS_ENABLE) {
78 String jRemoteUser = (String)session.getAttribute("j_remoteuser");
79
80 if (jRemoteUser != null) {
81 remoteUser = jRemoteUser;
82
83 session.removeAttribute("j_remoteuser");
84 }
85 }
86
87 if ((userId > 0) && (remoteUser == null)) {
88 remoteUser = String.valueOf(userId);
89 }
90
91
97 request = new ProtectedServletRequest(request, remoteUser);
98
99 if ((userId > 0) || (remoteUser != null)) {
100
101
103 String name = String.valueOf(userId);
104
105 if (remoteUser != null) {
106 name = remoteUser;
107 }
108
109 PrincipalThreadLocal.setName(name);
110
111
113 userId = GetterUtil.getLong(name);
114
115 try {
116
117
119 User user = UserLocalServiceUtil.getUserById(userId);
120
121
123 PermissionChecker permissionChecker =
124 PermissionCheckerFactoryUtil.create(user, true);
125
126 PermissionThreadLocal.setPermissionChecker(permissionChecker);
127
128
130 session.setAttribute(WebKeys.USER_ID, new Long(userId));
131
132
134 session.setAttribute(Globals.LOCALE_KEY, user.getLocale());
135 }
136 catch (Exception e) {
137 _log.error(e, e);
138 }
139 }
140
141 try {
142 processFilter(
143 ServletAuthorizingFilter.class, request, response, filterChain);
144 }
145 finally {
146
147
149 CompanyThreadLocal.setCompanyId(0);
150
151
153 PrincipalThreadLocal.setName(null);
154 }
155 }
156
157 private static Log _log =
158 LogFactoryUtil.getLog(ServletAuthorizingFilter.class);
159
160 }