Search in sources :

Example 1 with HttpRangeProcessor

use of org.alfresco.repo.web.util.HttpRangeProcessor in project alfresco-remote-api by Alfresco.

the class GetMethod method attemptReadContent.

protected void attemptReadContent(FileInfo realNodeInfo, ContentReader reader) throws IOException {
    if (byteRanges != null && byteRanges.startsWith(RANGE_HEADER_UNIT_SPECIFIER)) {
        HttpRangeProcessor rangeProcessor = new HttpRangeProcessor(getContentService());
        String userAgent = m_request.getHeader(WebDAV.HEADER_USER_AGENT);
        if (m_returnContent) {
            m_davHelper.publishReadEvent(realNodeInfo, reader.getMimetype(), reader.getSize(), byteRanges.substring(6), reader.getEncoding());
            rangeProcessor.processRange(m_response, reader, byteRanges.substring(6), realNodeInfo.getNodeRef(), ContentModel.PROP_CONTENT, reader.getMimetype(), userAgent);
        }
    } else {
        if (m_returnContent) {
            // there is content associated with the node
            m_response.setHeader(WebDAV.HEADER_CONTENT_LENGTH, Long.toString(reader.getSize()));
            m_response.setHeader(WebDAV.HEADER_CONTENT_TYPE, reader.getMimetype());
            m_davHelper.publishReadEvent(realNodeInfo, reader.getMimetype(), reader.getSize(), null, reader.getEncoding());
            // copy the content to the response output stream
            reader.getContent(m_response.getOutputStream());
        }
    }
}
Also used : HttpRangeProcessor(org.alfresco.repo.web.util.HttpRangeProcessor)

Example 2 with HttpRangeProcessor

use of org.alfresco.repo.web.util.HttpRangeProcessor in project acs-community-packaging by Alfresco.

the class BaseDownloadContentServlet method processDownloadRequest.

/**
 * Processes the download request using the current context i.e. no authentication checks are made, it is presumed
 * they have already been done.
 *
 * @param req
 *           The HTTP request
 * @param res
 *           The HTTP response
 * @param allowLogIn
 *           Indicates whether guest users without access to the content should be redirected to the log in page. If
 *           <code>false</code>, a status 403 forbidden page is displayed instead.
 */
protected void processDownloadRequest(HttpServletRequest req, HttpServletResponse res, boolean allowLogIn, boolean transmitContent) throws ServletException, IOException {
    Log logger = getLogger();
    String uri = req.getRequestURI();
    if (logger.isDebugEnabled()) {
        String queryString = req.getQueryString();
        logger.debug("Processing URL: " + uri + ((queryString != null && queryString.length() > 0) ? ("?" + queryString) : ""));
    }
    uri = uri.substring(req.getContextPath().length());
    StringTokenizer t = new StringTokenizer(uri, "/");
    int tokenCount = t.countTokens();
    // skip servlet name
    t.nextToken();
    // attachment mode (either 'attach' or 'direct')
    String attachToken = t.nextToken();
    boolean attachment = URL_ATTACH.equals(attachToken) || URL_ATTACH_LONG.equals(attachToken);
    ServiceRegistry serviceRegistry = getServiceRegistry(getServletContext());
    // get or calculate the noderef and filename to download as
    NodeRef nodeRef;
    String filename;
    // do we have a path parameter instead of a NodeRef?
    String path = req.getParameter(ARG_PATH);
    if (path != null && path.length() != 0) {
        // process the name based path to resolve the NodeRef and the Filename element
        try {
            PathRefInfo pathInfo = resolveNamePath(getServletContext(), path);
            nodeRef = pathInfo.NodeRef;
            filename = pathInfo.Filename;
        } catch (IllegalArgumentException e) {
            Application.handleSystemError(getServletContext(), req, res, MSG_ERROR_NOT_FOUND, HttpServletResponse.SC_NOT_FOUND, logger);
            return;
        }
    } else {
        // a NodeRef must have been specified if no path has been found
        if (tokenCount < 6) {
            throw new IllegalArgumentException("Download URL did not contain all required args: " + uri);
        }
        // assume 'workspace' or other NodeRef based protocol for remaining URL elements
        StoreRef storeRef = new StoreRef(URLDecoder.decode(t.nextToken()), URLDecoder.decode(t.nextToken()));
        String id = URLDecoder.decode(t.nextToken());
        // build noderef from the appropriate URL elements
        nodeRef = new NodeRef(storeRef, id);
        if (tokenCount > 6) {
            // found additional relative path elements i.e. noderefid/images/file.txt
            // this allows a url to reference siblings nodes via a cm:name based relative path
            // solves the issue with opening HTML content containing relative URLs in HREF or IMG tags etc.
            List<String> paths = new ArrayList<String>(tokenCount - 5);
            while (t.hasMoreTokens()) {
                paths.add(URLDecoder.decode(t.nextToken()));
            }
            filename = paths.get(paths.size() - 1);
            try {
                NodeRef parentRef = serviceRegistry.getNodeService().getPrimaryParent(nodeRef).getParentRef();
                FileInfo fileInfo = serviceRegistry.getFileFolderService().resolveNamePath(parentRef, paths);
                nodeRef = fileInfo.getNodeRef();
            } catch (FileNotFoundException e) {
                Application.handleSystemError(getServletContext(), req, res, MSG_ERROR_NOT_FOUND, HttpServletResponse.SC_NOT_FOUND, logger);
                return;
            }
        } else {
            // filename is last remaining token
            filename = t.nextToken();
        }
    }
    // get qualified of the property to get content from - default to ContentModel.PROP_CONTENT
    QName propertyQName = ContentModel.PROP_CONTENT;
    String property = req.getParameter(ARG_PROPERTY);
    if (property != null && property.length() != 0) {
        propertyQName = QName.createQName(property);
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Found NodeRef: " + nodeRef);
        logger.debug("Will use filename: " + filename);
        logger.debug("For property: " + propertyQName);
        logger.debug("With attachment mode: " + attachment);
    }
    // get the services we need to retrieve the content
    NodeService nodeService = serviceRegistry.getNodeService();
    ContentService contentService = serviceRegistry.getContentService();
    // Check that the node still exists
    if (!nodeService.exists(nodeRef)) {
        Application.handleSystemError(getServletContext(), req, res, MSG_ERROR_NOT_FOUND, HttpServletResponse.SC_NOT_FOUND, logger);
        return;
    }
    try {
        // check that the user has at least READ_CONTENT access - else redirect to an error or login page
        if (!checkAccess(req, res, nodeRef, PermissionService.READ_CONTENT, allowLogIn)) {
            return;
        }
        // check If-Modified-Since header and set Last-Modified header as appropriate
        Date modified = (Date) nodeService.getProperty(nodeRef, ContentModel.PROP_MODIFIED);
        if (modified != null) {
            long modifiedSince = req.getDateHeader(HEADER_IF_MODIFIED_SINCE);
            if (modifiedSince > 0L) {
                // round the date to the ignore millisecond value which is not supplied by header
                long modDate = (modified.getTime() / 1000L) * 1000L;
                if (modDate <= modifiedSince) {
                    if (logger.isDebugEnabled())
                        logger.debug("Returning 304 Not Modified.");
                    res.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
                    return;
                }
            }
            res.setDateHeader(HEADER_LAST_MODIFIED, modified.getTime());
            res.setHeader(HEADER_CACHE_CONTROL, "must-revalidate, max-age=0");
            res.setHeader(HEADER_ETAG, "\"" + Long.toString(modified.getTime()) + "\"");
        }
        if (attachment == true) {
            setHeaderContentDisposition(req, res, filename);
        }
        // get the content reader
        ContentReader reader = contentService.getReader(nodeRef, propertyQName);
        // ensure that it is safe to use
        reader = FileContentReader.getSafeContentReader(reader, Application.getMessage(req.getSession(), MSG_ERROR_CONTENT_MISSING), nodeRef, reader);
        String mimetype = reader.getMimetype();
        // fall back if unable to resolve mimetype property
        if (mimetype == null || mimetype.length() == 0) {
            MimetypeService mimetypeMap = serviceRegistry.getMimetypeService();
            mimetype = MIMETYPE_OCTET_STREAM;
            int extIndex = filename.lastIndexOf('.');
            if (extIndex != -1) {
                String ext = filename.substring(extIndex + 1);
                mimetype = mimetypeMap.getMimetype(ext);
            }
        }
        // explicitly set the content disposition header if the content is powerpoint
        if (!attachment && (mimetype.equals(POWER_POINT_2007_DOCUMENT_MIMETYPE) || mimetype.equals(POWER_POINT_DOCUMENT_MIMETYPE))) {
            setHeaderContentDisposition(req, res, filename);
        }
        // get the content and stream directly to the response output stream
        // assuming the repo is capable of streaming in chunks, this should allow large files
        // to be streamed directly to the browser response stream.
        res.setHeader(HEADER_ACCEPT_RANGES, "bytes");
        // for a GET request, transmit the content else just the headers are sent
        if (transmitContent) {
            try {
                boolean processedRange = false;
                String range = req.getHeader(HEADER_CONTENT_RANGE);
                if (range == null) {
                    range = req.getHeader(HEADER_RANGE);
                }
                if (range != null) {
                    if (logger.isDebugEnabled())
                        logger.debug("Found content range header: " + range);
                    // ensure the range header is starts with "bytes=" and process the range(s)
                    if (range.length() > 6) {
                        HttpRangeProcessor rangeProcessor = new HttpRangeProcessor(contentService);
                        processedRange = rangeProcessor.processRange(res, reader, range.substring(6), nodeRef, propertyQName, mimetype, req.getHeader(HEADER_USER_AGENT));
                    }
                }
                if (processedRange == false) {
                    if (logger.isDebugEnabled())
                        logger.debug("Sending complete file content...");
                    // set mimetype for the content and the character encoding for the stream
                    res.setContentType(mimetype);
                    res.setCharacterEncoding(reader.getEncoding());
                    // MNT-10642 Alfresco Explorer has javascript vulnerability opening HTML files
                    if (req.getRequestURI().contains("/d/d/") && (mimetype.equals("text/html") || mimetype.equals("application/xhtml+xml") || mimetype.equals("text/xml"))) {
                        String content = reader.getContentString();
                        if (mimetype.equals("text/html") || mimetype.equals("application/xhtml+xml")) {
                            // process with HTML stripper
                            content = StringUtils.stripUnsafeHTMLTags(content, false);
                        } else if (mimetype.equals("text/xml") && mimetype.equals("text/x-component")) {
                            // IE supports "behaviour" which means that css can load a .htc file that could
                            // contain XSS code in the form of jscript, vbscript etc, to stop it form being
                            // evaluated we set the contient type to text/plain
                            res.setContentType("text/plain");
                        }
                        String encoding = reader.getEncoding();
                        byte[] bytes = encoding != null ? content.getBytes(encoding) : content.getBytes();
                        res.setContentLength(bytes.length);
                        res.getOutputStream().write(bytes);
                        return;
                    }
                    // return the complete entity range
                    long size = reader.getSize();
                    res.setHeader(HEADER_CONTENT_RANGE, "bytes 0-" + Long.toString(size - 1L) + "/" + Long.toString(size));
                    res.setHeader(HEADER_CONTENT_LENGTH, Long.toString(size));
                    reader.getContent(res.getOutputStream());
                }
            } catch (SocketException e1) {
                // the client cut the connection - our mission was accomplished apart from a little error message
                if (logger.isDebugEnabled())
                    logger.debug("Client aborted stream read:\n\tnode: " + nodeRef + "\n\tcontent: " + reader);
            } catch (ContentIOException e2) {
                if (logger.isInfoEnabled())
                    logger.info("Failed stream read:\n\tnode: " + nodeRef + " due to: " + e2.getMessage());
            } catch (Throwable err) {
                if (err.getCause() instanceof SocketException) {
                    // the client cut the connection - our mission was accomplished apart from a little error message
                    if (logger.isDebugEnabled())
                        logger.debug("Client aborted stream read:\n\tnode: " + nodeRef + "\n\tcontent: " + reader);
                } else
                    throw err;
            }
        } else {
            if (logger.isDebugEnabled())
                logger.debug("HEAD request processed - no content sent.");
            res.getOutputStream().close();
        }
    } catch (Throwable err) {
        throw new AlfrescoRuntimeException("Error during download content servlet processing: " + err.getMessage(), err);
    }
}
Also used : SocketException(java.net.SocketException) ArrayList(java.util.ArrayList) FileNotFoundException(org.alfresco.service.cmr.model.FileNotFoundException) ContentIOException(org.alfresco.service.cmr.repository.ContentIOException) NodeRef(org.alfresco.service.cmr.repository.NodeRef) FileInfo(org.alfresco.service.cmr.model.FileInfo) HttpRangeProcessor(org.alfresco.repo.web.util.HttpRangeProcessor) StoreRef(org.alfresco.service.cmr.repository.StoreRef) Log(org.apache.commons.logging.Log) QName(org.alfresco.service.namespace.QName) NodeService(org.alfresco.service.cmr.repository.NodeService) FileContentReader(org.alfresco.repo.content.filestore.FileContentReader) ContentReader(org.alfresco.service.cmr.repository.ContentReader) ContentService(org.alfresco.service.cmr.repository.ContentService) Date(java.util.Date) StringTokenizer(java.util.StringTokenizer) MimetypeService(org.alfresco.service.cmr.repository.MimetypeService) AlfrescoRuntimeException(org.alfresco.error.AlfrescoRuntimeException) ServiceRegistry(org.alfresco.service.ServiceRegistry)

Example 3 with HttpRangeProcessor

use of org.alfresco.repo.web.util.HttpRangeProcessor in project alfresco-remote-api by Alfresco.

the class ContentStreamer method streamContentImpl.

/**
 * Stream content implementation
 *
 * @param req               The request
 * @param res               The response
 * @param reader            The reader
 * @param nodeRef           The content nodeRef if applicable
 * @param propertyQName     The content property if applicable
 * @param attach            Indicates whether the content should be streamed as an attachment or not
 * @param modified          Modified date of content
 * @param eTag              ETag to use
 * @param attachFileName    Optional file name to use when attach is <code>true</code>
 * @throws IOException
 */
public void streamContentImpl(WebScriptRequest req, WebScriptResponse res, ContentReader reader, final NodeRef nodeRef, final QName propertyQName, final boolean attach, final Date modified, String eTag, final String attachFileName, Map<String, Object> model) throws IOException {
    setAttachment(req, res, attach, attachFileName);
    // establish mimetype
    String mimetype = reader.getMimetype();
    String extensionPath = req.getExtensionPath();
    if (mimetype == null || mimetype.length() == 0) {
        mimetype = MimetypeMap.MIMETYPE_BINARY;
        int extIndex = extensionPath.lastIndexOf('.');
        if (extIndex != -1) {
            String ext = extensionPath.substring(extIndex + 1);
            mimetype = mimetypeService.getMimetype(ext);
        }
    }
    res.setHeader(HEADER_ACCEPT_RANGES, "bytes");
    try {
        boolean processedRange = false;
        String range = req.getHeader(HEADER_CONTENT_RANGE);
        final long size = reader.getSize();
        final String encoding = reader.getEncoding();
        if (range == null) {
            range = req.getHeader(HEADER_RANGE);
        }
        if (range != null) {
            if (logger.isDebugEnabled())
                logger.debug("Found content range header: " + range);
            // ensure the range header is starts with "bytes=" and process the range(s)
            if (range.length() > 6) {
                if (range.indexOf(',') != -1 && (nodeRef == null || propertyQName == null)) {
                    if (logger.isInfoEnabled())
                        logger.info("Multi-range only supported for nodeRefs");
                } else {
                    HttpRangeProcessor rangeProcessor = new HttpRangeProcessor(contentService);
                    processedRange = rangeProcessor.processRange(res, reader, range.substring(6), nodeRef, propertyQName, mimetype, req.getHeader(HEADER_USER_AGENT));
                }
            }
        }
        if (processedRange == false) {
            if (logger.isDebugEnabled())
                logger.debug("Sending complete file content...");
            // set mimetype for the content and the character encoding for the stream
            res.setContentType(mimetype);
            res.setContentEncoding(encoding);
            // return the complete entity range
            res.setHeader(HEADER_CONTENT_RANGE, "bytes 0-" + Long.toString(size - 1L) + "/" + Long.toString(size));
            res.setHeader(HEADER_CONTENT_LENGTH, Long.toString(size));
            // set caching
            setResponseCache(res, modified, eTag, model);
            // get the content and stream directly to the response output stream
            // assuming the repository is capable of streaming in chunks, this should allow large files
            // to be streamed directly to the browser response stream.
            reader.getContent(res.getOutputStream());
        }
    } catch (SocketException e1) {
        // the client cut the connection - our mission was accomplished apart from a little error message
        if (logger.isInfoEnabled())
            logger.info("Client aborted stream read:\n\tcontent: " + reader);
    } catch (ContentIOException e2) {
        if (logger.isInfoEnabled())
            logger.info("Client aborted stream read:\n\tcontent: " + reader);
    }
}
Also used : SocketException(java.net.SocketException) HttpRangeProcessor(org.alfresco.repo.web.util.HttpRangeProcessor) ContentIOException(org.alfresco.service.cmr.repository.ContentIOException)

Aggregations

HttpRangeProcessor (org.alfresco.repo.web.util.HttpRangeProcessor)3 SocketException (java.net.SocketException)2 ContentIOException (org.alfresco.service.cmr.repository.ContentIOException)2 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 StringTokenizer (java.util.StringTokenizer)1 AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)1 FileContentReader (org.alfresco.repo.content.filestore.FileContentReader)1 ServiceRegistry (org.alfresco.service.ServiceRegistry)1 FileInfo (org.alfresco.service.cmr.model.FileInfo)1 FileNotFoundException (org.alfresco.service.cmr.model.FileNotFoundException)1 ContentReader (org.alfresco.service.cmr.repository.ContentReader)1 ContentService (org.alfresco.service.cmr.repository.ContentService)1 MimetypeService (org.alfresco.service.cmr.repository.MimetypeService)1 NodeRef (org.alfresco.service.cmr.repository.NodeRef)1 NodeService (org.alfresco.service.cmr.repository.NodeService)1 StoreRef (org.alfresco.service.cmr.repository.StoreRef)1 QName (org.alfresco.service.namespace.QName)1 Log (org.apache.commons.logging.Log)1