001/* 002 * This library is part of OpenCms - 003 * the Open Source Content Management System 004 * 005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com) 006 * 007 * This library is free software; you can redistribute it and/or 008 * modify it under the terms of the GNU Lesser General Public 009 * License as published by the Free Software Foundation; either 010 * version 2.1 of the License, or (at your option) any later version. 011 * 012 * This library is distributed in the hope that it will be useful, 013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 015 * Lesser General Public License for more details. 016 * 017 * For further information about Alkacon Software, please see the 018 * company website: http://www.alkacon.com 019 * 020 * For further information about OpenCms, please see the 021 * project website: http://www.opencms.org 022 * 023 * You should have received a copy of the GNU Lesser General Public 024 * License along with this library; if not, write to the Free Software 025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 026 */ 027 028package org.opencms.ade.detailpage; 029 030import org.opencms.ade.configuration.CmsADEConfigData; 031import org.opencms.ade.configuration.CmsFunctionReference; 032import org.opencms.file.CmsObject; 033import org.opencms.file.CmsResource; 034import org.opencms.file.CmsResourceFilter; 035import org.opencms.file.CmsVfsResourceNotFoundException; 036import org.opencms.i18n.CmsMessageContainer; 037import org.opencms.main.CmsException; 038import org.opencms.main.CmsLog; 039import org.opencms.main.CmsResourceInitException; 040import org.opencms.main.I_CmsResourceInit; 041import org.opencms.main.OpenCms; 042import org.opencms.security.CmsPermissionViolationException; 043import org.opencms.security.CmsSecurityException; 044import org.opencms.util.CmsFileUtil; 045import org.opencms.util.CmsUUID; 046import org.opencms.workplace.CmsWorkplace; 047 048import javax.servlet.ServletRequest; 049import javax.servlet.http.HttpServletRequest; 050import javax.servlet.http.HttpServletResponse; 051 052import org.apache.commons.logging.Log; 053 054/** 055 * Resource init handler for detail-pages.<p> 056 * 057 * @since 8.0.0 058 */ 059public class CmsDetailPageResourceHandler implements I_CmsResourceInit { 060 061 /** The attribute containing the detail content resource. */ 062 public static final String ATTR_DETAIL_CONTENT_RESOURCE = "__opencms_detail_content_resource"; 063 064 /** The attribute containing the detail function page resource. */ 065 public static final String ATTR_DETAIL_FUNCTION_PAGE = "__opencms_detail_function_page"; 066 067 /** The log object for this class. */ 068 private static final Log LOG = CmsLog.getLog(CmsDetailPageResourceHandler.class); 069 070 /** 071 * Default constructor.<p> 072 */ 073 public CmsDetailPageResourceHandler() { 074 075 // empty 076 } 077 078 /** 079 * Returns the detail function page resource, if available.<p> 080 * 081 * @param req the current request 082 * 083 * @return the detail function page resource 084 */ 085 public static CmsResource getDetailFunctionPage(ServletRequest req) { 086 087 return (CmsResource)req.getAttribute(ATTR_DETAIL_FUNCTION_PAGE); 088 } 089 090 /** 091 * Returns the current detail content UUID, or <code>null</code> if this is not a request to a content detail page.<p> 092 * 093 * @param req the current request 094 * 095 * @return the current detail content UUID, or <code>null</code> if this is not a request to a content detail page 096 */ 097 public static CmsUUID getDetailId(ServletRequest req) { 098 099 CmsResource res = getDetailResource(req); 100 return res == null ? null : res.getStructureId(); 101 } 102 103 /** 104 * Returns the current detail content resource, or <code>null</code> if this is not a request to a content detail page.<p> 105 * 106 * @param req the current request 107 * 108 * @return the current detail content resource, or <code>null</code> if this is not a request to a content detail page 109 */ 110 public static CmsResource getDetailResource(ServletRequest req) { 111 112 return (CmsResource)req.getAttribute(ATTR_DETAIL_CONTENT_RESOURCE); 113 } 114 115 /** 116 * @see org.opencms.main.I_CmsResourceInit#initResource(org.opencms.file.CmsResource, org.opencms.file.CmsObject, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) 117 */ 118 public CmsResource initResource( 119 CmsResource resource, 120 CmsObject cms, 121 HttpServletRequest req, 122 HttpServletResponse res) 123 throws CmsResourceInitException, CmsSecurityException { 124 125 // check if the resource was already found or the path starts with '/system/' 126 boolean abort = (resource != null) || cms.getRequestContext().getUri().startsWith(CmsWorkplace.VFS_PATH_SYSTEM); 127 if (abort) { 128 // skip in all cases above 129 return resource; 130 } 131 String path = cms.getRequestContext().getUri(); 132 path = CmsFileUtil.removeTrailingSeparator(path); 133 try { 134 cms.readResource(path, CmsResourceFilter.IGNORE_EXPIRATION); 135 } catch (CmsSecurityException e) { 136 // It may happen that a path is both an existing VFS path and a valid detail page link. 137 // If this is the case, and the user has insufficient permissions to read the resource at the path, 138 // no resource should be displayed, even if the user would have access to the detail page. 139 return null; 140 } catch (CmsException e) { 141 // ignore 142 } 143 String detailName = CmsResource.getName(path); 144 try { 145 CmsUUID detailId = cms.readIdForUrlName(detailName); 146 147 if (detailId != null) { 148 // check existence / permissions 149 CmsResource detailRes = null; 150 CmsPermissionViolationException permissionDenied = null; 151 try { 152 detailRes = cms.readResource(detailId, CmsResourceFilter.ignoreExpirationOffline(cms)); 153 } catch (CmsPermissionViolationException e) { 154 // we postpone the decision what to do with a permission violation until later (see below) 155 permissionDenied = e; 156 } 157 String detailPagePath = CmsResource.getFolderPath(path); 158 CmsResource detailPage = cms.readDefaultFile(detailPagePath); 159 if (permissionDenied != null) { 160 // If we got a permission violation while reading the detail content, we only want to rethrow it if the rest 161 // of the URL is actually plausibly a detail page. Otherwise, we return null, which will usually cause a HTTP 162 // 404 response status. This is to prevent broken links which accidentally end with a restricted detail content's 163 // mapped URL name from triggering a HTTP 401 status. E.g. https://server.com/nonexistent-page/secret, where 164 // there is no "nonexistent-page" folder and "secret" is the mapped URL name of a restricted content. 165 if ((detailPage != null) && OpenCms.getADEManager().isDetailPage(cms, detailPage)) { 166 throw permissionDenied; 167 } else { 168 LOG.debug( 169 "Swallowing CmsPermissionViolationException for detail content because the page [" 170 + detailPagePath 171 + "] is not a detail page.\nDefault file: " 172 + detailPage 173 + "\n", 174 permissionDenied); 175 return null; 176 } 177 } 178 if (!isValidDetailPage(cms, detailPage, detailRes)) { 179 return null; 180 } 181 if (res != null) { 182 // response will be null if this run through the init handler is only for determining the locale 183 req.setAttribute(ATTR_DETAIL_CONTENT_RESOURCE, detailRes); 184 cms.getRequestContext().setDetailResource(detailRes); 185 } 186 // set the resource path 187 cms.getRequestContext().setUri(cms.getSitePath(detailPage)); 188 return detailPage; 189 } else { 190 CmsADEConfigData configData = OpenCms.getADEManager().lookupConfiguration( 191 cms, 192 cms.getRequestContext().addSiteRoot(path)); 193 // check if the detail name matches any named function 194 for (CmsFunctionReference ref : configData.getFunctionReferences()) { 195 if (detailName.equals(ref.getName()) && (ref.getFunctionDefaultPageId() != null)) { 196 CmsResource detailPage = cms.readDefaultFile(CmsResource.getFolderPath(path)); 197 if (OpenCms.getADEManager().isDetailPage(cms, detailPage)) { 198 if (res != null) { 199 // response will be null if this run through the init handler is only for determining the locale 200 CmsResource functionDefaultPage = cms.readResource(ref.getFunctionDefaultPageId()); 201 req.setAttribute(ATTR_DETAIL_FUNCTION_PAGE, functionDefaultPage); 202 cms.getRequestContext().setDetailResource(functionDefaultPage); 203 } 204 // set the resource path 205 cms.getRequestContext().setUri(cms.getSitePath(detailPage)); 206 return detailPage; 207 } else { 208 return null; 209 } 210 211 } 212 } 213 } 214 } catch (CmsPermissionViolationException e) { 215 // trigger the permission denied handler 216 throw e; 217 } catch (CmsResourceInitException e) { 218 throw e; 219 } catch (CmsVfsResourceNotFoundException e) { 220 return null; 221 } catch (Throwable e) { 222 String uri = cms.getRequestContext().getUri(); 223 CmsMessageContainer msg = Messages.get().container(Messages.ERR_RESCOURCE_NOT_FOUND_1, uri); 224 if (LOG.isWarnEnabled()) { 225 LOG.warn(msg.key(), e); 226 } 227 throw new CmsResourceInitException(msg, e); 228 } 229 230 return null; 231 } 232 233 /** 234 * Checks whether the given detail page is valid for the given resource.<p> 235 * 236 * @param cms the CMS context 237 * @param page the detail page 238 * @param detailRes the detail resource 239 * 240 * @return true if the given detail page is valid 241 */ 242 protected boolean isValidDetailPage(CmsObject cms, CmsResource page, CmsResource detailRes) { 243 244 return OpenCms.getADEManager().getDetailPageHandler().isValidDetailPage(cms, page, detailRes); 245 246 } 247}