ServerManagerServlet.java

/**
 * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
 *
 * This library is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Lesser General Public License as published by the Free
 * Software Foundation; either version 2.1 of the License, or (at your option)
 * any later version.
 *
 * This library is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
 * details.
 */

package com.liferay.server.manager.internal.servlet;

import com.liferay.portal.kernel.json.JSONFactoryUtil;
import com.liferay.portal.kernel.json.JSONObject;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.security.permission.PermissionChecker;
import com.liferay.portal.kernel.security.permission.PermissionCheckerFactoryUtil;
import com.liferay.portal.kernel.servlet.HttpMethods;
import com.liferay.portal.kernel.servlet.ServletResponseUtil;
import com.liferay.portal.kernel.util.ContentTypes;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.StackTraceUtil;
import com.liferay.portal.kernel.util.StringPool;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.server.manager.internal.constants.JSONKeys;
import com.liferay.server.manager.internal.executor.Executor;
import com.liferay.server.manager.internal.executor.ExecutorPathResolver;
import com.liferay.server.manager.internal.executor.ExecutorServiceRegistry;

import java.io.IOException;

import java.util.LinkedList;
import java.util.Queue;

import javax.servlet.Servlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

/**
 * @author Jonathan Potter
 */
@Component(
	immediate = true,
	property = {
		"osgi.http.whiteboard.servlet.name=com.liferay.server.manager.internal.servlet.ServerManagerServlet",
		"osgi.http.whiteboard.servlet.pattern=/server-manager/*",
		"servlet.init.httpMethods=DELETE,GET,POST,PUT"
	},
	service = Servlet.class
)
public class ServerManagerServlet extends HttpServlet {

	protected void execute(
			HttpServletRequest request, JSONObject responseJSONObject,
			String pathInfo)
		throws Exception {

		String executorPath = getExecutorPath(pathInfo);

		Executor executor = _executorServiceRegistry.getExecutor(executorPath);

		Queue<String> arguments = getExecutorArguments(executorPath, pathInfo);

		String method = request.getMethod();

		if (StringUtil.equalsIgnoreCase(method, HttpMethods.DELETE)) {
			executor.executeDelete(request, responseJSONObject, arguments);
		}
		else if (StringUtil.equalsIgnoreCase(method, HttpMethods.GET)) {
			executor.executeRead(request, responseJSONObject, arguments);
		}
		else if (StringUtil.equalsIgnoreCase(method, HttpMethods.POST)) {
			executor.executeCreate(request, responseJSONObject, arguments);
		}
		else if (StringUtil.equalsIgnoreCase(method, HttpMethods.PUT)) {
			executor.executeUpdate(request, responseJSONObject, arguments);
		}
	}

	protected Queue<String> getExecutorArguments(
		String matchingExecutorPath, String pathInfo) {

		Queue<String> arguments = new LinkedList<>();

		String path = StringUtil.toLowerCase(pathInfo);

		path = StringUtil.replace(
			path, matchingExecutorPath + StringPool.SLASH, StringPool.BLANK);

		String[] pathParts = StringUtil.split(path, StringPool.SLASH);

		for (String pathPart : pathParts) {
			arguments.add(pathPart);
		}

		return arguments;
	}

	protected String getExecutorPath(String pathInfo) {
		ExecutorPathResolver executorPathResolver = new ExecutorPathResolver(
			_executorServiceRegistry.getAvailableExecutorPaths());

		return executorPathResolver.getExecutorPath(pathInfo);
	}

	protected boolean isValidUser(HttpServletRequest request) {
		try {
			User user = _portal.getUser(request);

			PermissionChecker permissionChecker =
				PermissionCheckerFactoryUtil.create(user);

			if (permissionChecker.isOmniadmin()) {
				return true;
			}
		}
		catch (Exception e) {
			_log.error(e, e);
		}

		return false;
	}

	@Override
	protected void service(
			HttpServletRequest request, HttpServletResponse response)
		throws IOException {

		if (!isValidUser(request)) {
			response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

			return;
		}

		JSONObject responseJSONObject = JSONFactoryUtil.createJSONObject();

		responseJSONObject.put(JSONKeys.ERROR, StringPool.BLANK);
		responseJSONObject.put(JSONKeys.OUTPUT, StringPool.BLANK);
		responseJSONObject.put(JSONKeys.STATUS, 0);

		try {
			execute(request, responseJSONObject, request.getPathInfo());
		}
		catch (Exception e) {
			responseJSONObject.put(
				JSONKeys.ERROR, StackTraceUtil.getStackTrace(e));
			responseJSONObject.put(JSONKeys.STATUS, 1);
		}

		String format = ParamUtil.getString(request, "format");

		if (format.equals("raw")) {
			response.setContentType(ContentTypes.TEXT_PLAIN);

			String outputStream = responseJSONObject.getString(JSONKeys.OUTPUT);

			ServletResponseUtil.write(response, outputStream);
		}
		else {
			response.setContentType(ContentTypes.APPLICATION_JSON);

			ServletResponseUtil.write(response, responseJSONObject.toString());
		}
	}

	private static final Log _log = LogFactoryUtil.getLog(
		ServerManagerServlet.class);

	@Reference
	private ExecutorServiceRegistry _executorServiceRegistry;

	@Reference
	private Portal _portal;

}