org.kmworks.liferay.rpc.utils.RPCTunnelUtil.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.kmworks.liferay.rpc.utils.RPCTunnelUtil.java

Introduction

Here is the source code for org.kmworks.liferay.rpc.utils.RPCTunnelUtil.java

Source

/*
 * Copyright (C) 2005-2014 Christian P. Lerch <christian.p.lerch [at] gmail [dot] com>
 *
 * This library is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Lesser General Public License as published by the Free
 * Software Foundation; either version 3 of the License, or (at your option)
 * any later version.
 *
 * This library is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 
 * details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this distribution. If not, see <http://www.gnu.org/licenses/>.
 */
package org.kmworks.liferay.rpc.utils;

import static com.google.common.base.Preconditions.checkNotNull;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.servlet.HttpHeaders;
import com.liferay.portal.kernel.servlet.HttpMethods;
import com.liferay.portal.kernel.util.Base64;
import com.liferay.portal.kernel.util.ContentTypes;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.MethodHandler;
import com.liferay.portal.kernel.util.ObjectValuePair;
import com.liferay.portal.kernel.util.PropsUtil;
import com.liferay.portal.kernel.util.StringPool;
import com.liferay.portal.security.auth.HttpPrincipal;
import com.liferay.portal.security.auth.PrincipalException;
import com.liferay.portal.service.http.TunnelUtil;
import static com.liferay.portal.service.http.TunnelUtil.getSharedSecretKey;
import com.liferay.util.Encryptor;
import java.io.EOFException;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.servlet.http.HttpServletRequest;

/**
 *
 * @author Christian P. Lerch
 */
public class RPCTunnelUtil extends TunnelUtil {

    public static Object invoke(HttpPrincipal httpPrincipal, MethodHandler methodHandler) throws Exception {

        // Although its currently not used by RPCTunnelServlet encrypt the login and use it as password anyway
        HttpPrincipal principal = AuthToken.clonePrincipal(httpPrincipal);
        principal.setPassword(Encryptor.encrypt(getSharedSecretKey(), principal.getLogin()));
        final HttpURLConnection httpURLConnection = _getConnection(principal.getUrl(), principal.getLogin(),
                principal.getPassword());

        try (ObjectOutputStream objectOutputStream = new ObjectOutputStream(httpURLConnection.getOutputStream())) {
            ObjectValuePair<HttpPrincipal, MethodHandler> ovp = new ObjectValuePair<>(principal, methodHandler);
            objectOutputStream.writeObject(ovp);
            objectOutputStream.flush();
        }

        Object returnObject = null;
        try (ObjectInputStream objectInputStream = new ObjectInputStream(httpURLConnection.getInputStream())) {
            returnObject = objectInputStream.readObject();
        } catch (EOFException eofe) {
            if (_log.isDebugEnabled()) {
                _log.debug("Unable to read object from object stream", eofe);
            }
        } catch (IOException ioe) {
            String ioeMessage = ioe.getMessage();
            if (ioeMessage != null && ioeMessage.contains("HTTP response code: 401")) {
                throw new PrincipalException(ioeMessage);
            } else {
                throw ioe;
            }
        }

        if (returnObject != null && returnObject instanceof Exception) {
            throw (Exception) returnObject;
        }

        return returnObject;
    }

    private static HttpURLConnection _getConnection(String baseUrl, String login, String password)
            throws IOException {

        checkNotNull(baseUrl);
        checkNotNull(login);
        checkNotNull(password);

        ///-URL url = new URL(httpPrincipal.getUrl() + "/api/liferay/do");
        final URL url = new URL(baseUrl + "/rpc-server-hook/api/do"); ///+
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);

        if (!_VERIFY_SSL_HOSTNAME && httpURLConnection instanceof HttpsURLConnection) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;

            httpsURLConnection.setHostnameVerifier(new HostnameVerifier() {

                @Override
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            });
        }

        httpURLConnection.setRequestProperty(HttpHeaders.CONTENT_TYPE,
                ContentTypes.APPLICATION_X_JAVA_SERIALIZED_OBJECT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestMethod(HttpMethods.POST);

        final String userNameAndPassword = login + StringPool.COLON + password;
        httpURLConnection.setRequestProperty(HttpHeaders.AUTHORIZATION,
                HttpServletRequest.BASIC_AUTH + StringPool.SPACE + Base64.encode(userNameAndPassword.getBytes()));

        return httpURLConnection;
    }

    private static final boolean _VERIFY_SSL_HOSTNAME = GetterUtil
            .getBoolean(PropsUtil.get(TunnelUtil.class.getName() + ".verify.ssl.hostname"));

    private static final Log _log = LogFactoryUtil.getLog(RPCTunnelUtil.class);

}