001/*
002 * This library is part of OpenCms -
003 * the Open Source Content Management System
004 *
005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
006 *
007 * This library is free software; you can redistribute it and/or
008 * modify it under the terms of the GNU Lesser General Public
009 * License as published by the Free Software Foundation; either
010 * version 2.1 of the License, or (at your option) any later version.
011 *
012 * This library is distributed in the hope that it will be useful,
013 * but WITHOUT ANY WARRANTY; without even the implied warranty of
014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015 * Lesser General Public License for more details.
016 *
017 * For further information about Alkacon Software, please see the
018 * company website: http://www.alkacon.com
019 *
020 * For further information about OpenCms, please see the
021 * project website: http://www.opencms.org
022 *
023 * You should have received a copy of the GNU Lesser General Public
024 * License along with this library; if not, write to the Free Software
025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
026 */
027
028package org.opencms.ade.detailpage;
029
030import org.opencms.ade.configuration.CmsADEConfigData;
031import org.opencms.ade.configuration.CmsFunctionReference;
032import org.opencms.file.CmsObject;
033import org.opencms.file.CmsResource;
034import org.opencms.file.CmsResourceFilter;
035import org.opencms.file.CmsVfsResourceNotFoundException;
036import org.opencms.i18n.CmsMessageContainer;
037import org.opencms.main.CmsException;
038import org.opencms.main.CmsLog;
039import org.opencms.main.CmsResourceInitException;
040import org.opencms.main.I_CmsResourceInit;
041import org.opencms.main.OpenCms;
042import org.opencms.security.CmsPermissionViolationException;
043import org.opencms.security.CmsSecurityException;
044import org.opencms.util.CmsFileUtil;
045import org.opencms.util.CmsUUID;
046import org.opencms.workplace.CmsWorkplace;
047
048import javax.servlet.ServletRequest;
049import javax.servlet.http.HttpServletRequest;
050import javax.servlet.http.HttpServletResponse;
051
052import org.apache.commons.logging.Log;
053
054/**
055 * Resource init handler for detail-pages.<p>
056 *
057 * @since 8.0.0
058 */
059public class CmsDetailPageResourceHandler implements I_CmsResourceInit {
060
061    /** The attribute containing the detail content resource. */
062    public static final String ATTR_DETAIL_CONTENT_RESOURCE = "__opencms_detail_content_resource";
063
064    /** The attribute containing the detail function page resource. */
065    public static final String ATTR_DETAIL_FUNCTION_PAGE = "__opencms_detail_function_page";
066
067    /** The log object for this class. */
068    private static final Log LOG = CmsLog.getLog(CmsDetailPageResourceHandler.class);
069
070    /**
071     * Default constructor.<p>
072     */
073    public CmsDetailPageResourceHandler() {
074
075        // empty
076    }
077
078    /**
079     * Returns the detail function page resource, if available.<p>
080     *
081     * @param req the current request
082     *
083     * @return the detail function page resource
084     */
085    public static CmsResource getDetailFunctionPage(ServletRequest req) {
086
087        return (CmsResource)req.getAttribute(ATTR_DETAIL_FUNCTION_PAGE);
088    }
089
090    /**
091     * Returns the current detail content UUID, or <code>null</code> if this is not a request to a content detail page.<p>
092     *
093     * @param req the current request
094     *
095     * @return the current detail content UUID, or <code>null</code> if this is not a request to a content detail page
096     */
097    public static CmsUUID getDetailId(ServletRequest req) {
098
099        CmsResource res = getDetailResource(req);
100        return res == null ? null : res.getStructureId();
101    }
102
103    /**
104     * Returns the current detail content resource, or <code>null</code> if this is not a request to a content detail page.<p>
105     *
106     * @param req the current request
107     *
108     * @return the current detail content resource, or <code>null</code> if this is not a request to a content detail page
109     */
110    public static CmsResource getDetailResource(ServletRequest req) {
111
112        return (CmsResource)req.getAttribute(ATTR_DETAIL_CONTENT_RESOURCE);
113    }
114
115    /**
116     * @see org.opencms.main.I_CmsResourceInit#initResource(org.opencms.file.CmsResource, org.opencms.file.CmsObject, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
117     */
118    public CmsResource initResource(
119        CmsResource resource,
120        CmsObject cms,
121        HttpServletRequest req,
122        HttpServletResponse res)
123    throws CmsResourceInitException, CmsSecurityException {
124
125        // check if the resource was already found or the path starts with '/system/'
126        boolean abort = (resource != null) || cms.getRequestContext().getUri().startsWith(CmsWorkplace.VFS_PATH_SYSTEM);
127        if (abort) {
128            // skip in all cases above
129            return resource;
130        }
131        String path = cms.getRequestContext().getUri();
132        path = CmsFileUtil.removeTrailingSeparator(path);
133        try {
134            cms.readResource(path, CmsResourceFilter.IGNORE_EXPIRATION);
135        } catch (CmsSecurityException e) {
136            // It may happen that a path is both an existing VFS path and a valid detail page link.
137            // If this is the case, and the user has insufficient permissions to read the resource at the path,
138            // no resource should be displayed, even if the user would have access to the detail page.
139            return null;
140        } catch (CmsException e) {
141            // ignore
142        }
143        String detailName = CmsResource.getName(path);
144        try {
145            CmsUUID detailId = cms.readIdForUrlName(detailName);
146
147            if (detailId != null) {
148                // check existence / permissions
149                CmsResource detailRes = null;
150                CmsPermissionViolationException permissionDenied = null;
151                try {
152                    detailRes = cms.readResource(detailId, CmsResourceFilter.ignoreExpirationOffline(cms));
153                } catch (CmsPermissionViolationException e) {
154                    // we postpone the decision what to do with a permission violation until later (see below)
155                    permissionDenied = e;
156                }
157                String detailPagePath = CmsResource.getFolderPath(path);
158                CmsResource detailPage = cms.readDefaultFile(detailPagePath);
159                if (permissionDenied != null) {
160                    // If we got a permission violation while reading the detail content, we only want to rethrow it if the rest
161                    // of the URL is actually plausibly a detail page. Otherwise, we return null, which will usually cause a HTTP
162                    // 404 response status. This is to prevent broken links which accidentally end with a restricted detail content's
163                    // mapped URL name from triggering a HTTP 401 status. E.g. https://server.com/nonexistent-page/secret, where
164                    // there is no "nonexistent-page" folder and "secret" is the mapped URL name of a restricted content.
165                    if ((detailPage != null) && OpenCms.getADEManager().isDetailPage(cms, detailPage)) {
166                        throw permissionDenied;
167                    } else {
168                        LOG.debug(
169                            "Swallowing CmsPermissionViolationException for detail content because the page ["
170                                + detailPagePath
171                                + "] is not a detail page.\nDefault file: "
172                                + detailPage
173                                + "\n",
174                            permissionDenied);
175                        return null;
176                    }
177                }
178                if (!isValidDetailPage(cms, detailPage, detailRes)) {
179                    return null;
180                }
181                if (res != null) {
182                    // response will be null if this run through the init handler is only for determining the locale
183                    req.setAttribute(ATTR_DETAIL_CONTENT_RESOURCE, detailRes);
184                    cms.getRequestContext().setDetailResource(detailRes);
185                }
186                // set the resource path
187                cms.getRequestContext().setUri(cms.getSitePath(detailPage));
188                return detailPage;
189            } else {
190                CmsADEConfigData configData = OpenCms.getADEManager().lookupConfiguration(
191                    cms,
192                    cms.getRequestContext().addSiteRoot(path));
193                // check if the detail name matches any named function
194                for (CmsFunctionReference ref : configData.getFunctionReferences()) {
195                    if (detailName.equals(ref.getName()) && (ref.getFunctionDefaultPageId() != null)) {
196                        CmsResource detailPage = cms.readDefaultFile(CmsResource.getFolderPath(path));
197                        if (OpenCms.getADEManager().isDetailPage(cms, detailPage)) {
198                            if (res != null) {
199                                // response will be null if this run through the init handler is only for determining the locale
200                                CmsResource functionDefaultPage = cms.readResource(ref.getFunctionDefaultPageId());
201                                req.setAttribute(ATTR_DETAIL_FUNCTION_PAGE, functionDefaultPage);
202                                cms.getRequestContext().setDetailResource(functionDefaultPage);
203                            }
204                            // set the resource path
205                            cms.getRequestContext().setUri(cms.getSitePath(detailPage));
206                            return detailPage;
207                        } else {
208                            return null;
209                        }
210
211                    }
212                }
213            }
214        } catch (CmsPermissionViolationException e) {
215            // trigger the permission denied handler
216            throw e;
217        } catch (CmsResourceInitException e) {
218            throw e;
219        } catch (CmsVfsResourceNotFoundException e) {
220            return null;
221        } catch (Throwable e) {
222            String uri = cms.getRequestContext().getUri();
223            CmsMessageContainer msg = Messages.get().container(Messages.ERR_RESCOURCE_NOT_FOUND_1, uri);
224            if (LOG.isWarnEnabled()) {
225                LOG.warn(msg.key(), e);
226            }
227            throw new CmsResourceInitException(msg, e);
228        }
229
230        return null;
231    }
232
233    /**
234     * Checks whether the given detail page is valid for the given resource.<p>
235     *
236     * @param cms the CMS context
237     * @param page the detail page
238     * @param detailRes the detail resource
239     *
240     * @return true if the given detail page is valid
241     */
242    protected boolean isValidDetailPage(CmsObject cms, CmsResource page, CmsResource detailRes) {
243
244        return OpenCms.getADEManager().getDetailPageHandler().isValidDetailPage(cms, page, detailRes);
245
246    }
247}