2 * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
4 * This library is free software; you can redistribute it and/or modify it under
5 * the terms of the GNU Lesser General Public License as published by the Free
6 * Software Foundation; either version 2.1 of the License, or (at your option)
9 * This library is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
15 package com.liferay.portal.struts;
17 import com.liferay.portal.kernel.exception.PortalException;
18 import com.liferay.portal.kernel.json.JSONFactoryUtil;
19 import com.liferay.portal.kernel.log.Log;
20 import com.liferay.portal.kernel.log.LogFactoryUtil;
21 import com.liferay.portal.kernel.servlet.HttpHeaders;
22 import com.liferay.portal.kernel.servlet.ServletContextPool;
23 import com.liferay.portal.kernel.util.ContentTypes;
24 import com.liferay.portal.kernel.util.GetterUtil;
25 import com.liferay.portal.kernel.util.ParamUtil;
26 import com.liferay.portal.kernel.util.SetUtil;
27 import com.liferay.portal.kernel.util.StringPool;
28 import com.liferay.portal.kernel.util.Validator;
29 import com.liferay.portal.security.auth.AuthTokenUtil;
30 import com.liferay.portal.security.auth.PrincipalException;
31 import com.liferay.portal.servlet.SharedSessionServletRequest;
32 import com.liferay.portal.util.PortalUtil;
33 import com.liferay.portal.util.PropsValues;
34 import com.liferay.portal.util.WebKeys;
36 import java.io.OutputStream;
40 import javax.servlet.RequestDispatcher;
41 import javax.servlet.ServletContext;
42 import javax.servlet.http.HttpServletRequest;
43 import javax.servlet.http.HttpServletResponse;
45 import org.apache.struts.action.Action;
46 import org.apache.struts.action.ActionForm;
47 import org.apache.struts.action.ActionForward;
48 import org.apache.struts.action.ActionMapping;
51 * @author Ming-Gih Lam
52 * @author Brian Wing Shun Chan
53 * @author Tomas Polesovsky
55 public abstract class JSONAction extends Action {
58 public ActionForward execute(
59 ActionMapping mapping, ActionForm form, HttpServletRequest request,
60 HttpServletResponse response)
63 if (rerouteExecute(request, response)) {
67 String callback = ParamUtil.getString(request, "callback");
68 String instance = ParamUtil.getString(request, "inst");
73 checkAuthToken(request);
75 json = getJSON(mapping, form, request, response);
77 if (Validator.isNotNull(callback)) {
78 json = callback + "(" + json + ");";
80 else if (Validator.isNotNull(instance)) {
81 json = "var " + instance + "=" + json + ";";
84 catch (PrincipalException pe) {
85 if (_log.isWarnEnabled()) {
86 _log.warn(pe.getMessage());
89 json = JSONFactoryUtil.serializeException(pe);
93 HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e, request,
99 boolean refresh = ParamUtil.getBoolean(request, "refresh");
102 return mapping.findForward(ActionConstants.COMMON_REFERER);
104 else if (Validator.isNotNull(json)) {
105 response.setCharacterEncoding(StringPool.UTF8);
107 * Change header to application/json for parsing json response with automatic Sopra tools
109 response.setContentType(ContentTypes.APPLICATION_JSON);
110 //response.setContentType(ContentTypes.TEXT_JAVASCRIPT);
112 HttpHeaders.CACHE_CONTROL,
113 HttpHeaders.CACHE_CONTROL_NO_CACHE_VALUE);
115 OutputStream outputStream = response.getOutputStream();
117 byte[] bytes = json.getBytes(StringPool.UTF8);
119 outputStream.write(bytes);
121 outputStream.close();
127 public abstract String getJSON(
128 ActionMapping mapping, ActionForm form, HttpServletRequest request,
129 HttpServletResponse response)
132 public void setServletContext(ServletContext servletContext) {
133 _servletContext = servletContext;
136 protected void checkAuthToken(HttpServletRequest request)
137 throws PortalException {
139 String authType = GetterUtil.getString(request.getAuthType());
141 if (authType.equals(HttpServletRequest.BASIC_AUTH) ||
142 authType.equals(HttpServletRequest.DIGEST_AUTH)) {
147 if (PropsValues.AUTH_TOKEN_CHECK_ENABLED &&
148 PropsValues.JSON_SERVICE_AUTH_TOKEN_ENABLED) {
150 if (!isAccessAllowed(request, _hostsAllowed)) {
151 AuthTokenUtil.check(request);
156 protected String getReroutePath() {
160 protected boolean isAccessAllowed(
161 HttpServletRequest request, Set<String> hostsAllowed) {
163 if (hostsAllowed.isEmpty()) {
167 String remoteAddr = request.getRemoteAddr();
169 if (hostsAllowed.contains(remoteAddr)) {
173 String computerAddress = PortalUtil.getComputerAddress();
175 if (computerAddress.equals(remoteAddr) &&
176 hostsAllowed.contains(_SERVER_IP)) {
184 protected boolean rerouteExecute(
185 HttpServletRequest request, HttpServletResponse response)
188 String reroutePath = getReroutePath();
190 if (Validator.isNull(reroutePath)) {
194 String requestServletContextName = ParamUtil.getString(
195 request, "servletContextName");
197 if (Validator.isNull(requestServletContextName)) {
201 ServletContext servletContext = _servletContext;
203 if (servletContext == null) {
204 servletContext = (ServletContext)request.getAttribute(WebKeys.CTX);
207 String servletContextName = GetterUtil.getString(
208 servletContext.getServletContextName());
210 if (servletContextName.equals(requestServletContextName)) {
214 ServletContext requestServletContext = ServletContextPool.get(
215 requestServletContextName);
217 if (requestServletContext == null) {
221 RequestDispatcher requestDispatcher =
222 requestServletContext.getRequestDispatcher(reroutePath);
224 if (requestDispatcher == null) {
228 requestDispatcher.forward(
229 new SharedSessionServletRequest(request, true), response);
234 private static final String _SERVER_IP = "SERVER_IP";
236 private static Log _log = LogFactoryUtil.getLog(JSONAction.class);
238 private Set<String> _hostsAllowed = SetUtil.fromArray(
239 PropsValues.JSON_SERVICE_AUTH_TOKEN_HOSTS_ALLOWED);
240 private ServletContext _servletContext;