use of org.alfresco.service.cmr.repository.ContentService in project acs-community-packaging by Alfresco.
the class BaseDownloadContentServlet method processDownloadRequest.
/**
* Processes the download request using the current context i.e. no authentication checks are made, it is presumed
* they have already been done.
*
* @param req
* The HTTP request
* @param res
* The HTTP response
* @param allowLogIn
* Indicates whether guest users without access to the content should be redirected to the log in page. If
* <code>false</code>, a status 403 forbidden page is displayed instead.
*/
protected void processDownloadRequest(HttpServletRequest req, HttpServletResponse res, boolean allowLogIn, boolean transmitContent) throws ServletException, IOException {
Log logger = getLogger();
String uri = req.getRequestURI();
if (logger.isDebugEnabled()) {
String queryString = req.getQueryString();
logger.debug("Processing URL: " + uri + ((queryString != null && queryString.length() > 0) ? ("?" + queryString) : ""));
}
uri = uri.substring(req.getContextPath().length());
StringTokenizer t = new StringTokenizer(uri, "/");
int tokenCount = t.countTokens();
// skip servlet name
t.nextToken();
// attachment mode (either 'attach' or 'direct')
String attachToken = t.nextToken();
boolean attachment = URL_ATTACH.equals(attachToken) || URL_ATTACH_LONG.equals(attachToken);
ServiceRegistry serviceRegistry = getServiceRegistry(getServletContext());
// get or calculate the noderef and filename to download as
NodeRef nodeRef;
String filename;
// do we have a path parameter instead of a NodeRef?
String path = req.getParameter(ARG_PATH);
if (path != null && path.length() != 0) {
// process the name based path to resolve the NodeRef and the Filename element
try {
PathRefInfo pathInfo = resolveNamePath(getServletContext(), path);
nodeRef = pathInfo.NodeRef;
filename = pathInfo.Filename;
} catch (IllegalArgumentException e) {
Application.handleSystemError(getServletContext(), req, res, MSG_ERROR_NOT_FOUND, HttpServletResponse.SC_NOT_FOUND, logger);
return;
}
} else {
// a NodeRef must have been specified if no path has been found
if (tokenCount < 6) {
throw new IllegalArgumentException("Download URL did not contain all required args: " + uri);
}
// assume 'workspace' or other NodeRef based protocol for remaining URL elements
StoreRef storeRef = new StoreRef(URLDecoder.decode(t.nextToken()), URLDecoder.decode(t.nextToken()));
String id = URLDecoder.decode(t.nextToken());
// build noderef from the appropriate URL elements
nodeRef = new NodeRef(storeRef, id);
if (tokenCount > 6) {
// found additional relative path elements i.e. noderefid/images/file.txt
// this allows a url to reference siblings nodes via a cm:name based relative path
// solves the issue with opening HTML content containing relative URLs in HREF or IMG tags etc.
List<String> paths = new ArrayList<String>(tokenCount - 5);
while (t.hasMoreTokens()) {
paths.add(URLDecoder.decode(t.nextToken()));
}
filename = paths.get(paths.size() - 1);
try {
NodeRef parentRef = serviceRegistry.getNodeService().getPrimaryParent(nodeRef).getParentRef();
FileInfo fileInfo = serviceRegistry.getFileFolderService().resolveNamePath(parentRef, paths);
nodeRef = fileInfo.getNodeRef();
} catch (FileNotFoundException e) {
Application.handleSystemError(getServletContext(), req, res, MSG_ERROR_NOT_FOUND, HttpServletResponse.SC_NOT_FOUND, logger);
return;
}
} else {
// filename is last remaining token
filename = t.nextToken();
}
}
// get qualified of the property to get content from - default to ContentModel.PROP_CONTENT
QName propertyQName = ContentModel.PROP_CONTENT;
String property = req.getParameter(ARG_PROPERTY);
if (property != null && property.length() != 0) {
propertyQName = QName.createQName(property);
}
if (logger.isDebugEnabled()) {
logger.debug("Found NodeRef: " + nodeRef);
logger.debug("Will use filename: " + filename);
logger.debug("For property: " + propertyQName);
logger.debug("With attachment mode: " + attachment);
}
// get the services we need to retrieve the content
NodeService nodeService = serviceRegistry.getNodeService();
ContentService contentService = serviceRegistry.getContentService();
// Check that the node still exists
if (!nodeService.exists(nodeRef)) {
Application.handleSystemError(getServletContext(), req, res, MSG_ERROR_NOT_FOUND, HttpServletResponse.SC_NOT_FOUND, logger);
return;
}
try {
// check that the user has at least READ_CONTENT access - else redirect to an error or login page
if (!checkAccess(req, res, nodeRef, PermissionService.READ_CONTENT, allowLogIn)) {
return;
}
// check If-Modified-Since header and set Last-Modified header as appropriate
Date modified = (Date) nodeService.getProperty(nodeRef, ContentModel.PROP_MODIFIED);
if (modified != null) {
long modifiedSince = req.getDateHeader(HEADER_IF_MODIFIED_SINCE);
if (modifiedSince > 0L) {
// round the date to the ignore millisecond value which is not supplied by header
long modDate = (modified.getTime() / 1000L) * 1000L;
if (modDate <= modifiedSince) {
if (logger.isDebugEnabled())
logger.debug("Returning 304 Not Modified.");
res.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
return;
}
}
res.setDateHeader(HEADER_LAST_MODIFIED, modified.getTime());
res.setHeader(HEADER_CACHE_CONTROL, "must-revalidate, max-age=0");
res.setHeader(HEADER_ETAG, "\"" + Long.toString(modified.getTime()) + "\"");
}
if (attachment == true) {
setHeaderContentDisposition(req, res, filename);
}
// get the content reader
ContentReader reader = contentService.getReader(nodeRef, propertyQName);
// ensure that it is safe to use
reader = FileContentReader.getSafeContentReader(reader, Application.getMessage(req.getSession(), MSG_ERROR_CONTENT_MISSING), nodeRef, reader);
String mimetype = reader.getMimetype();
// fall back if unable to resolve mimetype property
if (mimetype == null || mimetype.length() == 0) {
MimetypeService mimetypeMap = serviceRegistry.getMimetypeService();
mimetype = MIMETYPE_OCTET_STREAM;
int extIndex = filename.lastIndexOf('.');
if (extIndex != -1) {
String ext = filename.substring(extIndex + 1);
mimetype = mimetypeMap.getMimetype(ext);
}
}
// explicitly set the content disposition header if the content is powerpoint
if (!attachment && (mimetype.equals(POWER_POINT_2007_DOCUMENT_MIMETYPE) || mimetype.equals(POWER_POINT_DOCUMENT_MIMETYPE))) {
setHeaderContentDisposition(req, res, filename);
}
// get the content and stream directly to the response output stream
// assuming the repo is capable of streaming in chunks, this should allow large files
// to be streamed directly to the browser response stream.
res.setHeader(HEADER_ACCEPT_RANGES, "bytes");
// for a GET request, transmit the content else just the headers are sent
if (transmitContent) {
try {
boolean processedRange = false;
String range = req.getHeader(HEADER_CONTENT_RANGE);
if (range == null) {
range = req.getHeader(HEADER_RANGE);
}
if (range != null) {
if (logger.isDebugEnabled())
logger.debug("Found content range header: " + range);
// ensure the range header is starts with "bytes=" and process the range(s)
if (range.length() > 6) {
HttpRangeProcessor rangeProcessor = new HttpRangeProcessor(contentService);
processedRange = rangeProcessor.processRange(res, reader, range.substring(6), nodeRef, propertyQName, mimetype, req.getHeader(HEADER_USER_AGENT));
}
}
if (processedRange == false) {
if (logger.isDebugEnabled())
logger.debug("Sending complete file content...");
// set mimetype for the content and the character encoding for the stream
res.setContentType(mimetype);
res.setCharacterEncoding(reader.getEncoding());
// MNT-10642 Alfresco Explorer has javascript vulnerability opening HTML files
if (req.getRequestURI().contains("/d/d/") && (mimetype.equals("text/html") || mimetype.equals("application/xhtml+xml") || mimetype.equals("text/xml"))) {
String content = reader.getContentString();
if (mimetype.equals("text/html") || mimetype.equals("application/xhtml+xml")) {
// process with HTML stripper
content = StringUtils.stripUnsafeHTMLTags(content, false);
} else if (mimetype.equals("text/xml") && mimetype.equals("text/x-component")) {
// IE supports "behaviour" which means that css can load a .htc file that could
// contain XSS code in the form of jscript, vbscript etc, to stop it form being
// evaluated we set the contient type to text/plain
res.setContentType("text/plain");
}
String encoding = reader.getEncoding();
byte[] bytes = encoding != null ? content.getBytes(encoding) : content.getBytes();
res.setContentLength(bytes.length);
res.getOutputStream().write(bytes);
return;
}
// return the complete entity range
long size = reader.getSize();
res.setHeader(HEADER_CONTENT_RANGE, "bytes 0-" + Long.toString(size - 1L) + "/" + Long.toString(size));
res.setHeader(HEADER_CONTENT_LENGTH, Long.toString(size));
reader.getContent(res.getOutputStream());
}
} catch (SocketException e1) {
// the client cut the connection - our mission was accomplished apart from a little error message
if (logger.isDebugEnabled())
logger.debug("Client aborted stream read:\n\tnode: " + nodeRef + "\n\tcontent: " + reader);
} catch (ContentIOException e2) {
if (logger.isInfoEnabled())
logger.info("Failed stream read:\n\tnode: " + nodeRef + " due to: " + e2.getMessage());
} catch (Throwable err) {
if (err.getCause() instanceof SocketException) {
// the client cut the connection - our mission was accomplished apart from a little error message
if (logger.isDebugEnabled())
logger.debug("Client aborted stream read:\n\tnode: " + nodeRef + "\n\tcontent: " + reader);
} else
throw err;
}
} else {
if (logger.isDebugEnabled())
logger.debug("HEAD request processed - no content sent.");
res.getOutputStream().close();
}
} catch (Throwable err) {
throw new AlfrescoRuntimeException("Error during download content servlet processing: " + err.getMessage(), err);
}
}
use of org.alfresco.service.cmr.repository.ContentService in project acs-community-packaging by Alfresco.
the class DownloadRawContentServlet method processRequest.
/**
* Processes the request using the current context i.e. no
* authentication checks are made, it is presumed they have already
* been done.
*
* @param req The HTTP request
* @param res The HTTP response
*/
private void processRequest(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
String uri = req.getRequestURI();
String contentUrl = req.getParameter(ARG_CONTENT_URL);
if (contentUrl == null || contentUrl.length() == 0) {
throw new IllegalArgumentException("Download URL did not contain parameter '" + ARG_CONTENT_URL + "':" + uri);
}
String infoOnlyStr = req.getParameter(ARG_INFO_ONLY);
boolean infoOnly = (infoOnlyStr == null) ? false : Boolean.parseBoolean(infoOnlyStr);
ServiceRegistry serviceRegistry = getServiceRegistry(getServletContext());
ContentService contentService = serviceRegistry.getContentService();
// Attempt to get the reader
ContentReader reader = null;
try {
reader = contentService.getRawReader(contentUrl);
// If the content doesn't exist, generate an error
if (!reader.exists()) {
if (logger.isDebugEnabled()) {
logger.debug("Returning 204 Not Found error...");
}
res.sendError(HttpServletResponse.SC_NO_CONTENT);
return;
}
} catch (AccessDeniedException e) {
if (logger.isDebugEnabled()) {
logger.debug("Returning 403 Forbidden error after exception: ", e);
}
res.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
long readerSize = reader.getSize();
Date readerLastModified = new Date(reader.getLastModified());
String readerMimetype = reader.getMimetype();
String readerEncoding = reader.getEncoding();
Locale readerLocale = reader.getLocale();
// Set the content info
res.setHeader("alfresco.dr.size", DefaultTypeConverter.INSTANCE.convert(String.class, readerSize));
res.setHeader("alfresco.dr.lastModified", DefaultTypeConverter.INSTANCE.convert(String.class, readerLastModified));
res.setHeader("alfresco.dr.mimetype", readerMimetype);
res.setHeader("alfresco.dr.encoding", readerEncoding);
res.setHeader("alfresco.dr.locale", DefaultTypeConverter.INSTANCE.convert(String.class, readerLocale));
// Pass the stream to the response, unless only the content info was requested
if (infoOnly) {
// Fill response details
res.setContentType(DEFAULT_MIMETYPE);
res.setCharacterEncoding(DEFAULT_ENCODING);
} else {
// Fill response details
res.setContentType(readerMimetype);
res.setCharacterEncoding(readerEncoding);
try {
OutputStream clientOs = res.getOutputStream();
// Streams closed for us
reader.getContent(clientOs);
} catch (SocketException e1) {
// Not a problem
if (logger.isDebugEnabled()) {
logger.debug("Client aborted stream read:\n" + " Content URL: " + contentUrl);
}
} catch (ContentIOException e2) {
// Not a problem
if (logger.isDebugEnabled()) {
logger.debug("Client aborted stream read:\n" + " Content URL: " + contentUrl);
}
}
}
}
use of org.alfresco.service.cmr.repository.ContentService in project acs-community-packaging by Alfresco.
the class UploadContentServlet method doPut.
/**
* @see javax.servlet.http.HttpServlet#doPut(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
protected void doPut(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
if (logger.isDebugEnabled() == true) {
String queryString = req.getQueryString();
logger.debug("Authenticating request to URL: " + req.getRequestURI() + ((queryString != null && queryString.length() > 0) ? ("?" + queryString) : ""));
}
AuthenticationStatus status = servletAuthenticate(req, res, false);
if (status == AuthenticationStatus.Failure || status == AuthenticationStatus.Guest) {
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
// Tokenise the URI
String uri = req.getRequestURI();
uri = uri.substring(req.getContextPath().length());
StringTokenizer t = new StringTokenizer(uri, "/");
int tokenCount = t.countTokens();
// skip servlet name
t.nextToken();
// get or calculate the noderef and filename to download as
NodeRef nodeRef = null;
String filename = null;
QName propertyQName = null;
if (tokenCount == 2) {
// filename is the only token
filename = t.nextToken();
} else if (tokenCount == 4 || tokenCount == 5) {
// assume 'workspace' or other NodeRef based protocol for remaining URL
// elements
StoreRef storeRef = new StoreRef(t.nextToken(), t.nextToken());
String id = t.nextToken();
// build noderef from the appropriate URL elements
nodeRef = new NodeRef(storeRef, id);
if (tokenCount == 5) {
// filename is last remaining token
filename = t.nextToken();
}
// get qualified of the property to get content from - default to
// ContentModel.PROP_CONTENT
propertyQName = ContentModel.PROP_CONTENT;
String property = req.getParameter(ARG_PROPERTY);
if (property != null && property.length() != 0) {
propertyQName = QName.createQName(property);
}
} else {
logger.debug("Upload URL did not contain all required args: " + uri);
res.sendError(HttpServletResponse.SC_EXPECTATION_FAILED);
return;
}
// get the services we need to retrieve the content
ServiceRegistry serviceRegistry = getServiceRegistry(getServletContext());
ContentService contentService = serviceRegistry.getContentService();
PermissionService permissionService = serviceRegistry.getPermissionService();
MimetypeService mimetypeService = serviceRegistry.getMimetypeService();
NodeService nodeService = serviceRegistry.getNodeService();
InputStream is = req.getInputStream();
BufferedInputStream inputStream = new BufferedInputStream(is);
// Sort out the mimetype
String mimetype = req.getParameter(ARG_MIMETYPE);
if (mimetype == null || mimetype.length() == 0) {
mimetype = MIMETYPE_OCTET_STREAM;
if (filename != null) {
MimetypeService mimetypeMap = serviceRegistry.getMimetypeService();
int extIndex = filename.lastIndexOf('.');
if (extIndex != -1) {
String ext = filename.substring(extIndex + 1);
mimetype = mimetypeService.getMimetype(ext);
}
}
}
// Get the encoding
String encoding = req.getParameter(ARG_ENCODING);
if (encoding == null || encoding.length() == 0) {
// Get the encoding
ContentCharsetFinder charsetFinder = mimetypeService.getContentCharsetFinder();
Charset charset = charsetFinder.getCharset(inputStream, mimetype);
encoding = charset.name();
}
// Get the locale
Locale locale = I18NUtil.parseLocale(req.getParameter(ARG_LOCALE));
if (locale == null) {
locale = I18NUtil.getContentLocale();
if (nodeRef != null) {
ContentData contentData = (ContentData) nodeService.getProperty(nodeRef, propertyQName);
if (contentData != null) {
locale = contentData.getLocale();
}
}
}
if (logger.isDebugEnabled()) {
if (nodeRef != null) {
logger.debug("Found NodeRef: " + nodeRef.toString());
}
logger.debug("For property: " + propertyQName);
logger.debug("File name: " + filename);
logger.debug("Mimetype: " + mimetype);
logger.debug("Encoding: " + encoding);
logger.debug("Locale: " + locale);
}
// Check that the user has the permissions to write the content
if (permissionService.hasPermission(nodeRef, PermissionService.WRITE_CONTENT) == AccessStatus.DENIED) {
if (logger.isDebugEnabled() == true) {
logger.debug("User does not have permissions to wrtie content for NodeRef: " + nodeRef.toString());
}
if (logger.isDebugEnabled()) {
logger.debug("Returning 403 Forbidden error...");
}
res.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
// Try and get the content writer
ContentWriter writer = contentService.getWriter(nodeRef, propertyQName, true);
if (writer == null) {
if (logger.isDebugEnabled() == true) {
logger.debug("Content writer cannot be obtained for NodeRef: " + nodeRef.toString());
}
res.sendError(HttpServletResponse.SC_EXPECTATION_FAILED);
return;
}
// Set the mimetype, encoding and locale
writer.setMimetype(mimetype);
writer.setEncoding(encoding);
if (locale != null) {
writer.setLocale(locale);
}
// Stream the content into the repository
writer.putContent(inputStream);
if (logger.isDebugEnabled() == true) {
logger.debug("Content details: " + writer.getContentData().toString());
}
// Set return status
res.getWriter().write(writer.getContentData().toString());
res.flushBuffer();
if (logger.isDebugEnabled() == true) {
logger.debug("UploadContentServlet done");
}
}
use of org.alfresco.service.cmr.repository.ContentService in project acs-community-packaging by Alfresco.
the class AdvancedSearchDialog method selectSearch.
/**
* Action handler called when a saved search is selected by the user
*/
public void selectSearch(ActionEvent event) {
if (NO_SELECTION.equals(properties.getSavedSearch()) == false) {
// read an XML serialized version of the SearchContext object
NodeRef searchSearchRef = new NodeRef(Repository.getStoreRef(), properties.getSavedSearch());
ServiceRegistry services = Repository.getServiceRegistry(FacesContext.getCurrentInstance());
ContentService cs = services.getContentService();
try {
if (services.getNodeService().exists(searchSearchRef)) {
ContentReader reader = cs.getReader(searchSearchRef, ContentModel.PROP_CONTENT);
SearchContext search = new SearchContext().fromXML(reader.getContentString());
// if we get here we read the serialized object successfully
// now setup the UI to match the new SearchContext object
initialiseFromContext(search);
}
} catch (Throwable err) {
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(FacesContext.getCurrentInstance(), MSG_ERROR_RESTORE_SEARCH), err.getMessage()), err);
}
}
}
use of org.alfresco.service.cmr.repository.ContentService in project acs-community-packaging by Alfresco.
the class SaveSearchDialog method saveNewSearchOK.
public String saveNewSearchOK(FacesContext newContext, String newOutcome) {
String outcome = newOutcome;
NodeRef searchesRef;
if (properties.isSearchSaveGlobal()) {
searchesRef = getGlobalSearchesRef();
} else {
searchesRef = getUserSearchesRef();
}
final SearchContext search = this.navigator.getSearchContext();
if (searchesRef != null && search != null) {
try {
// FacesContext.getCurrentInstance();
final FacesContext context = newContext;
final NodeRef searchesRefFinal = searchesRef;
RetryingTransactionCallback<Object> callback = new RetryingTransactionCallback<Object>() {
public Object execute() throws Throwable {
// create new content node as the saved search object
Map<QName, Serializable> props = new HashMap<QName, Serializable>(2, 1.0f);
props.put(ContentModel.PROP_NAME, properties.getSearchName());
props.put(ContentModel.PROP_DESCRIPTION, properties.getSearchDescription());
ChildAssociationRef childRef = getNodeService().createNode(searchesRefFinal, ContentModel.ASSOC_CONTAINS, QName.createQName(NamespaceService.ALFRESCO_URI, QName.createValidLocalName(properties.getSearchName())), ContentModel.TYPE_CONTENT, props);
ContentService contentService = Repository.getServiceRegistry(context).getContentService();
ContentWriter writer = contentService.getWriter(childRef.getChildRef(), ContentModel.PROP_CONTENT, true);
// get a writer to our new node ready for XML content
writer.setMimetype(MimetypeMap.MIMETYPE_XML);
writer.setEncoding("UTF-8");
// output an XML serialized version of the SearchContext
// object
writer.putContent(search.toXML());
return null;
}
};
callback.execute();
properties.getCachedSavedSearches().clear();
properties.setSavedSearch(null);
} catch (Throwable e) {
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(newContext, MSG_ERROR_SAVE_SEARCH), e.getMessage()), e);
outcome = null;
this.isFinished = false;
ReportedException.throwIfNecessary(e);
}
}
return outcome;
}
Aggregations