001/* 002 * This library is part of OpenCms - 003 * the Open Source Content Management System 004 * 005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com) 006 * 007 * This library is free software; you can redistribute it and/or 008 * modify it under the terms of the GNU Lesser General Public 009 * License as published by the Free Software Foundation; either 010 * version 2.1 of the License, or (at your option) any later version. 011 * 012 * This library is distributed in the hope that it will be useful, 013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 015 * Lesser General Public License for more details. 016 * 017 * For further information about Alkacon Software GmbH & Co. KG, please see the 018 * company website: http://www.alkacon.com 019 * 020 * For further information about OpenCms, please see the 021 * project website: http://www.opencms.org 022 * 023 * You should have received a copy of the GNU Lesser General Public 024 * License along with this library; if not, write to the Free Software 025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 026 */ 027 028package org.opencms.main; 029 030import org.opencms.ade.configuration.CmsADEManager; 031import org.opencms.ade.containerpage.CmsContainerpageService; 032import org.opencms.cache.CmsVfsMemoryObjectCache; 033import org.opencms.configuration.CmsConfigurationException; 034import org.opencms.configuration.CmsConfigurationManager; 035import org.opencms.configuration.CmsImportExportConfiguration; 036import org.opencms.configuration.CmsModuleConfiguration; 037import org.opencms.configuration.CmsParameterConfiguration; 038import org.opencms.configuration.CmsSchedulerConfiguration; 039import org.opencms.configuration.CmsSearchConfiguration; 040import org.opencms.configuration.CmsSitesConfiguration; 041import org.opencms.configuration.CmsSystemConfiguration; 042import org.opencms.configuration.CmsVariablesConfiguration; 043import org.opencms.configuration.CmsVfsConfiguration; 044import org.opencms.configuration.CmsWorkplaceConfiguration; 045import org.opencms.configuration.I_CmsNeedsAdminCmsObject; 046import org.opencms.crypto.I_CmsTextEncryption; 047import org.opencms.db.CmsAliasManager; 048import org.opencms.db.CmsDbEntryNotFoundException; 049import org.opencms.db.CmsDefaultUsers; 050import org.opencms.db.CmsExportPoint; 051import org.opencms.db.CmsLoginManager; 052import org.opencms.db.CmsSecurityManager; 053import org.opencms.db.CmsSqlManager; 054import org.opencms.db.CmsSubscriptionManager; 055import org.opencms.db.timing.CmsDefaultProfilingHandler; 056import org.opencms.db.timing.CmsThreadStatsTreeProfilingHandler; 057import org.opencms.file.CmsObject; 058import org.opencms.file.CmsProject; 059import org.opencms.file.CmsProperty; 060import org.opencms.file.CmsPropertyDefinition; 061import org.opencms.file.CmsRequestContext; 062import org.opencms.file.CmsResource; 063import org.opencms.file.CmsResourceFilter; 064import org.opencms.file.CmsUser; 065import org.opencms.file.CmsVfsResourceNotFoundException; 066import org.opencms.flex.CmsFlexCache; 067import org.opencms.flex.CmsFlexCacheConfiguration; 068import org.opencms.flex.CmsFlexController; 069import org.opencms.gwt.CmsGwtService; 070import org.opencms.gwt.CmsGwtServiceContext; 071import org.opencms.gwt.shared.CmsGwtConstants; 072import org.opencms.i18n.CmsEncoder; 073import org.opencms.i18n.CmsI18nInfo; 074import org.opencms.i18n.CmsLocaleManager; 075import org.opencms.i18n.CmsMessageContainer; 076import org.opencms.i18n.CmsSingleTreeLocaleHandler; 077import org.opencms.i18n.CmsVfsBundleManager; 078import org.opencms.importexport.CmsImportExportManager; 079import org.opencms.json.JSONObject; 080import org.opencms.jsp.jsonpart.CmsJsonPartFilter; 081import org.opencms.jsp.userdata.CmsUserDataRequestManager; 082import org.opencms.jsp.util.CmsJspStandardContextBean; 083import org.opencms.letsencrypt.CmsLetsEncryptConfiguration; 084import org.opencms.loader.CmsJspLoader; 085import org.opencms.loader.CmsResourceManager; 086import org.opencms.loader.CmsTemplateContextManager; 087import org.opencms.loader.I_CmsFlexCacheEnabledLoader; 088import org.opencms.loader.I_CmsResourceLoader; 089import org.opencms.lock.CmsLockManager; 090import org.opencms.module.CmsModuleManager; 091import org.opencms.monitor.CmsMemoryMonitor; 092import org.opencms.monitor.CmsMemoryMonitorConfiguration; 093import org.opencms.mx.CmsDiagnosticsMXBean; 094import org.opencms.publish.CmsPublishEngine; 095import org.opencms.publish.CmsPublishManager; 096import org.opencms.repository.CmsRepositoryManager; 097import org.opencms.rmi.CmsRemoteShellServer; 098import org.opencms.scheduler.CmsScheduleManager; 099import org.opencms.search.CmsSearchManager; 100import org.opencms.security.CmsOrgUnitManager; 101import org.opencms.security.CmsPersistentLoginTokenHandler; 102import org.opencms.security.CmsRole; 103import org.opencms.security.CmsRoleManager; 104import org.opencms.security.CmsRoleViolationException; 105import org.opencms.security.CmsSecurityException; 106import org.opencms.security.I_CmsAuthorizationHandler; 107import org.opencms.security.I_CmsCredentialsResolver; 108import org.opencms.security.I_CmsPasswordHandler; 109import org.opencms.security.I_CmsValidationHandler; 110import org.opencms.security.twofactor.CmsTwoFactorAuthenticationHandler; 111import org.opencms.site.CmsSite; 112import org.opencms.site.CmsSiteManagerImpl; 113import org.opencms.site.CmsSiteMatcher; 114import org.opencms.staticexport.CmsDefaultLinkSubstitutionHandler; 115import org.opencms.staticexport.CmsLinkManager; 116import org.opencms.staticexport.CmsStaticExportManager; 117import org.opencms.ugc.CmsUgcSessionFactory; 118import org.opencms.ui.apps.CmsWorkplaceAppManager; 119import org.opencms.ui.dialogs.CmsPublishScheduledDialog; 120import org.opencms.ui.error.CmsErrorUI; 121import org.opencms.ui.login.CmsLoginHelper; 122import org.opencms.ui.login.CmsLoginUI; 123import org.opencms.util.CmsRequestUtil; 124import org.opencms.util.CmsStringUtil; 125import org.opencms.util.CmsTaskWatcher; 126import org.opencms.util.CmsUUID; 127import org.opencms.workflow.CmsDefaultWorkflowManager; 128import org.opencms.workflow.I_CmsWorkflowManager; 129import org.opencms.workplace.CmsWorkplace; 130import org.opencms.workplace.CmsWorkplaceLoginHandler; 131import org.opencms.workplace.CmsWorkplaceManager; 132import org.opencms.workplace.CmsWorkplaceSettings; 133import org.opencms.xml.CmsXmlContentTypeManager; 134import org.opencms.xml.CmsXmlUtils; 135import org.opencms.xml.containerpage.CmsFormatterConfiguration; 136import org.opencms.xml.xml2json.I_CmsApiAuthorizationHandler; 137 138import java.io.FileOutputStream; 139import java.io.IOException; 140import java.security.Security; 141import java.util.ArrayList; 142import java.util.Collections; 143import java.util.Date; 144import java.util.HashMap; 145import java.util.HashSet; 146import java.util.Hashtable; 147import java.util.Iterator; 148import java.util.LinkedHashMap; 149import java.util.List; 150import java.util.Locale; 151import java.util.Map; 152import java.util.ServiceLoader; 153import java.util.Set; 154import java.util.concurrent.ScheduledThreadPoolExecutor; 155import java.util.concurrent.TimeUnit; 156 157import javax.servlet.ServletConfig; 158import javax.servlet.ServletContext; 159import javax.servlet.ServletException; 160import javax.servlet.http.HttpServletRequest; 161import javax.servlet.http.HttpServletResponse; 162import javax.servlet.http.HttpSession; 163 164import org.apache.commons.logging.Log; 165import org.apache.logging.log4j.CloseableThreadContext; 166 167import org.antlr.stringtemplate.StringTemplate; 168 169import com.google.common.base.Optional; 170import com.google.common.util.concurrent.ThreadFactoryBuilder; 171 172/** 173 * The internal implementation of the core OpenCms "operating system" functions.<p> 174 * 175 * All access to this class must be done through the public static methods 176 * of the <code>{@link org.opencms.main.OpenCms}</code> object. 177 * Under no circumstances should you ever try to access this class directly.<p> 178 * 179 * This class is so OpenCms internal you should not even be reading this documentation ;-)<p> 180 * 181 * Any request to the <code>{@link org.opencms.main.OpenCmsServlet}</code> will be forwarded to this core class. 182 * The core will then try to map the request to a VFS (Virtual File System) URI, 183 * that is a <code>{@link org.opencms.file.CmsResource}</code> in the OpenCms database. 184 * If a resource is found, it will be read and forwarded to 185 * to the corresponding <code>{@link org.opencms.loader.I_CmsResourceLoader}</code>, 186 * which will then generate the output for the requested resource and return it to the requesting client.<p> 187 * 188 * There will be only one singleton instance of this object created for 189 * this core class. This means that in the default configuration, where 190 * OpenCms is accessed through a servlet context, there will be only one instance of 191 * the core in that servlet context.<p> 192 * 193 * @since 6.0.0 194 */ 195public final class OpenCmsCore { 196 197 /** Parameter to control whether generated links should always include the host. */ 198 public static final String PARAM_FORCE_ABSOLUTE_LINKS = "__forceAbsoluteLinks"; 199 200 /** The static log object for this class. */ 201 static final Log LOG = CmsLog.getLog(OpenCmsCore.class); 202 203 /** Lock object for synchronization. */ 204 private static final Object LOCK = new Object(); 205 206 /** Indicates if the configuration was successfully finished or not. */ 207 private static CmsMessageContainer m_errorCondition; 208 209 /** One instance to rule them all, one instance to find them... */ 210 private static OpenCmsCore m_instance; 211 212 static { 213 final String keyEntityExpansionLimit = "jdk.xml.entityExpansionLimit"; 214 if (System.getProperty(keyEntityExpansionLimit) == null) { 215 System.setProperty(keyEntityExpansionLimit, "64000"); 216 } 217 } 218 219 /** The ADE manager instance. */ 220 private CmsADEManager m_adeManager; 221 222 /** The manager for page aliases. */ 223 private CmsAliasManager m_aliasManager; 224 225 /** Map of API authorization handlers, with their names as keys. */ 226 private Map<String, I_CmsApiAuthorizationHandler> m_apiAuthorizations; 227 228 /** The configured authorization handler. */ 229 private I_CmsAuthorizationHandler m_authorizationHandler; 230 231 /** Admin CMS object. */ 232 private CmsObject m_configAdminCms; 233 234 /** The configuration manager that contains the information from the XML configuration. */ 235 private CmsConfigurationManager m_configurationManager; 236 237 /** The object used for resolving database user credentials. */ 238 private I_CmsCredentialsResolver m_credentialsResolver; 239 240 /** List of configured directory default file names. */ 241 private List<String> m_defaultFiles; 242 243 /** The default user and group names. */ 244 private CmsDefaultUsers m_defaultUsers; 245 246 /** The event manager for the event handling. */ 247 private CmsEventManager m_eventManager; 248 249 /** The thread pool executor. */ 250 private ScheduledThreadPoolExecutor m_executor; 251 252 /** The set of configured export points. */ 253 private Set<CmsExportPoint> m_exportPoints; 254 255 /** The flex cache instance. */ 256 private CmsFlexCache m_flexCache; 257 258 /** The context objects for GWT services. */ 259 private Map<String, CmsGwtServiceContext> m_gwtServiceContexts; 260 261 /** The site manager contains information about the Cms import/export. */ 262 private CmsImportExportManager m_importExportManager; 263 264 /** The LetsEncrypt configuration. */ 265 private CmsLetsEncryptConfiguration m_letsEncryptConfig; 266 267 /** The link manager to resolve links in <cms:link> tags. */ 268 private CmsLinkManager m_linkManager; 269 270 /** The locale manager used for obtaining the current locale. */ 271 private CmsLocaleManager m_localeManager; 272 273 /** The login manager. */ 274 private CmsLoginManager m_loginManager; 275 276 /** The memory monitor for the collection of memory and runtime statistics. */ 277 private CmsMemoryMonitor m_memoryMonitor; 278 279 /** The module manager. */ 280 private CmsModuleManager m_moduleManager; 281 282 /** The organizational unit manager. */ 283 private CmsOrgUnitManager m_orgUnitManager; 284 285 /** The password handler used to digest and validate passwords. */ 286 private I_CmsPasswordHandler m_passwordHandler; 287 288 /** The publish engine. */ 289 private CmsPublishEngine m_publishEngine; 290 291 /** The publish manager instance. */ 292 private CmsPublishManager m_publishManager; 293 294 /** The remote shell server. */ 295 private CmsRemoteShellServer m_remoteShellServer; 296 297 /** The repository manager. */ 298 private CmsRepositoryManager m_repositoryManager; 299 300 /** The configured request handlers that handle "special" requests, for example in the static export on demand. */ 301 private Map<String, I_CmsRequestHandler> m_requestHandlers; 302 303 /** Stores the resource init handlers that allow modification of the requested resource. */ 304 private List<I_CmsResourceInit> m_resourceInitHandlers; 305 306 /** The resource manager. */ 307 private CmsResourceManager m_resourceManager; 308 309 /** The role manager. */ 310 private CmsRoleManager m_roleManager; 311 312 /** The runlevel of this OpenCmsCore object instance. */ 313 private int m_runLevel; 314 315 /** The runtime properties allow storage of system wide accessible runtime information. */ 316 private Map<Object, Object> m_runtimeProperties; 317 318 /** The configured scheduler manager. */ 319 private CmsScheduleManager m_scheduleManager; 320 321 /** The search manager provides indexing and searching. */ 322 private CmsSearchManager m_searchManager; 323 324 /** The security manager to access the database and validate user permissions. */ 325 private CmsSecurityManager m_securityManager; 326 327 /** The session manager. */ 328 private CmsSessionManager m_sessionManager; 329 330 /** The site manager contains information about all configured sites. */ 331 private CmsSiteManagerImpl m_siteManager; 332 333 /** List of start/stop handlers. */ 334 private List<I_CmsStartStopHandler> m_startStopHandlers = new ArrayList<>(); 335 336 /** The static export manager. */ 337 private CmsStaticExportManager m_staticExportManager; 338 339 /** The subscription manager. */ 340 private CmsSubscriptionManager m_subscriptionManager; 341 342 /** The system information container for "read only" system settings. */ 343 private CmsSystemInfo m_systemInfo; 344 345 /** The template context manager. */ 346 private CmsTemplateContextManager m_templateContextManager; 347 348 /** The text encryptions. */ 349 private LinkedHashMap<String, I_CmsTextEncryption> m_textEncryptions; 350 351 /** The thread store. */ 352 private CmsThreadStore m_threadStore; 353 354 /** The 2FA handler. */ 355 private CmsTwoFactorAuthenticationHandler m_twoFactorAuthenticationHandler; 356 357 /** The user data request manager. */ 358 private CmsUserDataRequestManager m_userDataRequestManager; 359 360 /** The runtime validation handler. */ 361 private I_CmsValidationHandler m_validationHandler; 362 363 /** The VFS bundle manager. */ 364 private CmsVfsBundleManager m_vfsBundleManager; 365 366 /** The default memory object cache instance. */ 367 private CmsVfsMemoryObjectCache m_vfsMemoryObjectCache; 368 369 /** The workflow manager instance. */ 370 private I_CmsWorkflowManager m_workflowManager; 371 372 /** The workplace app manager. */ 373 private CmsWorkplaceAppManager m_workplaceAppManager; 374 375 /** The workplace manager contains information about the global workplace settings. */ 376 private CmsWorkplaceManager m_workplaceManager; 377 378 /** The XML content type manager that contains the initialized XML content types. */ 379 private CmsXmlContentTypeManager m_xmlContentTypeManager; 380 381 /** 382 * Protected constructor that will initialize the singleton OpenCms instance 383 * with runlevel {@link OpenCms#RUNLEVEL_1_CORE_OBJECT}.<p> 384 * 385 * @throws CmsInitException in case of errors during the initialization 386 */ 387 private OpenCmsCore() 388 throws CmsInitException { 389 390 if ((m_instance != null) && (m_instance.getRunLevel() > OpenCms.RUNLEVEL_0_OFFLINE)) { 391 throw new CmsInitException(Messages.get().container(Messages.ERR_ALREADY_INITIALIZED_0)); 392 } 393 initMembers(); 394 m_instance = this; 395 setRunLevel(OpenCms.RUNLEVEL_1_CORE_OBJECT); 396 } 397 398 /** 399 * Returns the path for the request.<p> 400 * 401 * First checks the {@link HttpServletRequest#getPathInfo()}, then 402 * the configured request error page attribute (if set), and then 403 * if still undefined the <code>/</code> is returned as path info.<p> 404 * 405 * This is only needed when the {@link HttpServletRequest#getPathInfo()} 406 * is not really working as expected like in BEA WLS 9.x, where we have 407 * to use the 'weblogic.servlet.errorPage' request attribute.<p> 408 * 409 * @param req the http request context 410 * 411 * @return the path for the request 412 */ 413 public static String getPathInfo(HttpServletRequest req) { 414 415 String path = req.getPathInfo(); 416 if (path == null) { 417 // if the HttpServletRequest#getPathInfo() method does not work properly 418 String requestErrorPageAttribute = OpenCms.getSystemInfo().getServletContainerSettings().getRequestErrorPageAttribute(); 419 if (requestErrorPageAttribute != null) { 420 // use the proper page attribute 421 path = (String)req.getAttribute(requestErrorPageAttribute); 422 if (path != null) { 423 int pos = path.indexOf("/", 1); 424 if (pos > 0) { 425 // cut off the servlet name 426 path = path.substring(pos); 427 } 428 } 429 } 430 } 431 if (path == null) { 432 path = "/"; 433 } 434 return path; 435 } 436 437 /** 438 * Returns the initialized OpenCms singleton instance.<p> 439 * 440 * @return the initialized OpenCms singleton instance 441 */ 442 protected static OpenCmsCore getInstance() { 443 444 if (m_errorCondition != null) { 445 // OpenCms is not properly initialized 446 throw new CmsInitException(m_errorCondition, false); 447 } 448 449 if (m_instance != null) { 450 return m_instance; 451 } 452 synchronized (LOCK) { 453 if (m_instance == null) { 454 try { 455 // create a new core object with runlevel 1 456 m_instance = new OpenCmsCore(); 457 } catch (CmsInitException e) { 458 // already initialized, this is all we need 459 LOG.debug(e.getMessage(), e); 460 } 461 } 462 } 463 return m_instance; 464 } 465 466 /** 467 * Sets the error condition.<p> 468 * 469 * @param errorCondition the error condition to set 470 */ 471 protected static void setErrorCondition(CmsMessageContainer errorCondition) { 472 473 // init exceptions should only be thrown during setup process 474 if ((m_instance != null) && (m_instance.getRunLevel() < OpenCms.RUNLEVEL_3_SHELL_ACCESS)) { 475 if (!Messages.ERR_CRITICAL_INIT_WIZARD_0.equals(errorCondition.getKey())) { 476 // if wizard is still enabled allow retry of initialization (for setup wizard) 477 m_errorCondition = errorCondition; 478 // output an error message to the console 479 System.err.println( 480 Messages.get().getBundle().key(Messages.LOG_INIT_FAILURE_MESSAGE_1, errorCondition.key())); 481 } 482 LOG.error(errorCondition.key(), new CmsException(errorCondition)); 483 m_instance = null; 484 } else if (m_instance != null) { 485 // OpenCms already was successful initialized 486 LOG.warn( 487 Messages.get().getBundle().key( 488 Messages.LOG_INIT_INVALID_ERROR_2, 489 Integer.valueOf(m_instance.getRunLevel()), 490 errorCondition.key())); 491 } 492 } 493 494 /** 495 * Gets the default CmsVfsMemoryCache instance. 496 * 497 * @return the default cache instance 498 */ 499 public CmsVfsMemoryObjectCache getVfsMemoryObjectCache() { 500 501 if (m_vfsMemoryObjectCache == null) { 502 m_vfsMemoryObjectCache = new CmsVfsMemoryObjectCache(); 503 } 504 return m_vfsMemoryObjectCache; 505 506 } 507 508 /** 509 * Adds the specified request handler to the Map of OpenCms request handlers. <p> 510 * 511 * @param handler the handler to add 512 */ 513 protected void addRequestHandler(I_CmsRequestHandler handler) { 514 515 if (handler == null) { 516 return; 517 } 518 String[] names = handler.getHandlerNames(); 519 for (int i = 0; i < names.length; i++) { 520 String name = names[i]; 521 if (m_requestHandlers.get(name) != null) { 522 CmsLog.INIT.error(Messages.get().getBundle().key(Messages.LOG_DUPLICATE_REQUEST_HANDLER_1, name)); 523 continue; 524 } 525 m_requestHandlers.put(name, handler); 526 if (CmsLog.INIT.isInfoEnabled()) { 527 CmsLog.INIT.info( 528 Messages.get().getBundle().key( 529 Messages.INIT_ADDED_REQUEST_HANDLER_2, 530 name, 531 handler.getClass().getName())); 532 } 533 } 534 } 535 536 /** 537 * Gets the ADE manager, and makes sure it is initialized.<p> 538 * 539 * @return the initialized ADE manager 540 */ 541 protected CmsADEManager getADEManager() { 542 543 if (!m_adeManager.isInitialized()) { 544 m_adeManager.initialize(); 545 } 546 return m_adeManager; 547 } 548 549 /** 550 * Returns the alias manager.<p> 551 * 552 * @return the alias manager 553 */ 554 protected CmsAliasManager getAliasManager() { 555 556 return m_aliasManager; 557 } 558 559 /** 560 * Gets the API authorization handler with the given name, or null if it doesn't exist. 561 * 562 * @param name the name of the API authorization handler 563 * @return the API authorization handler, or null if it wasn't found 564 */ 565 protected I_CmsApiAuthorizationHandler getApiAuthorization(String name) { 566 567 return m_apiAuthorizations.get(name); 568 569 } 570 571 /** 572 * Returns the configured authorization handler.<p> 573 * 574 * @return the configured authorization handler 575 */ 576 protected I_CmsAuthorizationHandler getAuthorizationHandler() { 577 578 return m_authorizationHandler; 579 } 580 581 /** 582 * Returns the initialized OpenCms configuration manager.<p> 583 * 584 * @return the initialized OpenCms configuration manager 585 */ 586 protected CmsConfigurationManager getConfigurationManager() { 587 588 return m_configurationManager; 589 } 590 591 /** 592 * Gets the configured credentials resolver instance.<p> 593 * 594 * @return the credentials resolver 595 */ 596 protected I_CmsCredentialsResolver getCredentialsResolver() { 597 598 if (m_credentialsResolver == null) { 599 CmsSystemConfiguration systemConfig = (CmsSystemConfiguration)m_configurationManager.getConfiguration( 600 CmsSystemConfiguration.class); 601 return systemConfig.getCredentialsResolver(); 602 } 603 604 return m_credentialsResolver; 605 } 606 607 /** 608 * Gets the database pool names.<p> 609 * 610 * @return the configured database pool names 611 */ 612 protected List<String> getDbPoolNames() { 613 614 return new ArrayList<>(m_configurationManager.getConfiguration().getList("db.pools")); 615 616 } 617 618 /** 619 * Returns the configured list of default directory file names.<p> 620 * 621 * @return the configured list of default directory file names 622 */ 623 protected List<String> getDefaultFiles() { 624 625 return m_defaultFiles; 626 } 627 628 /** 629 * Returns the default user and group name configuration.<p> 630 * 631 * @return the default user and group name configuration 632 */ 633 protected CmsDefaultUsers getDefaultUsers() { 634 635 return m_defaultUsers; 636 } 637 638 /** 639 * Returns the OpenCms event manager.<p> 640 * 641 * @return the OpenCms event manager 642 */ 643 protected CmsEventManager getEventManager() { 644 645 return m_eventManager; 646 } 647 648 /** 649 * Gets the thread pool executor.<p> 650 * 651 * @return the thread pool executor 652 */ 653 protected ScheduledThreadPoolExecutor getExecutor() { 654 655 return m_executor; 656 } 657 658 /** 659 * Returns the configured export points, 660 * the returned set being an unmodifiable set.<p> 661 * 662 * @return an unmodifiable set of the configured export points 663 */ 664 protected Set<CmsExportPoint> getExportPoints() { 665 666 return m_exportPoints; 667 } 668 669 /** 670 * Gets the flex cache. 671 * @return CmsFlexCache 672 */ 673 674 protected CmsFlexCache getFlexCache() { 675 676 return m_flexCache; 677 } 678 679 /** 680 * Gets a string containing all keys and variations currently in the flex cache, for debug purposes.<p> 681 * 682 * @return a debug information string with the flex cache data 683 */ 684 protected String getFlexCacheKeyDump() { 685 686 if (m_flexCache != null) { 687 StringBuffer buffer = new StringBuffer(); 688 m_flexCache.dumpKeys(buffer); 689 return buffer.toString(); 690 } else { 691 return null; 692 } 693 } 694 695 /** 696 * Returns the initialized import/export manager, 697 * which contains information about the Cms import/export.<p> 698 * 699 * @return the initialized import/export manager 700 */ 701 protected CmsImportExportManager getImportExportManager() { 702 703 return m_importExportManager; 704 } 705 706 /** 707 * Gets the LetsEncrypt configuration.<p> 708 * 709 * @return the LetsEncrypt configuration 710 */ 711 protected CmsLetsEncryptConfiguration getLetsEncryptConfig() { 712 713 return m_letsEncryptConfig; 714 } 715 716 /** 717 * Returns the link manager to resolve links in <link> tags.<p> 718 * 719 * @return the link manager to resolve links in <link> tags 720 */ 721 protected CmsLinkManager getLinkManager() { 722 723 return m_linkManager; 724 } 725 726 /** 727 * Returns the locale manager used for obtaining the current locale.<p> 728 * 729 * @return the locale manager 730 */ 731 protected CmsLocaleManager getLocaleManager() { 732 733 return m_localeManager; 734 } 735 736 /** 737 * Returns the lock manager used for the locking mechanism.<p> 738 * 739 * @return the lock manager used for the locking mechanism 740 */ 741 protected CmsLockManager getLockManager() { 742 743 return m_securityManager.getLockManager(); 744 } 745 746 /** 747 * Returns the login manager used to check the validity of a login.<p> 748 * 749 * @return the login manager 750 */ 751 protected CmsLoginManager getLoginManager() { 752 753 return m_loginManager; 754 } 755 756 /** 757 * Returns the memory monitor.<p> 758 * 759 * @return the memory monitor 760 */ 761 protected CmsMemoryMonitor getMemoryMonitor() { 762 763 return m_memoryMonitor; 764 } 765 766 /** 767 * Returns the module manager.<p> 768 * 769 * @return the module manager 770 */ 771 protected CmsModuleManager getModuleManager() { 772 773 return m_moduleManager; 774 } 775 776 /** 777 * Returns the organizational unit manager.<p> 778 * 779 * @return the organizational unit manager 780 */ 781 protected CmsOrgUnitManager getOrgUnitManager() { 782 783 return m_orgUnitManager; 784 } 785 786 /** 787 * Return the password handler.<p> 788 * 789 * @return the password handler 790 */ 791 protected I_CmsPasswordHandler getPasswordHandler() { 792 793 return m_passwordHandler; 794 } 795 796 /** 797 * Returns the publish manager instance.<p> 798 * 799 * @return the publish manager instance 800 */ 801 protected CmsPublishManager getPublishManager() { 802 803 return m_publishManager; 804 } 805 806 /** 807 * Returns the repository manager.<p> 808 * 809 * @return the repository manager 810 */ 811 protected CmsRepositoryManager getRepositoryManager() { 812 813 return m_repositoryManager; 814 } 815 816 /** 817 * Returns the handler instance for the specified name, 818 * or null if the name does not match any handler name.<p> 819 * 820 * @param name the name of the handler instance to return 821 * @return the handler instance for the specified name 822 */ 823 protected I_CmsRequestHandler getRequestHandler(String name) { 824 825 return m_requestHandlers.get(name); 826 } 827 828 /** 829 * Returns the resource manager.<p> 830 * 831 * @return the resource manager 832 */ 833 protected CmsResourceManager getResourceManager() { 834 835 return m_resourceManager; 836 } 837 838 /** 839 * Returns the role manager.<p> 840 * 841 * @return the role manager 842 */ 843 protected CmsRoleManager getRoleManager() { 844 845 return m_roleManager; 846 } 847 848 /** 849 * Returns the runlevel of this OpenCmsCore object instance.<p> 850 * 851 * For a detailed description about the possible run levels, 852 * please see {@link OpenCms#getRunLevel()}.<p> 853 * 854 * @return the runlevel of this OpenCmsCore object instance 855 * 856 * @see OpenCms#getRunLevel() 857 */ 858 protected int getRunLevel() { 859 860 return m_runLevel; 861 } 862 863 /** 864 * Looks up a value in the runtime property Map.<p> 865 * 866 * @param key the key to look up in the runtime properties 867 * @return the value for the key, or null if the key was not found 868 */ 869 protected Object getRuntimeProperty(Object key) { 870 871 return m_runtimeProperties.get(key); 872 } 873 874 /** 875 * Returns the configured schedule manager.<p> 876 * 877 * @return the configured schedule manager 878 */ 879 protected CmsScheduleManager getScheduleManager() { 880 881 return m_scheduleManager; 882 } 883 884 /** 885 * Returns the initialized search manager, 886 * which provides indexing and searching operations.<p> 887 * 888 * @return the initialized search manager 889 */ 890 protected CmsSearchManager getSearchManager() { 891 892 return m_searchManager; 893 } 894 895 /** 896 * Returns the initialized OpenCms security manager.<p> 897 * 898 * @return the initialized OpenCms security manager 899 */ 900 protected CmsSecurityManager getSecurityManager() { 901 902 return m_securityManager; 903 } 904 905 /** 906 * Returns the session manager.<p> 907 * 908 * @return the session manager 909 */ 910 protected CmsSessionManager getSessionManager() { 911 912 return m_sessionManager; 913 } 914 915 /** 916 * Returns the initialized site manager, 917 * which contains information about all configured sites.<p> 918 * 919 * @return the initialized site manager 920 */ 921 protected CmsSiteManagerImpl getSiteManager() { 922 923 return m_siteManager; 924 } 925 926 /** 927 * Returns an instance of the common sql manager.<p> 928 * 929 * @return an instance of the common sql manager 930 */ 931 protected CmsSqlManager getSqlManager() { 932 933 return m_securityManager.getSqlManager(); 934 } 935 936 /** 937 * Returns the properties for the static export.<p> 938 * 939 * @return the properties for the static export 940 */ 941 protected CmsStaticExportManager getStaticExportManager() { 942 943 return m_staticExportManager; 944 } 945 946 /** 947 * Returns the subscription manager.<p> 948 * 949 * @return the subscription manager 950 */ 951 protected CmsSubscriptionManager getSubscriptionManager() { 952 953 return m_subscriptionManager; 954 } 955 956 /** 957 * Returns the system information storage.<p> 958 * 959 * @return the system information storage 960 */ 961 protected CmsSystemInfo getSystemInfo() { 962 963 return m_systemInfo; 964 } 965 966 /** 967 * Gets the template context manager instance.<p> 968 * 969 * @return the template context manager instance 970 */ 971 protected CmsTemplateContextManager getTemplateContextManager() { 972 973 return m_templateContextManager; 974 975 } 976 977 /** 978 * Gets the text encryptions. 979 * 980 * @return the text encryptions 981 */ 982 protected Map<String, I_CmsTextEncryption> getTextEncryptions() { 983 984 return m_textEncryptions; 985 } 986 987 /** 988 * Returns the OpenCms Thread store.<p> 989 * 990 * @return the OpenCms Thread store 991 */ 992 protected CmsThreadStore getThreadStore() { 993 994 return m_threadStore; 995 } 996 997 /** 998 * Gets the two-factor authentication handler. 999 * 1000 * @return the two-factor authentication handler 1001 */ 1002 protected CmsTwoFactorAuthenticationHandler getTwoFactorAuthenticationHandler() { 1003 1004 return m_twoFactorAuthenticationHandler; 1005 } 1006 1007 /** 1008 * Gets the user data request manager. 1009 * 1010 * @return the user data request manager 1011 */ 1012 protected CmsUserDataRequestManager getUserDataRequestManager() { 1013 1014 return m_userDataRequestManager; 1015 } 1016 1017 /** 1018 * Returns the runtime validation handler.<p> 1019 * 1020 * @return the validation handler 1021 */ 1022 protected I_CmsValidationHandler getValidationHandler() { 1023 1024 return m_validationHandler; 1025 } 1026 1027 /** 1028 * Returns the workflow manager instance.<p> 1029 * 1030 * @return the workflow manager 1031 */ 1032 protected I_CmsWorkflowManager getWorkflowManager() { 1033 1034 return m_workflowManager; 1035 } 1036 1037 /** 1038 * Returns the workplace app manager.<p> 1039 * 1040 * @return the workplace app manager 1041 */ 1042 protected CmsWorkplaceAppManager getWorkplaceAppManager() { 1043 1044 return m_workplaceAppManager; 1045 } 1046 1047 /** 1048 * Returns the initialized workplace manager, 1049 * which contains information about the global workplace settings.<p> 1050 * 1051 * @return the initialized workplace manager 1052 */ 1053 protected CmsWorkplaceManager getWorkplaceManager() { 1054 1055 return m_workplaceManager; 1056 } 1057 1058 /** 1059 * Returns the XML content type manager.<p> 1060 * 1061 * @return the XML content type manager 1062 */ 1063 protected CmsXmlContentTypeManager getXmlContentTypeManager() { 1064 1065 if (m_xmlContentTypeManager != null) { 1066 return m_xmlContentTypeManager; 1067 } 1068 if (getRunLevel() == OpenCms.RUNLEVEL_1_CORE_OBJECT) { 1069 // this is only to enable test cases to run 1070 m_xmlContentTypeManager = CmsXmlContentTypeManager.createTypeManagerForTestCases(); 1071 } 1072 return m_xmlContentTypeManager; 1073 } 1074 1075 /** 1076 * Initializes the OpenCms context for Vaadin UI servlet.<p> 1077 * 1078 * @param req the request 1079 * @param res the response 1080 * @param servlet the UI servlet 1081 * 1082 * @throws IOException if user authentication fails 1083 * @throws CmsException if something goes wrong 1084 */ 1085 protected void initCmsContextForUI(HttpServletRequest req, HttpServletResponse res, CmsUIServlet servlet) 1086 throws IOException, CmsException { 1087 1088 // instantiate CMS context 1089 String originalEncoding = req.getCharacterEncoding(); 1090 String referrer = req.getHeader("referer"); 1091 boolean allowPrivilegedLogin = (referrer == null) || !referrer.contains(CmsWorkplaceLoginHandler.LOGIN_HANDLER); 1092 1093 CmsObject cms = initCmsObject(req, res, allowPrivilegedLogin); 1094 servlet.setCms(cms); 1095 if (originalEncoding != null) { 1096 // getI18NInfo sets wrong encoding 1097 req.setCharacterEncoding(originalEncoding); 1098 } 1099 } 1100 1101 /** 1102 * Returns an independent copy of the provided CmsObject.<p> 1103 * 1104 * This can be useful in case a permanent reference to a CmsObject is stored. 1105 * Changing the request context values (for example project, siteroot) in the new CmsObject 1106 * will have no side effects to the CmsObject it was copied form.<p> 1107 * 1108 * The request time (<code>{@link CmsRequestContext#getRequestTime()}</code>) 1109 * is set to the current time.<p> 1110 * 1111 * @param cms the CmsObject to create a copy of 1112 * 1113 * @return an independent copy of the provided CmsObject 1114 * 1115 * @throws CmsException in case the initialization failed 1116 * 1117 * @see OpenCms#initCmsObject(CmsObject) 1118 * @see OpenCms#initCmsObject(CmsObject, CmsContextInfo) 1119 * @see OpenCms#initCmsObject(String) 1120 */ 1121 protected CmsObject initCmsObject(CmsObject cms) { 1122 1123 CmsRequestContext requestContext = cms.getRequestContext(); 1124 CmsRequestContext context = new CmsRequestContext( 1125 requestContext.getCurrentUser().clone(), 1126 (CmsProject)(requestContext.getCurrentProject().clone()), 1127 requestContext.getUri(), 1128 requestContext.getRequestMatcher(), 1129 requestContext.getSiteRoot(), 1130 requestContext.isSecureRequest(), 1131 requestContext.getLocale(), 1132 requestContext.getEncoding(), 1133 requestContext.getRemoteAddress(), 1134 System.currentTimeMillis(), 1135 m_resourceManager.getFolderTranslator(), 1136 m_resourceManager.getFileTranslator(), 1137 requestContext.getOuFqn(), 1138 requestContext.isForceAbsoluteLinks()); 1139 context.setDetailResource(requestContext.getDetailResource()); 1140 CmsObject result = new CmsObject(m_securityManager, context); 1141 return result; 1142 } 1143 1144 /** 1145 * Returns an initialized CmsObject with the user and context initialized as provided.<p> 1146 * 1147 * Note: Only if the provided <code>adminCms</code> CmsObject has admin permissions, 1148 * this method allows the creation a CmsObject for any existing user. Otherwise 1149 * only the default users 'Guest' and 'Export' can initialized with 1150 * this method, all other user names will throw an Exception.<p> 1151 * 1152 * @param adminCms must either be initialized with "Admin" permissions, or null 1153 * @param contextInfo the context info to create a CmsObject for 1154 * 1155 * @return an initialized CmsObject with the given users permissions 1156 * 1157 * @throws CmsException if an invalid user name was provided 1158 * @throws CmsRoleViolationException if the current user does not have the role permissions to create a context for the requested user 1159 * 1160 * @see org.opencms.db.CmsDefaultUsers#getUserGuest() 1161 * @see org.opencms.db.CmsDefaultUsers#getUserExport() 1162 * @see OpenCms#initCmsObject(CmsObject) 1163 * @see OpenCms#initCmsObject(CmsObject, CmsContextInfo) 1164 * @see OpenCms#initCmsObject(String) 1165 */ 1166 protected CmsObject initCmsObject(CmsObject adminCms, CmsContextInfo contextInfo) 1167 throws CmsRoleViolationException, CmsException { 1168 1169 String userName = contextInfo.getUserName(); 1170 1171 if ((adminCms == null) || !m_roleManager.hasRole(adminCms, CmsRole.ROOT_ADMIN)) { 1172 if (!userName.endsWith(getDefaultUsers().getUserGuest()) 1173 && !userName.endsWith(getDefaultUsers().getUserExport())) { 1174 1175 // if no admin object is provided, only "Guest" or "Export" user can be generated 1176 CmsMessageContainer message = Messages.get().container( 1177 Messages.ERR_INVALID_INIT_USER_2, 1178 userName, 1179 ((adminCms != null) ? (adminCms.getRequestContext().getCurrentUser().getName()) : "")); 1180 if (LOG.isWarnEnabled()) { 1181 LOG.warn(message.key()); 1182 } 1183 throw new CmsRoleViolationException(message); 1184 } 1185 } 1186 1187 return initCmsObject(contextInfo); 1188 } 1189 1190 /** 1191 * Handles the user authentification for each request sent to OpenCms.<p> 1192 * 1193 * User authentification is done in three steps: 1194 * <ol> 1195 * <li>Session authentification: OpenCms stores information of all authentificated 1196 * users in an internal storage based on the users session.</li> 1197 * <li>Authorization handler authentification: If the session authentification fails, 1198 * the current configured authorization handler is called.</li> 1199 * <li>Default user: When both authentification methods fail, the user is set to 1200 * the default (Guest) user.</li> 1201 * </ol> 1202 * 1203 * @param req the current http request 1204 * @param res the current http response 1205 * @param allowPrivilegedLogin <code>true</code> to allow login through authorization handlers 1206 * 1207 * @return the initialized cms context 1208 * 1209 * @throws IOException if user authentication fails 1210 * @throws CmsException in case something goes wrong 1211 */ 1212 protected CmsObject initCmsObject(HttpServletRequest req, HttpServletResponse res, boolean allowPrivilegedLogin) 1213 throws IOException, CmsException { 1214 1215 // first try to restore a stored session 1216 CmsObject cms = initCmsObjectFromSession(req); 1217 if (cms != null) { 1218 return cms; 1219 } 1220 if (allowPrivilegedLogin) { 1221 // if does not work, try to authorize the request 1222 I_CmsAuthorizationHandler.I_PrivilegedLoginAction loginAction = new I_CmsAuthorizationHandler.I_PrivilegedLoginAction() { 1223 1224 private CmsObject m_adminCms; 1225 1226 /** 1227 * @see org.opencms.security.I_CmsAuthorizationHandler.I_PrivilegedLoginAction#doLogin(javax.servlet.http.HttpServletRequest, java.lang.String) 1228 */ 1229 public CmsObject doLogin(HttpServletRequest request, String principal) throws CmsException { 1230 1231 try { 1232 CmsUser user = m_adminCms.readUser(principal); 1233 if (!user.isEnabled()) { 1234 throw new CmsException( 1235 Messages.get().container(Messages.ERR_INVALID_INIT_USER_2, user.getName(), "-")); 1236 } 1237 1238 // initialize the new cms object 1239 CmsContextInfo contextInfo = new CmsContextInfo(m_adminCms.getRequestContext()); 1240 contextInfo.setUserName(principal); 1241 CmsObject newCms = initCmsObject(m_adminCms, contextInfo); 1242 1243 if ((contextInfo.getRequestedUri().startsWith("/system/workplace/") 1244 // also check for new workplace 1245 || request.getRequestURI().startsWith(OpenCms.getSystemInfo().getWorkplaceContext())) 1246 && getRoleManager().hasRole(newCms, CmsRole.ELEMENT_AUTHOR)) { 1247 LOG.debug("Handling workplace login for user " + principal); 1248 CmsWorkplaceSettings settings = CmsLoginHelper.initSiteAndProject(newCms); 1249 request.getSession(true).setAttribute( 1250 CmsWorkplaceManager.SESSION_WORKPLACE_SETTINGS, 1251 settings); 1252 OpenCms.getSessionManager().updateSessionInfo(newCms, request); 1253 } 1254 m_adminCms.updateLastLoginDate(user); 1255 1256 // fire the login user event 1257 OpenCms.fireCmsEvent( 1258 I_CmsEventListener.EVENT_LOGIN_USER, 1259 Collections.<String, Object> singletonMap("data", user)); 1260 return newCms; 1261 } finally { 1262 m_adminCms = null; 1263 } 1264 } 1265 1266 /** 1267 * @see org.opencms.security.I_CmsAuthorizationHandler.I_PrivilegedLoginAction#getCmsObject() 1268 */ 1269 public CmsObject getCmsObject() { 1270 1271 return m_adminCms; 1272 } 1273 1274 /** 1275 * @see org.opencms.security.I_CmsAuthorizationHandler.I_PrivilegedLoginAction#setCmsObject(org.opencms.file.CmsObject) 1276 */ 1277 public void setCmsObject(CmsObject adminCms) { 1278 1279 m_adminCms = adminCms; 1280 } 1281 }; 1282 loginAction.setCmsObject(initCmsObject(req, res, OpenCms.getDefaultUsers().getUserAdmin(), null, null)); 1283 cms = m_authorizationHandler.initCmsObject(req, loginAction); 1284 if (cms != null) { 1285 return cms; 1286 } 1287 1288 // authentification failed or not enough permissions, so display a login screen 1289 m_authorizationHandler.requestAuthorization(req, res, getLoginFormURL(req, res)); 1290 } 1291 cms = initCmsObject( 1292 req, 1293 m_securityManager.readUser(null, OpenCms.getDefaultUsers().getUserGuest()), 1294 getSiteManager().matchRequest(req).getSiteRoot(), 1295 CmsProject.ONLINE_PROJECT_ID, 1296 ""); 1297 // return the initialized cms user context object 1298 return cms; 1299 } 1300 1301 /** 1302 * Returns an initialized CmsObject with the user initialized as provided, 1303 * with the "Online" project selected and "/" set as the current site root.<p> 1304 * 1305 * Note: Only the default users 'Guest' and 'Export' can initialized with 1306 * this method, all other user names will throw an Exception.<p> 1307 * 1308 * @param user the user name to initialize, can only be 1309 * {@link org.opencms.db.CmsDefaultUsers#getUserGuest()} or 1310 * {@link org.opencms.db.CmsDefaultUsers#getUserExport()} 1311 * 1312 * @return an initialized CmsObject with the given users permissions 1313 * 1314 * @throws CmsException if an invalid user name was provided, or if something else goes wrong 1315 * 1316 * @see org.opencms.db.CmsDefaultUsers#getUserGuest() 1317 * @see org.opencms.db.CmsDefaultUsers#getUserExport() 1318 * @see OpenCms#initCmsObject(String) 1319 * @see #initCmsObject(CmsObject, CmsContextInfo) 1320 */ 1321 protected CmsObject initCmsObject(String user) throws CmsException { 1322 1323 return initCmsObject(null, new CmsContextInfo(user)); 1324 } 1325 1326 /** 1327 * Initializes a new cms object from the session data of the request.<p> 1328 * 1329 * If no session data is found, <code>null</code> is returned.<p> 1330 * 1331 * @param req the request 1332 * 1333 * @return the new initialized cms object 1334 * 1335 * @throws CmsException if something goes wrong 1336 */ 1337 protected CmsObject initCmsObjectFromSession(HttpServletRequest req) throws CmsException { 1338 1339 String url = req.getRequestURL().toString(); 1340 String p = "[ " + url + " ] "; 1341 if (LOG.isDebugEnabled()) { 1342 LOG.debug(p + "Trying to init cms object from session for request \"" + req.toString() + "\"."); 1343 } 1344 // try to get an OpenCms user session info object for this request 1345 CmsSessionInfo sessionInfo = m_sessionManager.getSessionInfo(req); 1346 1347 if (sessionInfo == null) { 1348 if (LOG.isDebugEnabled()) { 1349 LOG.debug(p + "No session info found."); 1350 } 1351 return null; 1352 } 1353 if (!getSessionManager().hasValidClientToken(req)) { 1354 if (LOG.isDebugEnabled()) { 1355 LOG.debug("Client token in session invalid."); 1356 } 1357 return null; 1358 } 1359 1360 // initialize the requested site root 1361 CmsSite site = getSiteManager().matchRequest(req); 1362 1363 // a user name is found in the session manager, reuse this user information 1364 CmsUUID project = sessionInfo.getProject(); 1365 1366 // initialize site root from request 1367 String siteroot = sessionInfo.getSiteRoot(); 1368 if (siteroot == null) { 1369 // not sure if this can actually happen? 1370 LOG.debug(p + "site root from session info was null, determining site root from current request's host"); 1371 siteroot = site.getSiteRoot(); 1372 } 1373 // initialize user from request 1374 CmsUser user = m_securityManager.readUser(null, sessionInfo.getUserId()); 1375 1376 if (LOG.isDebugEnabled()) { 1377 LOG.debug(p + "Initializing cms object with user \"" + user.getName() + "\"."); 1378 LOG.debug(p + "siteRoot = " + siteroot); 1379 } 1380 return initCmsObject(req, user, siteroot, project, sessionInfo.getOrganizationalUnitFqn()); 1381 } 1382 1383 /** 1384 * Constructor to create a new OpenCms object.<p> 1385 * 1386 * It reads the configurations from the <code>opencms.properties</code> 1387 * file in the <code>config/</code> subdirectory. With the information 1388 * from this file is inits a ResourceBroker (Database access module), 1389 * various caching systems and other options.<p> 1390 * 1391 * This will only be done once per accessing class. 1392 * 1393 * @param configuration the configurations from the <code>opencms.properties</code> file 1394 * @throws CmsInitException in case OpenCms can not be initialized 1395 */ 1396 protected synchronized void initConfiguration(CmsParameterConfiguration configuration) throws CmsInitException { 1397 1398 String serverInfo = configuration.getString("context.servlet.container", null); 1399 1400 // output startup message to log file 1401 if (CmsLog.INIT.isInfoEnabled()) { 1402 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_DOT_0)); 1403 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_DOT_0)); 1404 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_DOT_0)); 1405 CmsLog.INIT.info( 1406 ". " 1407 + Messages.get().getBundle().key( 1408 Messages.GUI_SHELL_VERSION_1, 1409 OpenCms.getSystemInfo().getVersionNumber())); 1410 for (int i = 0; i < Messages.COPYRIGHT_BY_ALKACON.length; i++) { 1411 CmsLog.INIT.info(". " + Messages.COPYRIGHT_BY_ALKACON[i]); 1412 } 1413 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_LINE_0)); 1414 CmsLog.INIT.info( 1415 Messages.get().getBundle().key(Messages.INIT_STARTUP_TIME_1, new Date(System.currentTimeMillis()))); 1416 CmsLog.INIT.info( 1417 Messages.get().getBundle().key( 1418 Messages.INIT_OPENCMS_VERSION_1, 1419 OpenCms.getSystemInfo().getVersionNumber() + " [" + OpenCms.getSystemInfo().getVersionId() + "]")); 1420 if (serverInfo != null) { 1421 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_SERVLET_CONTAINER_1, serverInfo)); 1422 } 1423 CmsLog.INIT.info( 1424 Messages.get().getBundle().key(Messages.INIT_WEBAPP_NAME_1, getSystemInfo().getWebApplicationName())); 1425 CmsLog.INIT.info( 1426 Messages.get().getBundle().key(Messages.INIT_SERVLET_PATH_1, getSystemInfo().getServletPath())); 1427 CmsLog.INIT.info( 1428 Messages.get().getBundle().key(Messages.INIT_OPENCMS_CONTEXT_1, getSystemInfo().getOpenCmsContext())); 1429 CmsLog.INIT.info( 1430 Messages.get().getBundle().key(Messages.INIT_WEBINF_PATH_1, getSystemInfo().getWebInfRfsPath())); 1431 CmsLog.INIT.info( 1432 Messages.get().getBundle().key( 1433 Messages.INIT_PROPERTY_FILE_1, 1434 getSystemInfo().getConfigurationFileRfsPath())); 1435 1436 String logFileRfsPath = getSystemInfo().getLogFileRfsPath(); 1437 CmsLog.INIT.info( 1438 Messages.get().getBundle().key( 1439 Messages.INIT_LOG_FILE_1, 1440 logFileRfsPath != null ? logFileRfsPath : "Managed by log4j")); 1441 } 1442 1443 String systemEncoding = null; 1444 try { 1445 systemEncoding = System.getProperty("file.encoding"); 1446 } catch (SecurityException se) { 1447 // security manager is active, but we will try other options before giving up 1448 LOG.debug("Security manager preventing access to file.encoding system property.", se); 1449 } 1450 try { 1451 Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); 1452 } catch (Exception e) { 1453 CmsLog.INIT.error(e.getLocalizedMessage(), e); 1454 } 1455 if (CmsLog.INIT.isInfoEnabled()) { 1456 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_FILE_ENCODING_1, systemEncoding)); 1457 } 1458 1459 // read server ethernet address (MAC) and init UUID generator 1460 String ethernetAddress = configuration.getString("server.ethernet.address", CmsStringUtil.getEthernetAddress()); 1461 if (CmsLog.INIT.isInfoEnabled()) { 1462 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_ETHERNET_ADDRESS_1, ethernetAddress)); 1463 } 1464 CmsUUID.init(ethernetAddress); 1465 1466 // set the server name 1467 String serverName = configuration.getString("server.name", "OpenCmsServer"); 1468 getSystemInfo().setServerName(serverName); 1469 1470 // check the installed Java SDK 1471 try { 1472 if (CmsLog.INIT.isInfoEnabled()) { 1473 String jdkinfo = System.getProperty("java.vm.name") + " "; 1474 jdkinfo += System.getProperty("java.vm.version") + " "; 1475 jdkinfo += System.getProperty("java.vm.info") + " "; 1476 jdkinfo += System.getProperty("java.vm.vendor") + " "; 1477 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_JAVA_VM_1, jdkinfo)); 1478 String osinfo = System.getProperty("os.name") + " "; 1479 osinfo += System.getProperty("os.version") + " "; 1480 osinfo += System.getProperty("os.arch") + " "; 1481 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_OPERATING_SYSTEM_1, osinfo)); 1482 } 1483 } catch (Exception e) { 1484 throw new CmsInitException(Messages.get().container(Messages.ERR_CRITICAL_INIT_PROP_0), e); 1485 } 1486 1487 // create the configuration manager instance 1488 m_configurationManager = new CmsConfigurationManager(getSystemInfo().getConfigFolder()); 1489 // store the configuration read from "opencms.properties" in the configuration manager 1490 m_configurationManager.setConfiguration(configuration); 1491 1492 // now load the XML configuration 1493 try { 1494 m_configurationManager.loadXmlConfiguration(); 1495 } catch (Exception e) { 1496 throw new CmsInitException(Messages.get().container(Messages.ERR_CRITICAL_INIT_XML_0), e); 1497 } 1498 1499 // get the system configuration 1500 CmsSystemConfiguration systemConfiguration = (CmsSystemConfiguration)m_configurationManager.getConfiguration( 1501 CmsSystemConfiguration.class); 1502 1503 if (systemConfiguration.useSaxImplSystemProperties()) { 1504 CmsXmlUtils.initSystemProperties(); 1505 } 1506 1507 // initialize the memory monitor 1508 CmsMemoryMonitorConfiguration memoryMonitorConfiguration = systemConfiguration.getCmsMemoryMonitorConfiguration(); 1509 // initialize the memory monitor 1510 try { 1511 if (CmsStringUtil.isNotEmptyOrWhitespaceOnly(memoryMonitorConfiguration.getClassName())) { 1512 m_memoryMonitor = (CmsMemoryMonitor)Class.forName( 1513 memoryMonitorConfiguration.getClassName()).newInstance(); 1514 } else { 1515 m_memoryMonitor = new CmsMemoryMonitor(); 1516 } 1517 } catch (Exception e) { 1518 // we can not start without a valid memory monitor 1519 throw new CmsInitException( 1520 Messages.get().container( 1521 Messages.ERR_CRITICAL_INIT_MEMORY_MONITOR_1, 1522 memoryMonitorConfiguration.getClassName()), 1523 e); 1524 } 1525 m_memoryMonitor.initialize(systemConfiguration); 1526 1527 // get the event manager from the configuration and initialize it with the events already registered 1528 CmsEventManager configuredEventManager = systemConfiguration.getEventManager(); 1529 configuredEventManager.initialize(m_eventManager); 1530 m_eventManager = configuredEventManager; 1531 1532 // check if the encoding setting is valid 1533 String setEncoding = systemConfiguration.getDefaultContentEncoding(); 1534 String defaultEncoding = CmsEncoder.lookupEncoding(setEncoding, null); 1535 if (defaultEncoding == null) { 1536 // we can not start without a valid encoding setting 1537 throw new CmsInitException(Messages.get().container(Messages.ERR_CRITICAL_INIT_ENCODING_1, setEncoding)); 1538 } 1539 if (CmsLog.INIT.isInfoEnabled()) { 1540 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_OPENCMS_ENCODING_1, defaultEncoding)); 1541 } 1542 getSystemInfo().setDefaultEncoding(defaultEncoding); 1543 1544 // set version history information 1545 getSystemInfo().setVersionHistorySettings( 1546 systemConfiguration.isHistoryEnabled(), 1547 systemConfiguration.getHistoryVersions(), 1548 systemConfiguration.getHistoryVersionsAfterDeletion()); 1549 // set mail configuration 1550 getSystemInfo().setMailSettings(systemConfiguration.getMailSettings()); 1551 // set HTTP authentication settings 1552 getSystemInfo().setHttpAuthenticationSettings(systemConfiguration.getHttpAuthenticationSettings()); 1553 getSystemInfo().setRestrictDetailContents(systemConfiguration.isRestrictDetailContents()); 1554 1555 // set content notification settings 1556 getSystemInfo().setNotificationTime(systemConfiguration.getNotificationTime()); 1557 getSystemInfo().setNotificationProject(systemConfiguration.getNotificationProject()); 1558 m_executor = new ScheduledThreadPoolExecutor( 1559 3, 1560 new ThreadFactoryBuilder().setNameFormat("OpenCmsCore-exec-%d").build()); 1561 // set resource init classes 1562 m_resourceInitHandlers = systemConfiguration.getResourceInitHandlers(); 1563 1564 // register request handler classes 1565 Iterator<I_CmsRequestHandler> it = systemConfiguration.getRequestHandlers().iterator(); 1566 while (it.hasNext()) { 1567 I_CmsRequestHandler handler = it.next(); 1568 addRequestHandler(handler); 1569 if (CmsLog.INIT.isInfoEnabled()) { 1570 CmsLog.INIT.info( 1571 Messages.get().getBundle().key( 1572 Messages.INIT_REQUEST_HANDLER_CLASS_1, 1573 handler.getClass().getName())); 1574 } 1575 } 1576 1577 // read the default user configuration 1578 m_defaultUsers = systemConfiguration.getCmsDefaultUsers(); 1579 1580 // get the site manager from the configuration 1581 CmsSitesConfiguration sitesConfiguration = (CmsSitesConfiguration)m_configurationManager.getConfiguration( 1582 CmsSitesConfiguration.class); 1583 m_siteManager = sitesConfiguration.getSiteManager(); 1584 1585 CmsSchedulerConfiguration schedulerConfiguration = (CmsSchedulerConfiguration)m_configurationManager.getConfiguration( 1586 CmsSchedulerConfiguration.class); 1587 // set the scheduler manager 1588 m_scheduleManager = schedulerConfiguration.getScheduleManager(); 1589 1590 CmsVariablesConfiguration variablesConfiguration = (CmsVariablesConfiguration)m_configurationManager.getConfiguration( 1591 CmsVariablesConfiguration.class); 1592 1593 // get the VFS / resource configuration 1594 CmsVfsConfiguration vfsConfiguation = (CmsVfsConfiguration)m_configurationManager.getConfiguration( 1595 CmsVfsConfiguration.class); 1596 m_resourceManager = vfsConfiguation.getResourceManager(); 1597 m_xmlContentTypeManager = vfsConfiguation.getXmlContentTypeManager(); 1598 m_defaultFiles = vfsConfiguation.getDefaultFiles(); 1599 1600 // initialize translation engines 1601 m_resourceManager.setTranslators( 1602 vfsConfiguation.getFolderTranslator(), 1603 vfsConfiguation.getFileTranslator(), 1604 vfsConfiguation.getXsdTranslator()); 1605 1606 // try to initialize the flex cache 1607 CmsFlexCache flexCache = null; 1608 try { 1609 if (CmsLog.INIT.isInfoEnabled()) { 1610 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_FLEX_CACHE_STARTING_0)); 1611 } 1612 // get the flex cache configuration from the SystemConfiguration 1613 CmsFlexCacheConfiguration flexCacheConfiguration = systemConfiguration.getCmsFlexCacheConfiguration(); 1614 getSystemInfo().setDeviceSelector(flexCacheConfiguration.getDeviceSelector()); 1615 // pass configuration to flex cache for initialization 1616 flexCache = new CmsFlexCache(flexCacheConfiguration); 1617 m_flexCache = flexCache; 1618 if (CmsLog.INIT.isInfoEnabled()) { 1619 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_FLEX_CACHE_FINISHED_0)); 1620 } 1621 } catch (Exception e) { 1622 if (CmsLog.INIT.isWarnEnabled()) { 1623 CmsLog.INIT.warn(Messages.get().getBundle().key(Messages.INIT_FLEX_CACHE_ERROR_1, e.getMessage())); 1624 } 1625 } 1626 1627 if (flexCache != null) { 1628 // check all resource loaders if they require the Flex cache 1629 Iterator<I_CmsResourceLoader> i = m_resourceManager.getLoaders().iterator(); 1630 while (i.hasNext()) { 1631 Object o = i.next(); 1632 if (o instanceof I_CmsFlexCacheEnabledLoader) { 1633 // this resource loader requires the Flex cache 1634 ((I_CmsFlexCacheEnabledLoader)o).setFlexCache(flexCache); 1635 } 1636 } 1637 } 1638 1639 // get the import/export configuration 1640 CmsImportExportConfiguration importExportConfiguration = (CmsImportExportConfiguration)m_configurationManager.getConfiguration( 1641 CmsImportExportConfiguration.class); 1642 m_importExportManager = importExportConfiguration.getImportExportManager(); 1643 m_staticExportManager = importExportConfiguration.getStaticExportManager(); 1644 m_repositoryManager = importExportConfiguration.getRepositoryManager(); 1645 1646 // get the search configuration 1647 CmsSearchConfiguration searchConfiguration = (CmsSearchConfiguration)m_configurationManager.getConfiguration( 1648 CmsSearchConfiguration.class); 1649 m_searchManager = searchConfiguration.getSearchManager(); 1650 1651 // get the workplace configuration 1652 CmsWorkplaceConfiguration workplaceConfiguration = (CmsWorkplaceConfiguration)m_configurationManager.getConfiguration( 1653 CmsWorkplaceConfiguration.class); 1654 m_workplaceManager = workplaceConfiguration.getWorkplaceManager(); 1655 // add the export points from the workplace 1656 addExportPoints(m_workplaceManager.getExportPoints()); 1657 addExportPoints(m_staticExportManager.getExportPoints()); 1658 1659 // get the module configuration 1660 CmsModuleConfiguration moduleConfiguration = (CmsModuleConfiguration)m_configurationManager.getConfiguration( 1661 CmsModuleConfiguration.class); 1662 m_moduleManager = moduleConfiguration.getModuleManager(); 1663 1664 // get the password handler 1665 m_passwordHandler = systemConfiguration.getPasswordHandler(); 1666 1667 // get the validation handler 1668 m_validationHandler = systemConfiguration.getValidationHandler(); 1669 1670 // get the authorization handler 1671 m_authorizationHandler = systemConfiguration.getAuthorizationHandler(); 1672 1673 // get the login manager 1674 m_loginManager = systemConfiguration.getLoginManager(); 1675 // set the login message 1676 try { 1677 m_loginManager.setLoginMessage(null, variablesConfiguration.getLoginMessage()); 1678 m_loginManager.setBeforeLoginMessage(null, variablesConfiguration.getBeforeLoginMessage()); 1679 } catch (CmsRoleViolationException e1) { 1680 CmsLog.INIT.error(e1.getLocalizedMessage(), e1); 1681 } 1682 1683 // initialize the publish engine 1684 m_publishEngine = new CmsPublishEngine(systemConfiguration.getRuntimeInfoFactory()); 1685 1686 // Credentials resolver - needs to be set before the driver manager is initialized 1687 m_credentialsResolver = systemConfiguration.getCredentialsResolver(); 1688 1689 // init the OpenCms security manager 1690 m_securityManager = CmsSecurityManager.newInstance( 1691 m_configurationManager, 1692 systemConfiguration.getRuntimeInfoFactory(), 1693 m_publishEngine); 1694 1695 // get the publish manager 1696 m_publishManager = systemConfiguration.getPublishManager(); 1697 1698 // get the subscription manager 1699 m_subscriptionManager = systemConfiguration.getSubscriptionManager(); 1700 1701 // initialize the role manager 1702 m_roleManager = new CmsRoleManager(m_securityManager); 1703 1704 // initialize the organizational unit manager 1705 m_orgUnitManager = new CmsOrgUnitManager(m_securityManager); 1706 1707 // initialize the Thread store 1708 m_threadStore = new CmsThreadStore(m_securityManager); 1709 1710 // initialize the link manager 1711 m_linkManager = new CmsLinkManager(m_staticExportManager.getLinkSubstitutionHandler()); 1712 1713 m_aliasManager = new CmsAliasManager(m_securityManager); 1714 1715 // store the runtime properties 1716 m_runtimeProperties.putAll(systemConfiguration.getRuntimeProperties()); 1717 1718 // initialize the session storage provider 1719 I_CmsSessionStorageProvider sessionStorageProvider = systemConfiguration.getSessionStorageProvider(); 1720 1721 // get an Admin cms context object with site root set to "/" 1722 CmsObject adminCms; 1723 try { 1724 adminCms = initCmsObject(null, null, getDefaultUsers().getUserAdmin(), (String)null, (String)null); 1725 } catch (CmsException e) { 1726 throw new CmsInitException(Messages.get().container(Messages.ERR_CRITICAL_INIT_ADMINCMS_0), e); 1727 } 1728 m_configAdminCms = adminCms; 1729 1730 m_repositoryManager.initializeCms(adminCms); 1731 // now initialize the other managers 1732 try { 1733 if (flexCache != null) { 1734 flexCache.initializeCms(initCmsObject(adminCms)); 1735 } 1736 1737 m_configurationManager.setAdminCms(adminCms); 1738 1739 // initialize the scheduler 1740 m_scheduleManager.initialize(initCmsObject(adminCms)); 1741 1742 // initialize the locale manager 1743 m_localeManager = systemConfiguration.getLocaleManager(); 1744 m_localeManager.initialize(initCmsObject(adminCms)); 1745 1746 // initialize the site manager 1747 m_siteManager.initialize(initCmsObject(adminCms)); 1748 1749 // initialize the static export manager 1750 m_staticExportManager.initialize(initCmsObject(adminCms)); 1751 1752 // initialize the XML content type manager 1753 m_xmlContentTypeManager.initialize(initCmsObject(adminCms)); 1754 1755 m_orgUnitManager.initialize(initCmsObject(adminCms)); 1756 1757 // initialize the module manager 1758 m_moduleManager.initialize(initCmsObject(adminCms), m_configurationManager); 1759 1760 // initialize the resource manager 1761 m_resourceManager.initialize(initCmsObject(adminCms)); 1762 1763 // initialize the publish manager 1764 m_publishManager.setPublishEngine(m_publishEngine); 1765 m_publishManager.setSecurityManager(m_securityManager); 1766 m_publishManager.setPublishListRemoveMode(systemConfiguration.getPublishListRemoveMode()); 1767 m_publishManager.initialize(initCmsObject(adminCms)); 1768 1769 // initialize the search manager 1770 m_searchManager.initialize(initCmsObject(adminCms)); 1771 1772 // initialize the VFS bundle manager 1773 m_vfsBundleManager = new CmsVfsBundleManager(adminCms); 1774 1775 // initialize the workplace manager 1776 m_workplaceManager.initialize(initCmsObject(adminCms)); 1777 1778 // initialize the session manager 1779 m_sessionManager.initialize(sessionStorageProvider, initCmsObject(adminCms)); 1780 m_sessionManager.setUserSessionMode(systemConfiguration.getUserSessionMode(true)); 1781 1782 // initialize the subscription manager 1783 m_subscriptionManager.setSecurityManager(m_securityManager); 1784 m_subscriptionManager.initialize(adminCms); 1785 1786 CmsUgcSessionFactory.setAdminCms(adminCms); 1787 1788 // initialize the formatter configuration 1789 CmsFormatterConfiguration.initialize(adminCms); 1790 CmsPersistentLoginTokenHandler.setAdminCms(initCmsObject(adminCms)); 1791 CmsLoginUI.setAdminCmsObject(initCmsObject(adminCms)); 1792 1793 // initialize ade manager 1794 m_adeManager = new CmsADEManager(initCmsObject(adminCms), m_memoryMonitor, systemConfiguration); 1795 m_workplaceAppManager = new CmsWorkplaceAppManager(initCmsObject(adminCms)); 1796 m_workplaceAppManager.loadApps(); 1797 m_workplaceAppManager.initWorkplaceCssUris(m_moduleManager); 1798 1799 m_templateContextManager = new CmsTemplateContextManager(initCmsObject(adminCms)); 1800 m_workflowManager = systemConfiguration.getWorkflowManager(); 1801 m_letsEncryptConfig = systemConfiguration.getLetsEncryptConfig(); 1802 1803 m_userDataRequestManager = systemConfiguration.getUserDataRequestManager(); 1804 if (m_userDataRequestManager != null) { 1805 m_userDataRequestManager.initialize(initCmsObject(adminCms)); 1806 } 1807 1808 if (m_workflowManager == null) { 1809 m_workflowManager = new CmsDefaultWorkflowManager(); 1810 m_workflowManager.setParameters(new HashMap<String, String>()); 1811 } 1812 1813 m_remoteShellServer = CmsRemoteShellServer.initialize(systemConfiguration); 1814 1815 CmsPublishScheduledDialog.setAdminCms(initCmsObject(adminCms)); 1816 1817 m_workflowManager.initialize(initCmsObject(adminCms)); 1818 m_apiAuthorizations = systemConfiguration.getApiAuthorizations(); 1819 for (I_CmsApiAuthorizationHandler apiAuthorization : m_apiAuthorizations.values()) { 1820 apiAuthorization.initialize(initCmsObject(adminCms)); 1821 } 1822 1823 for (I_CmsResourceInit resourceInit : m_resourceInitHandlers) { 1824 if (resourceInit instanceof I_CmsNeedsAdminCmsObject) { 1825 ((I_CmsNeedsAdminCmsObject)resourceInit).setAdminCmsObject(adminCms); 1826 } 1827 } 1828 for (I_CmsRequestHandler requestHandler : m_requestHandlers.values()) { 1829 if (requestHandler instanceof I_CmsNeedsAdminCmsObject) { 1830 ((I_CmsNeedsAdminCmsObject)requestHandler).setAdminCmsObject(adminCms); 1831 } 1832 } 1833 1834 m_textEncryptions = new LinkedHashMap<>(); 1835 for (I_CmsTextEncryption encryption : systemConfiguration.getTextEncryptions().values()) { 1836 encryption.initialize(OpenCms.initCmsObject(adminCms)); 1837 m_textEncryptions.put(encryption.getName(), encryption); 1838 } 1839 1840 m_twoFactorAuthenticationHandler = new CmsTwoFactorAuthenticationHandler( 1841 OpenCms.initCmsObject(adminCms), 1842 systemConfiguration.getTwoFactorAuthenticationConfig()); 1843 1844 } catch (CmsException e) { 1845 throw new CmsInitException(Messages.get().container(Messages.ERR_CRITICAL_INIT_MANAGERS_0), e); 1846 } 1847 1848 try { 1849 // mitigate potential stringtemplate 3 class loading deadlock by making sure the class is loaded on startup 1850 @SuppressWarnings("unused") 1851 StringTemplate stringTemplate = new org.antlr.stringtemplate.StringTemplate(); 1852 } catch (Exception e) { 1853 CmsLog.INIT.error("Problem with initializing stringtemplate class: " + e.getLocalizedMessage(), e); 1854 } 1855 1856 try { 1857 getEventManager().fireEvent(I_CmsEventListener.EVENT_CLEAR_CACHES); 1858 } catch (Exception e) { 1859 CmsLog.INIT.error("Problem with clearing caches after initialization: " + e.getLocalizedMessage(), e); 1860 } 1861 CmsTaskWatcher.initialize(); 1862 } 1863 1864 /** 1865 * Initialization of the OpenCms runtime environment.<p> 1866 * 1867 * The connection information for the database is read 1868 * from the <code>opencms.properties</code> configuration file and all 1869 * driver manager are initialized via the initializer, 1870 * which usually will be an instance of a <code>OpenCms</code> class. 1871 * 1872 * @param context configuration of OpenCms from <code>web.xml</code> 1873 * @throws CmsInitException in case OpenCms can not be initialized 1874 */ 1875 protected synchronized void initContext(ServletContext context) throws CmsInitException { 1876 1877 m_gwtServiceContexts = new HashMap<String, CmsGwtServiceContext>(); 1878 1879 // automatic servlet container recognition and specific behavior: 1880 CmsServletContainerSettings servletContainerSettings = new CmsServletContainerSettings(context); 1881 getSystemInfo().init(servletContainerSettings); 1882 1883 // Collect the configurations 1884 CmsParameterConfiguration configuration; 1885 try { 1886 configuration = new CmsParameterConfiguration(getSystemInfo().getConfigurationFileRfsPath()); 1887 } catch (Exception e) { 1888 throw new CmsInitException( 1889 Messages.get().container( 1890 Messages.ERR_CRITICAL_INIT_PROPFILE_1, 1891 getSystemInfo().getConfigurationFileRfsPath()), 1892 e); 1893 } 1894 1895 String throwException = configuration.getString("servlet.exception.enabled", "auto"); 1896 if (!throwException.equals("auto")) { 1897 // set the parameter is not automatic, the rest of the servlet container dependent parameters 1898 // will be set when reading the system configuration, if not set to auto 1899 boolean throwExc = Boolean.valueOf(throwException).booleanValue(); 1900 getSystemInfo().getServletContainerSettings().setServletThrowsException(throwExc); 1901 } 1902 1903 // check if the wizard is enabled, if so stop initialization 1904 if (configuration.getBoolean("wizard.enabled", true)) { 1905 throw new CmsInitException(Messages.get().container(Messages.ERR_CRITICAL_INIT_WIZARD_0)); 1906 } 1907 1908 // add an indicator that the configuration was processed from the servlet context 1909 configuration.add("context.servlet.container", context.getServerInfo()); 1910 1911 // output startup message and copyright to STDERR 1912 System.err.println( 1913 Messages.get().getBundle().key( 1914 Messages.LOG_STARTUP_CONSOLE_NOTE_2, 1915 OpenCms.getSystemInfo().getVersionNumber(), 1916 getSystemInfo().getWebApplicationName())); 1917 for (int i = 0; i < Messages.COPYRIGHT_BY_ALKACON.length; i++) { 1918 System.err.println(Messages.COPYRIGHT_BY_ALKACON[i]); 1919 } 1920 System.err.println(); 1921 1922 // initialize the configuration 1923 initConfiguration(configuration); 1924 } 1925 1926 /** 1927 * Initialize member variables.<p> 1928 */ 1929 protected void initMembers() { 1930 1931 synchronized (LOCK) { 1932 m_resourceInitHandlers = new ArrayList<I_CmsResourceInit>(); 1933 m_requestHandlers = new HashMap<String, I_CmsRequestHandler>(); 1934 m_systemInfo = new CmsSystemInfo(); 1935 m_exportPoints = Collections.emptySet(); 1936 m_defaultUsers = new CmsDefaultUsers(); 1937 m_localeManager = new CmsLocaleManager(Locale.ENGLISH); 1938 m_sessionManager = new CmsSessionManager(); 1939 m_runtimeProperties = new Hashtable<Object, Object>(); 1940 // the default event manager must be available because the configuration already registers events 1941 m_eventManager = new CmsEventManager(); 1942 // default link manager is required for test cases 1943 m_linkManager = new CmsLinkManager(new CmsDefaultLinkSubstitutionHandler()); 1944 } 1945 } 1946 1947 /** 1948 * Reads the requested resource from the OpenCms VFS, 1949 * in case a directory name is requested, the default files of the 1950 * directory will be looked up and the first match is returned.<p> 1951 * 1952 * The resource that is returned is always a <code>{@link org.opencms.file.CmsFile}</code>, 1953 * even though the content will usually not be loaded in the result. Folders are never returned since 1954 * the point of this method is really to load the default file if just a folder name is requested. If 1955 * there is no default file in a folder, then the return value is null and no CmsException is thrown.<p> 1956 * 1957 * The URI stored in the given OpenCms user context will be changed to the URI of the resource 1958 * that was found and returned.<p> 1959 * 1960 * Implementing and configuring an <code>{@link I_CmsResourceInit}</code> handler 1961 * allows to customize the process of default resource selection.<p> 1962 * 1963 * @param cms the current users OpenCms context 1964 * @param resourceName the path of the requested resource in the OpenCms VFS 1965 * @param req the current http request 1966 * @param res the current http response 1967 * 1968 * @return the requested resource read from the VFS 1969 * 1970 * @throws CmsException in case the requested file does not exist or the user has insufficient access permissions 1971 * 1972 * @see OpenCms#initResource(CmsObject, String, HttpServletRequest, HttpServletResponse) 1973 */ 1974 protected CmsResource initResource( 1975 CmsObject cms, 1976 String resourceName, 1977 HttpServletRequest req, 1978 HttpServletResponse res) 1979 throws CmsException { 1980 1981 CmsException tmpException = null; 1982 CmsResource resource; 1983 boolean handledSecure = false; 1984 1985 try { 1986 // try to read the requested resource 1987 resource = cms.readDefaultFile(resourceName, CmsResourceFilter.ignoreExpirationOffline(cms)); 1988 } catch (CmsException e) { 1989 // file or folder with given name does not exist, store exception 1990 tmpException = e; 1991 resource = null; 1992 } 1993 1994 if (resource != null) { 1995 // set the request uri to the right file 1996 cms.getRequestContext().setUri(cms.getSitePath(resource)); 1997 // test if this file is only available for internal access operations 1998 if (resource.isInternalOrInInternalFolder()) { 1999 throw new CmsException( 2000 Messages.get().container(Messages.ERR_READ_INTERNAL_RESOURCE_1, cms.getRequestContext().getUri())); 2001 } 2002 2003 resource = handleSecureResource(cms, req, res, resource, resourceName); 2004 if (resource == null) { 2005 handledSecure = true; 2006 2007 } 2008 } 2009 2010 boolean clearErrors = false; 2011 // test if this file has to be checked or modified 2012 for (I_CmsResourceInit handler : m_resourceInitHandlers) { 2013 try { 2014 resource = handler.initResource(resource, cms, req, res); 2015 // the loop has to be interrupted when the exception is thrown! 2016 } catch (CmsResourceInitException e) { 2017 if (e.isClearErrors()) { 2018 tmpException = null; 2019 clearErrors = true; 2020 } 2021 break; 2022 } catch (CmsSecurityException e) { 2023 tmpException = e; 2024 break; 2025 } 2026 } 2027 2028 // file is still null and not found exception was thrown, so throw original exception 2029 if (resource == null) { 2030 if (tmpException != null) { 2031 throw tmpException; 2032 } else if (!clearErrors) { 2033 throw new CmsVfsResourceNotFoundException( 2034 org.opencms.main.Messages.get().container( 2035 org.opencms.main.Messages.ERR_PATH_NOT_FOUND_1, 2036 resourceName)); 2037 2038 } 2039 } else { 2040 if (!handledSecure) { 2041 if (cms.getRequestContext().getDetailContentId() != null) { 2042 // in theory we should do this for all kinds of resource init handlers, 2043 // but I'm not clear on how to handle this in general, so only do this for detail pages for now 2044 resource = handleSecureResource(cms, req, res, resource, resourceName); 2045 handledSecure = true; 2046 } 2047 } 2048 } 2049 2050 // return the resource read from the VFS 2051 return resource; 2052 } 2053 2054 /** 2055 * Initializes the system with the OpenCms servlet.<p> 2056 * 2057 * This is the final step that is called on the servlets "init()" method. 2058 * It registers the servlets request handler and also outputs the final 2059 * startup message. The servlet should auto-load since the <load-on-startup> 2060 * parameter is set in the 'web.xml' by default.<p> 2061 * 2062 * @param servlet the OpenCms servlet 2063 */ 2064 protected void initServlet(OpenCmsServlet servlet) { 2065 2066 synchronized (LOCK) { 2067 // add the servlets request handler 2068 addRequestHandler(servlet); 2069 2070 // output the final 'startup is finished' message 2071 if (CmsLog.INIT.isInfoEnabled()) { 2072 CmsLog.INIT.info( 2073 Messages.get().getBundle().key( 2074 Messages.INIT_SYSTEM_RUNNING_1, 2075 CmsStringUtil.formatRuntime(getSystemInfo().getRuntime()))); 2076 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_LINE_0)); 2077 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_DOT_0)); 2078 } 2079 } 2080 } 2081 2082 /** 2083 * Handler for built-in AJAX services that don't belong anywhere else and don't deserve their own request handler. 2084 * 2085 * @param remainingPath the remainder of the path after /handleBuiltinService 2086 * @param req the current request 2087 * @param res the current response 2088 * 2089 * @throws ServletException if something goes wrong 2090 */ 2091 protected void invokeBuiltinService(String remainingPath, HttpServletRequest req, HttpServletResponse res) 2092 throws ServletException { 2093 2094 try { 2095 CmsObject cms = initCmsObject(req, res); 2096 if (CmsGwtConstants.HANDLER_UNLOCK_PAGE.equals(remainingPath)) { 2097 CmsContainerpageService.unlockPage(cms, req, res); 2098 } else if (CmsGwtConstants.HANDLER_UPDATE_SESSION.equals(remainingPath)) { 2099 // Count this as a heartbeat request, because it's not caused by user activity 2100 boolean isHeartbeatRequest = true; 2101 OpenCms.getSessionManager().updateSessionInfo(cms, req, isHeartbeatRequest); 2102 } else if (remainingPath.startsWith(CmsGwtConstants.UNLOCK_FILE_PREFIX)) { 2103 String idStr = remainingPath.substring(CmsGwtConstants.UNLOCK_FILE_PREFIX.length()); 2104 try { 2105 cms.unlockResource(cms.readResource(new CmsUUID(idStr), CmsResourceFilter.ALL)); 2106 } catch (Exception e) { 2107 LOG.debug(e.getLocalizedMessage(), e); 2108 } 2109 } 2110 } catch (Exception e) { 2111 LOG.error(e.getLocalizedMessage(), e); 2112 throw new ServletException(e); 2113 } 2114 } 2115 2116 /** 2117 * Invokes the GWT servlet from within OpenCms.<p> 2118 * 2119 * @param serviceName the GWT PRC service class name 2120 * @param req the current servlet request 2121 * @param res the current servlet response 2122 * @param servletConfig the servlet configuration 2123 */ 2124 protected void invokeGwtService( 2125 String serviceName, 2126 HttpServletRequest req, 2127 HttpServletResponse res, 2128 ServletConfig servletConfig) { 2129 2130 CmsObject cms = null; 2131 try { 2132 // instantiate CMS context 2133 cms = initCmsObject(req, res); 2134 // instantiate GWT RPC service 2135 CmsGwtService rpcService = getGwtService(serviceName, servletConfig); 2136 // check permissions 2137 rpcService.checkPermissions(cms); 2138 String rpcContextStr = req.getHeader("X-OcmsRpcContext"); 2139 if (rpcContextStr == null) { 2140 rpcContextStr = "{}"; 2141 } 2142 // This makes the container page uri available in all RPC calls originating from the container page editor 2143 JSONObject rpcContext = new JSONObject(rpcContextStr); 2144 String pageIdStr = rpcContext.optString(CmsGwtConstants.RpcContext.PAGE_ID); 2145 CmsResource page = null; 2146 if (CmsUUID.isValidUUID(pageIdStr)) { 2147 try { 2148 page = cms.readResource(new CmsUUID(pageIdStr), CmsResourceFilter.IGNORE_EXPIRATION); 2149 } catch (Exception e) { 2150 LOG.error("Page id " + pageIdStr + " is unreadable: " + e.getLocalizedMessage(), e); 2151 } 2152 } 2153 if (page != null) { 2154 cms.getRequestContext().setUri(cms.getSitePath(page)); 2155 cms.getRequestContext().setAttribute(CmsRequestContext.ATTRIBUTE_ADE_CONTEXT_PATH, page.getRootPath()); 2156 } 2157 2158 // set runtime variables 2159 rpcService.setCms(cms); 2160 Object lock = req.getSession(); 2161 if (lock == null) { 2162 lock = new Object(); 2163 } 2164 rpcService.service(req, res); 2165 m_sessionManager.updateSessionInfo(cms, req, rpcService.isBroadcastCall()); 2166 } catch (CmsRoleViolationException rv) { 2167 // don't log these into the error channel 2168 LOG.debug(rv.getLocalizedMessage(), rv); 2169 // error code not set - set "unauthorized error" (401) 2170 int status = HttpServletResponse.SC_UNAUTHORIZED; 2171 res.setStatus(status); 2172 try { 2173 res.sendError(status, rv.toString()); 2174 } catch (IOException e) { 2175 // can be ignored 2176 LOG.error(e.getLocalizedMessage(), e); 2177 } 2178 } catch (Throwable t) { 2179 // error code not set - set "internal server error" (500) 2180 LOG.error(t.getLocalizedMessage(), t); 2181 int status = HttpServletResponse.SC_INTERNAL_SERVER_ERROR; 2182 res.setStatus(status); 2183 try { 2184 res.sendError(status, t.toString()); 2185 } catch (IOException e) { 2186 // can be ignored 2187 LOG.error(e.getLocalizedMessage(), e); 2188 } 2189 } 2190 } 2191 2192 /** 2193 * This method adds an Object to the OpenCms runtime properties. 2194 * The runtime properties can be used to store Objects that are shared 2195 * in the whole system.<p> 2196 * 2197 * @param key the key to add the Object with 2198 * @param value the value of the Object to add 2199 */ 2200 protected void setRuntimeProperty(Object key, Object value) { 2201 2202 m_runtimeProperties.put(key, value); 2203 } 2204 2205 /** 2206 * Displays a resource from the OpenCms by writing the result to the provided 2207 * Servlet response output stream.<p> 2208 * 2209 * @param req the current servlet request 2210 * @param res the current servlet response 2211 */ 2212 protected void showResource(HttpServletRequest req, HttpServletResponse res) { 2213 2214 CmsObject cms = null; 2215 try { 2216 cms = initCmsObject(req, res); 2217 Map<String, String> logInfo = new HashMap<>(); 2218 logInfo.put("cms_siteroot", cms.getRequestContext().getSiteRoot()); 2219 logInfo.put("cms_project", cms.getRequestContext().getCurrentProject().getName()); 2220 try (CloseableThreadContext.Instance threadContext = CloseableThreadContext.putAll(logInfo)) { 2221 LOG.info("Updating log context: " + logInfo); 2222 String uri = cms.getRequestContext().getUri(); 2223 if (cms.getRequestContext().getCurrentProject().isOnlineProject()) { 2224 2225 if (uri.startsWith(CmsWorkplace.VFS_PATH_SITES)) { 2226 // resources within the sites folder may only be called with their site relative path 2227 // this should prevent showing pages from other sites with their root path 2228 throw new CmsVfsResourceNotFoundException( 2229 org.opencms.main.Messages.get().container( 2230 org.opencms.main.Messages.ERR_PATH_NOT_FOUND_1, 2231 uri)); 2232 } 2233 if (OpenCms.getStaticExportManager().isExportLink(cms, uri)) { 2234 // if we used the request's query string for getRfsName, clients could cause an unlimited number 2235 // of files to be exported just by varying the request parameters! 2236 String url = m_linkManager.getOnlineLink(cms, uri); 2237 res.sendRedirect(url); 2238 return; 2239 } 2240 } 2241 List<CmsSiteMatcher> currentSiteAliases = m_siteManager.getCurrentSite(cms).getAliases(); 2242 CmsSiteMatcher currentSiteMatcher = cms.getRequestContext().getRequestMatcher(); 2243 if (currentSiteAliases.contains(currentSiteMatcher.forDifferentScheme("http")) 2244 || currentSiteAliases.contains(currentSiteMatcher.forDifferentScheme("https"))) { 2245 int pos = currentSiteAliases.indexOf(currentSiteMatcher.forDifferentScheme("http")); 2246 if (pos == -1) { 2247 pos = currentSiteAliases.indexOf(currentSiteMatcher.forDifferentScheme("https")); 2248 } 2249 switch (currentSiteAliases.get(pos).getRedirectMode()) { 2250 case none: 2251 break; 2252 case temporary: 2253 res.sendRedirect( 2254 m_siteManager.getCurrentSite(cms).getUrl() + req.getContextPath() + req.getPathInfo()); 2255 return; 2256 case permanent: 2257 res.setHeader( 2258 CmsRequestUtil.HEADER_LOCATION, 2259 m_siteManager.getCurrentSite(cms).getUrl() + req.getContextPath() + req.getPathInfo()); 2260 res.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY); 2261 return; 2262 default: 2263 break; 2264 } 2265 } 2266 2267 // user is initialized, now deliver the requested resource 2268 CmsResource resource = initResource(cms, cms.getRequestContext().getUri(), req, res); 2269 2270 // a resource init handler may use its own authentication, but return a resource to be loaded instead of handling the complete request processing by itself. 2271 // For this case, a request context attribute is used to pass the CmsObject that should be used for loading the resource. 2272 2273 Object alternativeCmsObject = cms.getRequestContext().removeAttribute( 2274 I_CmsResourceInit.ATTR_ALTERNATIVE_CMS_OBJECT); 2275 CmsObject cmsForLoad = cms; 2276 if (alternativeCmsObject instanceof CmsObject) { 2277 // we know it's not null at this point 2278 cmsForLoad = (CmsObject)alternativeCmsObject; 2279 } 2280 if (resource != null) { 2281 boolean forceAbsoluteLinks = checkForceAbsoluteLinks(req, cms, resource); 2282 cms.getRequestContext().setForceAbsoluteLinks(forceAbsoluteLinks); 2283 2284 // a file was read, go on process it 2285 m_resourceManager.loadResource(cmsForLoad, resource, req, res); 2286 if (cmsForLoad == cms) { 2287 // if we used a different CmsObject, we don't want to update the session with either 2288 // CmsObject - it's not necessary to do it for the original CmsObject, and using the alternative CmsObject 2289 // if there is already a session would switch the session user to the one of that CmsObject. We don't 2290 // want that, since the primary use case for the alternative CmsObject mechanism is 'stateless' authentication 2291 // for resource init handlers. 2292 m_sessionManager.updateSessionInfo(cms, req); 2293 } 2294 } 2295 } 2296 2297 } catch ( 2298 2299 Throwable t) { 2300 errorHandling(cms, req, res, t); 2301 } 2302 } 2303 2304 /** 2305 * Destroys this OpenCms instance, called if the servlet (or shell) is shut down.<p> 2306 */ 2307 protected void shutDown() { 2308 2309 synchronized (LOCK) { 2310 if (getRunLevel() > OpenCms.RUNLEVEL_0_OFFLINE) { 2311 System.err.println( 2312 Messages.get().getBundle().key( 2313 Messages.LOG_SHUTDOWN_CONSOLE_NOTE_2, 2314 getSystemInfo().getVersionNumber(), 2315 getSystemInfo().getWebApplicationName())); 2316 if (CmsLog.INIT.isInfoEnabled()) { 2317 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_DOT_0)); 2318 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_DOT_0)); 2319 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_LINE_0)); 2320 CmsLog.INIT.info( 2321 Messages.get().getBundle().key( 2322 Messages.INIT_SHUTDOWN_START_1, 2323 getSystemInfo().getVersionNumber() + " [" + getSystemInfo().getVersionId() + "]")); 2324 CmsLog.INIT.info( 2325 Messages.get().getBundle().key( 2326 Messages.INIT_CURRENT_RUNLEVEL_1, 2327 Integer.valueOf(getRunLevel()))); 2328 CmsLog.INIT.info( 2329 Messages.get().getBundle().key( 2330 Messages.INIT_SHUTDOWN_TIME_1, 2331 new Date(System.currentTimeMillis()))); 2332 } 2333 2334 // take the system offline 2335 setRunLevel(OpenCms.RUNLEVEL_0_OFFLINE); 2336 2337 if (LOG.isDebugEnabled()) { 2338 // log exception to see which method did call the shutdown 2339 LOG.debug(Messages.get().getBundle().key(Messages.LOG_SHUTDOWN_TRACE_0), new Exception()); 2340 } 2341 2342 for (I_CmsStartStopHandler handler : m_startStopHandlers) { 2343 try { 2344 handler.shutdown(); 2345 } catch (Throwable e) { 2346 CmsLog.INIT.error(e.getLocalizedMessage(), e); 2347 } 2348 } 2349 2350 try { 2351 // the first thing we have to do is to wait until the current publish process finishes 2352 if (null != m_publishEngine) { 2353 m_publishEngine.shutDown(); 2354 } 2355 } catch (Throwable e) { 2356 CmsLog.INIT.error( 2357 Messages.get().getBundle().key(Messages.LOG_ERROR_PUBLISH_SHUTDOWN_1, e.getMessage()), 2358 e); 2359 } 2360 try { 2361 // search manager must be shut down early since there may be background indexing still ongoing 2362 if (m_searchManager != null) { 2363 m_searchManager.shutDown(); 2364 } 2365 } catch (Throwable e) { 2366 CmsLog.INIT.error( 2367 Messages.get().getBundle().key(Messages.LOG_ERROR_SEARCH_MANAGER_SHUTDOWN_1, e.getMessage()), 2368 e); 2369 } 2370 try { 2371 // remote shell server must be shut down early since there is a background thread ongoing that reloads from the VFS 2372 if (m_remoteShellServer != null) { 2373 m_remoteShellServer.shutDown(); 2374 } 2375 } catch (Throwable e) { 2376 CmsLog.INIT.error( 2377 Messages.get().getBundle().key(Messages.LOG_ERROR_REMOTESHELL_SHUTDOWN_1, e.getMessage()), 2378 e); 2379 } 2380 try { 2381 // VFS bundle manager must be shut down early since there is a background thread ongoing that reloads from the VFS 2382 if (m_vfsBundleManager != null) { 2383 m_vfsBundleManager.shutDown(); 2384 } 2385 } catch (Throwable e) { 2386 CmsLog.INIT.error( 2387 Messages.get().getBundle().key(Messages.LOG_ERROR_VFSBUNDLE_MANAGER_SHUTDOWN_1, e.getMessage()), 2388 e); 2389 } 2390 try { 2391 if (m_staticExportManager != null) { 2392 m_staticExportManager.shutDown(); 2393 } 2394 } catch (Throwable e) { 2395 CmsLog.INIT.error( 2396 Messages.get().getBundle().key(Messages.LOG_ERROR_EXPORT_SHUTDOWN_1, e.getMessage()), 2397 e); 2398 } 2399 try { 2400 if (m_moduleManager != null) { 2401 m_moduleManager.shutDown(); 2402 } 2403 } catch (Throwable e) { 2404 CmsLog.INIT.error( 2405 Messages.get().getBundle().key(Messages.LOG_ERROR_MODULE_SHUTDOWN_1, e.getMessage()), 2406 e); 2407 } 2408 2409 try { 2410 if (m_executor != null) { 2411 m_executor.shutdownNow(); 2412 m_executor.awaitTermination(30, TimeUnit.SECONDS); 2413 } 2414 } catch (Throwable e) { 2415 CmsLog.INIT.error( 2416 Messages.get().getBundle().key(Messages.LOG_ERROR_MODULE_SHUTDOWN_1, e.getMessage()), 2417 e); 2418 } 2419 2420 try { 2421 if (m_scheduleManager != null) { 2422 m_scheduleManager.shutDown(); 2423 } 2424 } catch (Throwable e) { 2425 CmsLog.INIT.error( 2426 Messages.get().getBundle().key(Messages.LOG_ERROR_SCHEDULE_SHUTDOWN_1, e.getMessage()), 2427 e); 2428 } 2429 try { 2430 if (m_resourceManager != null) { 2431 m_resourceManager.shutDown(); 2432 } 2433 } catch (Throwable e) { 2434 CmsLog.INIT.error( 2435 Messages.get().getBundle().key(Messages.LOG_ERROR_RESOURCE_SHUTDOWN_1, e.getMessage()), 2436 e); 2437 } 2438 2439 try { 2440 if (m_repositoryManager != null) { 2441 m_repositoryManager.shutDown(); 2442 } 2443 } catch (Throwable e) { 2444 CmsLog.INIT.error(e.getLocalizedMessage(), e); 2445 } 2446 2447 try { 2448 // has to be stopped before the security manager, since this thread uses it 2449 if (m_threadStore != null) { 2450 m_threadStore.shutDown(); 2451 } 2452 } catch (Throwable e) { 2453 CmsLog.INIT.error( 2454 Messages.get().getBundle().key(Messages.LOG_ERROR_THREAD_SHUTDOWN_1, e.getMessage()), 2455 e); 2456 } 2457 try { 2458 if (m_securityManager != null) { 2459 m_securityManager.destroy(); 2460 } 2461 } catch (Throwable e) { 2462 CmsLog.INIT.error( 2463 Messages.get().getBundle().key(Messages.LOG_ERROR_SECURITY_SHUTDOWN_1, e.getMessage()), 2464 e); 2465 } 2466 try { 2467 if (m_sessionManager != null) { 2468 m_sessionManager.shutdown(); 2469 } 2470 } catch (Throwable e) { 2471 CmsLog.INIT.error( 2472 Messages.get().getBundle().key(Messages.LOG_ERROR_SESSION_MANAGER_SHUTDOWN_1, e.getMessage()), 2473 e); 2474 } 2475 try { 2476 if (m_memoryMonitor != null) { 2477 m_memoryMonitor.shutdown(); 2478 } 2479 } catch (Throwable e) { 2480 CmsLog.INIT.error( 2481 Messages.get().getBundle().key(Messages.LOG_ERROR_MEMORY_MONITOR_SHUTDOWN_1, e.getMessage()), 2482 e); 2483 } 2484 try { 2485 if (m_adeManager != null) { 2486 m_adeManager.shutdown(); 2487 } 2488 } catch (Throwable e) { 2489 CmsLog.INIT.error( 2490 Messages.get().getBundle().key(Messages.LOG_ERROR_ADE_MANAGER_SHUTDOWN_1, e.getMessage()), 2491 e); 2492 } 2493 2494 String runtime = CmsStringUtil.formatRuntime(getSystemInfo().getRuntime()); 2495 if (CmsLog.INIT.isInfoEnabled()) { 2496 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_OPENCMS_STOPPED_1, runtime)); 2497 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_LINE_0)); 2498 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_DOT_0)); 2499 CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_DOT_0)); 2500 } 2501 System.err.println(Messages.get().getBundle().key(Messages.LOG_CONSOLE_TOTAL_RUNTIME_1, runtime)); 2502 2503 } 2504 m_instance = null; 2505 } 2506 } 2507 2508 /** 2509 * This method updates the request context information.<p> 2510 * 2511 * The update information is:<br> 2512 * <ul> 2513 * <li>Requested Url</li> 2514 * <li>Locale</li> 2515 * <li>Encoding</li> 2516 * <li>Remote Address</li> 2517 * <li>Request Time</li> 2518 * </ul> 2519 * 2520 * @param request the current request 2521 * @param cms the cms object to update the request context for 2522 * 2523 * @return a new updated cms context 2524 * 2525 * @throws CmsException if something goes wrong 2526 */ 2527 protected CmsObject updateContext(HttpServletRequest request, CmsObject cms) throws CmsException { 2528 2529 // get the right site for the request 2530 String siteRoot = null; 2531 boolean isWorkplace = cms.getRequestContext().getUri().startsWith("/system/workplace/") 2532 || request.getRequestURI().startsWith(OpenCms.getSystemInfo().getWorkplaceContext()); 2533 if (isWorkplace && getRoleManager().hasRole(cms, CmsRole.ELEMENT_AUTHOR)) { 2534 // keep the site root for workplace requests 2535 siteRoot = cms.getRequestContext().getSiteRoot(); 2536 } else { 2537 CmsSite site = OpenCms.getSiteManager().matchRequest(request); 2538 siteRoot = site.getSiteRoot(); 2539 } 2540 return initCmsObject( 2541 request, 2542 cms.getRequestContext().getCurrentUser(), 2543 siteRoot, 2544 cms.getRequestContext().getCurrentProject().getUuid(), 2545 cms.getRequestContext().getOuFqn()); 2546 } 2547 2548 /** 2549 * Upgrades to runlevel {@link OpenCms#RUNLEVEL_3_SHELL_ACCESS}, 2550 * this is shell access to the database but no Servlet context.<p> 2551 * 2552 * To upgrade the runlevel, the system must be in runlevel {@link OpenCms#RUNLEVEL_1_CORE_OBJECT}, 2553 * otherwise an exception is thrown.<p> 2554 * 2555 * @param configuration the configuration 2556 * @throws CmsInitException in case OpenCms can not be initialized 2557 * @return the initialized OpenCmsCore 2558 */ 2559 protected OpenCmsCore upgradeRunlevel(CmsParameterConfiguration configuration) throws CmsInitException { 2560 2561 synchronized (LOCK) { 2562 if ((m_instance != null) && (getRunLevel() >= OpenCms.RUNLEVEL_2_INITIALIZING)) { 2563 // instance already in runlevel 3 or 4 2564 return m_instance; 2565 } 2566 if (getRunLevel() != OpenCms.RUNLEVEL_1_CORE_OBJECT) { 2567 CmsLog.INIT.error( 2568 Messages.get().getBundle().key( 2569 Messages.LOG_WRONG_INIT_SEQUENCE_2, 2570 Integer.valueOf(3), 2571 Integer.valueOf(getRunLevel()))); 2572 return m_instance; 2573 } 2574 2575 // set the runlevel to "initializing OpenCms" 2576 setRunLevel(OpenCms.RUNLEVEL_2_INITIALIZING); 2577 // initialize the configuration 2578 m_instance.initConfiguration(configuration); 2579 // upgrade the runlevel - OpenCms shell is available 2580 setRunLevel(OpenCms.RUNLEVEL_3_SHELL_ACCESS); 2581 2582 afterUpgradeRunlevel(); 2583 2584 return m_instance; 2585 } 2586 } 2587 2588 /** 2589 * Upgrades to runlevel {@link OpenCms#RUNLEVEL_4_SERVLET_ACCESS}, 2590 * this is the final runlevel with an initialized database and Servlet context.<p> 2591 * 2592 * To upgrade the runlevel, the system must be in runlevel {@link OpenCms#RUNLEVEL_1_CORE_OBJECT}, 2593 * otherwise an exception is thrown.<p> 2594 * 2595 * @param context the current servlet context 2596 * @throws CmsInitException in case OpenCms can not be initialized 2597 * @return the initialized OpenCmsCore 2598 */ 2599 protected OpenCmsCore upgradeRunlevel(ServletContext context) throws CmsInitException { 2600 2601 synchronized (LOCK) { 2602 if ((m_instance != null) && (getRunLevel() >= OpenCms.RUNLEVEL_4_SERVLET_ACCESS)) { 2603 // instance already in runlevel 5 or 6 2604 return m_instance; 2605 } 2606 if (getRunLevel() != OpenCms.RUNLEVEL_1_CORE_OBJECT) { 2607 CmsLog.INIT.error( 2608 Messages.get().getBundle().key( 2609 Messages.LOG_WRONG_INIT_SEQUENCE_2, 2610 Integer.valueOf(4), 2611 Integer.valueOf(getRunLevel()))); 2612 return m_instance; 2613 } 2614 2615 // set the runlevel to "initializing OpenCms" 2616 setRunLevel(OpenCms.RUNLEVEL_2_INITIALIZING); 2617 // initialize the servlet context 2618 m_instance.initContext(context); 2619 // initialization successfully finished - OpenCms servlet is online 2620 // the runlevel will change from 2 directly to 4, this is on purpose 2621 setRunLevel(OpenCms.RUNLEVEL_4_SERVLET_ACCESS); 2622 2623 afterUpgradeRunlevel(); 2624 2625 return m_instance; 2626 } 2627 } 2628 2629 /** 2630 * Writes the XML configuration for the provided configuration class.<p> 2631 * 2632 * @param clazz the configuration class to write the XML for 2633 */ 2634 protected void writeConfiguration(Class<?> clazz) { 2635 2636 // exception handling is provided here to ensure identical log messages 2637 try { 2638 m_configurationManager.writeConfiguration(clazz); 2639 } catch (IOException e) { 2640 CmsLog.getLog(CmsConfigurationManager.class).error( 2641 Messages.get().getBundle().key(Messages.LOG_ERROR_WRITING_CONFIG_1, clazz.getName()), 2642 e); 2643 } catch (CmsConfigurationException e) { 2644 CmsLog.getLog(CmsConfigurationManager.class).error( 2645 Messages.get().getBundle().key(Messages.LOG_ERROR_WRITING_CONFIG_1, clazz.getName()), 2646 e); 2647 } 2648 } 2649 2650 /** 2651 * Adds the given set of export points to the list of all configured export points.<p> 2652 * 2653 * @param exportPoints the export points to add 2654 */ 2655 private void addExportPoints(Set<CmsExportPoint> exportPoints) { 2656 2657 // create a new immutable set of export points 2658 HashSet<CmsExportPoint> newSet = new HashSet<CmsExportPoint>(m_exportPoints.size() + exportPoints.size()); 2659 newSet.addAll(exportPoints); 2660 newSet.addAll(m_exportPoints); 2661 m_exportPoints = Collections.unmodifiableSet(newSet); 2662 } 2663 2664 /** 2665 * Finishes the startup sequence after last runlevel upgrade.<p> 2666 */ 2667 private void afterUpgradeRunlevel() { 2668 2669 try { 2670 // read the persistent locks 2671 m_instance.m_securityManager.readLocks(); 2672 } catch (CmsException e) { 2673 if (LOG.isErrorEnabled()) { 2674 LOG.error( 2675 org.opencms.lock.Messages.get().getBundle().key(org.opencms.lock.Messages.ERR_READ_LOCKS_0), 2676 e); 2677 } 2678 } 2679 2680 if (OpenCms.getRunLevel() == OpenCms.RUNLEVEL_4_SERVLET_ACCESS) { 2681 // only init ADE manager in case of servlet initialization, it won't be needed in case of shell access 2682 CmsThreadStatsTreeProfilingHandler stats = new CmsThreadStatsTreeProfilingHandler(); 2683 try { 2684 CmsDefaultProfilingHandler.INSTANCE.addHandler(stats); 2685 m_adeManager.initialize(); 2686 } finally { 2687 CmsDefaultProfilingHandler.INSTANCE.removeHandler(stats); 2688 if (stats.hasData()) { 2689 String adeInitData = stats.dump(); 2690 String prefix = String.format("%010X", Long.valueOf(System.currentTimeMillis() / 1000)); 2691 String path = OpenCms.getSystemInfo().getAbsoluteRfsPathRelativeToWebInf( 2692 "logs/" + prefix + "_startup-ade-driver-report.xml"); 2693 try (FileOutputStream out = new FileOutputStream(path)) { 2694 out.write(adeInitData.getBytes("UTF-8")); 2695 } catch (Exception e) { 2696 LOG.error( 2697 "Could not write ADE init profiling data to file, writing to log instead: " 2698 + e.getLocalizedMessage(), 2699 e); 2700 LOG.error(adeInitData); 2701 } 2702 } 2703 } 2704 2705 try { 2706 // get an Admin cms context object with site root set to "/" 2707 CmsObject adminCms = initCmsObject( 2708 null, 2709 null, 2710 getDefaultUsers().getUserAdmin(), 2711 (String)null, 2712 (String)null); 2713 OpenCms.getSearchManager().initSpellcheckIndex(adminCms); 2714 } catch (CmsException e) { 2715 throw new CmsInitException(Messages.get().container(Messages.ERR_CRITICAL_INIT_ADMINCMS_0), e); 2716 } 2717 2718 } 2719 // everything is initialized, now start publishing 2720 m_publishManager.startPublishing(); 2721 2722 for (I_CmsStartStopHandler handler : ServiceLoader.load(I_CmsStartStopHandler.class)) { 2723 m_startStopHandlers.add(handler); 2724 } 2725 2726 for (I_CmsStartStopHandler handler : m_startStopHandlers) { 2727 try { 2728 handler.startup(m_configAdminCms); 2729 } catch (Exception e) { 2730 LOG.error(e.getLocalizedMessage(), e); 2731 } 2732 } 2733 2734 try { 2735 CmsDiagnosticsMXBean.register(); 2736 } catch (Throwable e) { 2737 CmsLog.INIT.error(e.getLocalizedMessage(), e); 2738 } 2739 2740 } 2741 2742 /** 2743 * Checks whether 'force absolute links' mode should be enabled in request context. 2744 * 2745 * @param req the current request 2746 * @param cms the CMS context 2747 * @param resource the resource to load 2748 * 2749 * @return true if 'force absolute links' mode should be enabled 2750 */ 2751 private boolean checkForceAbsoluteLinks(HttpServletRequest req, CmsObject cms, CmsResource resource) { 2752 2753 try { 2754 boolean forceAbsoluteLinks = Boolean.parseBoolean(req.getParameter(PARAM_FORCE_ABSOLUTE_LINKS)); 2755 if (forceAbsoluteLinks) { 2756 // only need to read the property if the request parameter is actually set 2757 CmsProperty enableForceAbsoluteProp = cms.readPropertyObject( 2758 resource, 2759 CmsPropertyDefinition.PROPERTY_LINKS_FORCEABSOLUTE_ENABLED, 2760 true); 2761 return Boolean.parseBoolean(enableForceAbsoluteProp.getValue()); 2762 } else { 2763 return false; 2764 } 2765 } catch (Exception e) { 2766 LOG.warn(e.getLocalizedMessage(), e); 2767 return false; 2768 } 2769 } 2770 2771 /** 2772 * This method performs the error handling for OpenCms.<p> 2773 * 2774 * @param cms the current cms context, might be null ! 2775 * @param req the client request 2776 * @param res the client response 2777 * @param t the exception that occurred 2778 */ 2779 private void errorHandling(CmsObject cms, HttpServletRequest req, HttpServletResponse res, Throwable t) { 2780 2781 // remove the controller attribute from the request 2782 CmsFlexController.removeController(req); 2783 req.removeAttribute(CmsJspStandardContextBean.ATTRIBUTE_NAME); 2784 2785 boolean canWrite = (!res.isCommitted() && !res.containsHeader("Location")); 2786 int status = -1; 2787 boolean isGuest = true; 2788 2789 if (t instanceof ServletException) { 2790 ServletException s = (ServletException)t; 2791 if (s.getRootCause() != null) { 2792 t = s.getRootCause(); 2793 } 2794 if (CmsJspLoader.isJasperCompilerException(t)) { 2795 LOG.error(t.getLocalizedMessage()); 2796 } else { 2797 LOG.error(t.getLocalizedMessage(), t); 2798 } 2799 } else if (t instanceof CmsSecurityException) { 2800 LOG.warn(t.getLocalizedMessage() + " rendering URL " + req.getRequestURL(), t); 2801 // access error - display login dialog 2802 if (canWrite) { 2803 try { 2804 m_authorizationHandler.requestAuthorization(req, res, getLoginFormURL(req, res)); 2805 } catch (IOException ioe) { 2806 LOG.debug("Error calling authorization handler.", ioe); 2807 } 2808 return; 2809 } 2810 } else if (t instanceof CmsDbEntryNotFoundException) { 2811 LOG.warn(t.getLocalizedMessage() + " rendering URL " + req.getRequestURL(), t); 2812 // user or group does not exist 2813 status = HttpServletResponse.SC_SERVICE_UNAVAILABLE; 2814 isGuest = false; 2815 } else if (t instanceof CmsVfsResourceNotFoundException) { 2816 LOG.warn(t.getLocalizedMessage() + " rendering URL " + req.getRequestURL(), t); 2817 // file not found - display 404 error. 2818 status = HttpServletResponse.SC_NOT_FOUND; 2819 } else if (t instanceof CmsException) { 2820 LOG.error(t.getLocalizedMessage() + " rendering URL " + req.getRequestURL(), t); 2821 if (t.getCause() != null) { 2822 t = t.getCause(); 2823 } 2824 } else if (t.getClass().getName().equals("org.apache.catalina.connector.ClientAbortException")) { 2825 // only log to debug channel any exceptions caused by a client abort - this is tomcat specific 2826 LOG.debug(t.getLocalizedMessage() + " rendering URL " + req.getRequestURL(), t); 2827 } else { 2828 LOG.error(t.getLocalizedMessage() + " rendering URL " + req.getRequestURL(), t); 2829 } 2830 2831 if (status < 1) { 2832 // error code not set - set "internal server error" (500) 2833 status = HttpServletResponse.SC_INTERNAL_SERVER_ERROR; 2834 } 2835 res.setStatus(status); 2836 2837 try { 2838 if ((cms != null) && (cms.getRequestContext().getCurrentUser() != null)) { 2839 isGuest = isGuest 2840 && (cms.getRequestContext().getCurrentUser().isGuestUser() 2841 || cms.userInGroup( 2842 cms.getRequestContext().getCurrentUser().getName(), 2843 OpenCms.getDefaultUsers().getGroupGuests())); 2844 } 2845 } catch (CmsException e) { 2846 // result is false 2847 LOG.error(e.getLocalizedMessage(), e); 2848 } 2849 2850 if (canWrite) { 2851 res.setContentType("text/html"); 2852 CmsRequestUtil.setNoCacheHeaders(res); 2853 if ((status != 404) 2854 && !isGuest 2855 && (cms != null) 2856 && (!CmsJsonPartFilter.isJsonRequest(req)) 2857 && !cms.getRequestContext().getCurrentProject().isOnlineProject()) { 2858 try { 2859 res.setStatus(HttpServletResponse.SC_OK); 2860 res.getWriter().print(CmsErrorUI.getBootstrapPage(cms, t, req)); 2861 } catch (IOException e) { 2862 // can be ignored 2863 LOG.error(e.getLocalizedMessage(), e); 2864 } 2865 } else { 2866 try { 2867 res.sendError(status, t.toString()); 2868 } catch (IOException e) { 2869 // can be ignored 2870 LOG.error(e.getLocalizedMessage(), e); 2871 } 2872 } 2873 } 2874 } 2875 2876 /** 2877 * 2878 * 2879 * @param serviceName the GWT PRC service class name 2880 * @param servletConfig the servlet configuration 2881 * 2882 * @return the GWT service instance 2883 * 2884 * @throws Throwable if something goes wrong 2885 */ 2886 private synchronized CmsGwtService getGwtService(String serviceName, ServletConfig servletConfig) throws Throwable { 2887 2888 CmsGwtServiceContext context = m_gwtServiceContexts.get(serviceName); 2889 if (context == null) { 2890 context = new CmsGwtServiceContext(serviceName); 2891 m_gwtServiceContexts.put(serviceName, context); 2892 } 2893 CmsGwtService gwtService = (CmsGwtService)Class.forName(serviceName).newInstance(); 2894 gwtService.init(servletConfig); 2895 gwtService.setContext(context); 2896 return gwtService; 2897 } 2898 2899 /** 2900 * Reads the login form which should be used for authenticating the current request.<p> 2901 * 2902 * @param req current request 2903 * @param res current response 2904 * 2905 * @return the URL of the login form or <code>null</code> if not set 2906 * 2907 * @throws IOException in case of IO errors 2908 */ 2909 private String getLoginFormURL(HttpServletRequest req, HttpServletResponse res) throws IOException { 2910 2911 CmsHttpAuthenticationSettings httpAuthenticationSettings = OpenCms.getSystemInfo().getHttpAuthenticationSettings(); 2912 String loginFormURL = null; 2913 2914 // this will create an admin user with the "right" site root already set 2915 CmsObject adminCms; 2916 try { 2917 adminCms = initCmsObject(req, res, OpenCms.getDefaultUsers().getUserAdmin(), null, null); 2918 } catch (CmsException e) { 2919 // this should never happen, if it does we can't continue 2920 throw new IOException( 2921 Messages.get().getBundle().key( 2922 Messages.ERR_INVALID_INIT_USER_2, 2923 OpenCms.getDefaultUsers().getUserAdmin(), 2924 2925 null), 2926 e); 2927 } 2928 // get the requested resource 2929 String path = adminCms.getRequestContext().getUri(); 2930 CmsProperty propertyLoginForm = null; 2931 try { 2932 propertyLoginForm = adminCms.readPropertyObject(path, CmsPropertyDefinition.PROPERTY_LOGIN_FORM, true); 2933 } catch (Throwable t) { 2934 if (t instanceof CmsVfsResourceNotFoundException) { 2935 // if we can't read the property from the path, try to use the resource init handlers to find the 2936 // resource to read it from 2937 CmsResource alternativeResource = null; 2938 try { 2939 2940 try { 2941 // use null as the response to avoid side effects like redirects, etc. 2942 alternativeResource = initResource(adminCms, path, req, null); 2943 } catch (Exception e) { 2944 LOG.warn(e.getLocalizedMessage(), e); 2945 } 2946 if (alternativeResource != null) { 2947 propertyLoginForm = adminCms.readPropertyObject( 2948 adminCms.getSitePath(alternativeResource), 2949 CmsPropertyDefinition.PROPERTY_LOGIN_FORM, 2950 true); 2951 } 2952 } catch (Exception e) { 2953 LOG.error(e.getLocalizedMessage(), e); 2954 } 2955 } 2956 2957 if (propertyLoginForm == null) { 2958 if (LOG.isWarnEnabled()) { 2959 LOG.warn( 2960 Messages.get().getBundle().key( 2961 Messages.LOG_ERROR_READING_AUTH_PROP_2, 2962 CmsPropertyDefinition.PROPERTY_LOGIN_FORM, 2963 path), 2964 t); 2965 } 2966 2967 } 2968 } 2969 2970 String params = null; 2971 if ((propertyLoginForm != null) 2972 && (propertyLoginForm != CmsProperty.getNullProperty()) 2973 && CmsStringUtil.isNotEmpty(propertyLoginForm.getValue())) { 2974 // login form property value was found 2975 // build a redirect URL using the value of the property 2976 // "__loginform" is a dummy request parameter that could be used in a JSP template to trigger 2977 // if the template should display a login formular or not 2978 loginFormURL = propertyLoginForm.getValue(); 2979 params = "__loginform=true"; 2980 } else if (!httpAuthenticationSettings.useBrowserBasedHttpAuthentication() 2981 && CmsStringUtil.isNotEmpty(httpAuthenticationSettings.getFormBasedHttpAuthenticationUri())) { 2982 // login form property value not set, but form login set in configuration 2983 // build a redirect URL to the default login form URI configured in opencms.properties 2984 loginFormURL = httpAuthenticationSettings.getFormBasedHttpAuthenticationUri(); 2985 } 2986 2987 String callbackURL = CmsRequestUtil.encodeParamsWithUri(path, req); 2988 if (loginFormURL != null) { 2989 if (!loginFormURL.startsWith("http")) { 2990 loginFormURL = m_linkManager.substituteLink(adminCms, loginFormURL, null, true); 2991 } else { 2992 callbackURL = m_linkManager.getServerLink(adminCms, path); 2993 callbackURL = CmsRequestUtil.encodeParamsWithUri(callbackURL, req); 2994 } 2995 } 2996 2997 return m_authorizationHandler.getLoginFormURL(loginFormURL, params, callbackURL); 2998 } 2999 3000 /** 3001 * If we are in the Online project, check if the given resource is marked as secure, and handle it according to the secure server configuration.<p> 3002 * 3003 * @param cms the current CMS context 3004 * @param req the current request 3005 * @param res the current response 3006 * @param resource the resource to check 3007 * @param resourceName the resource path from the request 3008 * 3009 * @return the resource to replace the original resource 3010 * 3011 * @throws CmsException if something goes wrong 3012 * @throws CmsVfsResourceNotFoundException if the resource could not be found 3013 */ 3014 private CmsResource handleSecureResource( 3015 CmsObject cms, 3016 HttpServletRequest req, 3017 HttpServletResponse res, 3018 CmsResource resource, 3019 String resourceName) 3020 throws CmsException, CmsVfsResourceNotFoundException { 3021 3022 // check online project 3023 if (cms.getRequestContext().getCurrentProject().isOnlineProject() && (res != null)) { 3024 boolean secure = false; 3025 try { 3026 // check if resource is secure 3027 secure = Boolean.valueOf( 3028 cms.readPropertyObject( 3029 cms.getSitePath(resource), 3030 CmsPropertyDefinition.PROPERTY_SECURE, 3031 true).getValue()).booleanValue(); 3032 } catch (CmsVfsResourceNotFoundException e) { 3033 LOG.warn(e.getLocalizedMessage(), e); 3034 } catch (CmsException e) { 3035 LOG.error(e.getLocalizedMessage(), e); 3036 } 3037 if (secure) { 3038 CmsResource resource1 = resource; 3039 // resource is secure, check site config 3040 CmsSite site = OpenCms.getSiteManager().getCurrentSite(cms); 3041 // check the secure url 3042 String secureUrl = null; 3043 try { 3044 secureUrl = site.getSecureUrl(); 3045 } catch (Exception e) { 3046 LOG.error( 3047 Messages.get().getBundle().key(Messages.ERR_SECURE_SITE_NOT_CONFIGURED_1, resourceName), 3048 e); 3049 throw new CmsException( 3050 Messages.get().container(Messages.ERR_SECURE_SITE_NOT_CONFIGURED_1, resourceName), 3051 e); 3052 } 3053 boolean usingSec = true; 3054 if (req != null) { 3055 usingSec = req.getRequestURL().toString().toUpperCase().startsWith(secureUrl.toUpperCase()); 3056 } 3057 if (site.isExclusiveUrl() && !usingSec) { 3058 resource1 = null; 3059 // secure resource without secure protocol, check error config 3060 if (site.isExclusiveError()) { 3061 // trigger 404 error 3062 throw new CmsVfsResourceNotFoundException( 3063 Messages.get().container(Messages.ERR_REQUEST_SECURE_RESOURCE_0)); 3064 } else { 3065 // redirect 3066 String target = OpenCms.getLinkManager().getOnlineLink(cms, resourceName); 3067 if (!target.toLowerCase().startsWith(secureUrl.toLowerCase())) { 3068 Optional<String> targetWithReplacedHost = CmsStringUtil.replacePrefix( 3069 target, 3070 site.getSiteMatcher().getUrl(), 3071 secureUrl, 3072 true); 3073 if (targetWithReplacedHost.isPresent()) { 3074 target = targetWithReplacedHost.get(); 3075 } 3076 if (!target.toLowerCase().startsWith(secureUrl.toLowerCase())) { 3077 LOG.warn("Failed to generate secure URL for " + target + ", site = " + site); 3078 } 3079 } 3080 3081 try { 3082 if (site.usesPermanentRedirects()) { 3083 res.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY); 3084 res.setHeader("Location", target); 3085 } else { 3086 res.sendRedirect(target); 3087 } 3088 } catch (Exception e) { 3089 // ignore, but should never happen 3090 LOG.error("Error sending secure resource redirect.", e); 3091 } 3092 } 3093 } 3094 resource = resource1; 3095 } 3096 3097 } 3098 return resource; 3099 } 3100 3101 /** 3102 * Initializes a CmsObject with the given context information.<p> 3103 * 3104 * @param contextInfo the information for the CmsObject context to create 3105 * 3106 * @return the initialized CmsObject 3107 * 3108 * @throws CmsException if something goes wrong 3109 */ 3110 private CmsObject initCmsObject(CmsContextInfo contextInfo) throws CmsException { 3111 3112 CmsUser user = contextInfo.getUser(); 3113 if (user == null) { 3114 user = m_securityManager.readUser(null, contextInfo.getUserName()); 3115 } 3116 3117 CmsProject project = contextInfo.getProject(); 3118 if (project == null) { 3119 project = m_securityManager.readProject(contextInfo.getProjectName()); 3120 } 3121 3122 // first create the request context 3123 CmsRequestContext context = new CmsRequestContext( 3124 user, 3125 project, 3126 contextInfo.getRequestedUri(), 3127 contextInfo.getRequestMatcher(), 3128 contextInfo.getSiteRoot(), 3129 contextInfo.isSecureRequest(), 3130 contextInfo.getLocale(), 3131 contextInfo.getEncoding(), 3132 contextInfo.getRemoteAddr(), 3133 contextInfo.getRequestTime(), 3134 m_resourceManager.getFolderTranslator(), 3135 m_resourceManager.getFileTranslator(), 3136 contextInfo.getOuFqn(), 3137 contextInfo.isForceAbsoluteLinks()); 3138 context.setDetailResource(contextInfo.getDetailResource()); 3139 3140 // now initialize and return the CmsObject 3141 return new CmsObject(m_securityManager, context); 3142 } 3143 3144 /** 3145 * Initializes a {@link CmsObject} with the given users information.<p> 3146 * 3147 * @param request the current http request (or <code>null</code>) 3148 * @param user the initialized user 3149 * @param siteRoot the users current site 3150 * @param projectId the id of the users current project 3151 * @param ouFqn the organizational unit 3152 * 3153 * @return the initialized CmsObject 3154 * 3155 * @throws CmsException in case something goes wrong 3156 */ 3157 private CmsObject initCmsObject( 3158 HttpServletRequest request, 3159 CmsUser user, 3160 String siteRoot, 3161 CmsUUID projectId, 3162 String ouFqn) 3163 throws CmsException { 3164 3165 CmsProject project = null; 3166 try { 3167 project = m_securityManager.readProject(projectId); 3168 } catch (CmsDbEntryNotFoundException e) { 3169 // project not found, switch to online project 3170 project = m_securityManager.readProject(CmsProject.ONLINE_PROJECT_ID); 3171 LOG.debug("Project '" + projectId + "' was not found, switch to online project.", e); 3172 } 3173 3174 // get requested resource uri and remote IP address, as well as time for "time warp" browsing 3175 String requestedResource = null; 3176 Long requestTimeAttr = null; 3177 String remoteAddr; 3178 CmsSiteMatcher requestMatcher; 3179 3180 boolean isSecureRequest = false; 3181 if (request != null) { 3182 // get path info from request 3183 requestedResource = getPathInfo(request); 3184 3185 // check for special header for remote address 3186 remoteAddr = request.getHeader(CmsRequestUtil.HEADER_X_FORWARDED_FOR); 3187 if (remoteAddr == null) { 3188 // if header is not available, use default remote address 3189 remoteAddr = request.getRemoteAddr(); 3190 } 3191 3192 // check for special "time warp" browsing 3193 HttpSession session = request.getSession(false); 3194 if (session != null) { 3195 // no new session must be created here 3196 requestTimeAttr = (Long)session.getAttribute(CmsContextInfo.ATTRIBUTE_REQUEST_TIME); 3197 } 3198 isSecureRequest = OpenCms.getSiteManager().usesSecureSite(request); 3199 3200 // create the request matcher 3201 requestMatcher = new CmsSiteMatcher(request.getRequestURL().toString()); 3202 3203 } else { 3204 // if no request is available, the IP is always set to localhost 3205 remoteAddr = CmsContextInfo.LOCALHOST; 3206 // also the request matcher is always the workplace server 3207 requestMatcher = OpenCms.getSiteManager().getWorkplaceSiteMatcher(); 3208 } 3209 if (requestedResource == null) { 3210 // path info can still be null 3211 requestedResource = "/"; 3212 } 3213 3214 // calculate the request time 3215 long requestTime; 3216 if (requestTimeAttr == null) { 3217 requestTime = System.currentTimeMillis(); 3218 } else { 3219 requestTime = requestTimeAttr.longValue(); 3220 } 3221 3222 // get locale and encoding 3223 CmsI18nInfo i18nInfo; 3224 if (m_localeManager.isInitialized()) { 3225 // locale manager is initialized 3226 // resolve locale and encoding 3227 if ((request != null) 3228 && (requestedResource.endsWith(OpenCmsServlet.HANDLE_GWT) || isWorkplaceServletRequest(request))) { 3229 // GWT RPC or workplace servlet call, always keep the request encoding and use the default locale 3230 i18nInfo = new CmsI18nInfo(CmsLocaleManager.getDefaultLocale(), request.getCharacterEncoding()); 3231 } else { 3232 String resourceName; 3233 if (requestedResource.startsWith(CmsWorkplace.VFS_PATH_SYSTEM)) { 3234 // add site root only if resource name does not start with "/system" 3235 resourceName = requestedResource; 3236 } else if (OpenCms.getSiteManager().startsWithShared(requestedResource)) { 3237 resourceName = requestedResource; 3238 } else { 3239 resourceName = siteRoot.concat(requestedResource); 3240 } 3241 i18nInfo = m_localeManager.getI18nInfo(request, user, project, resourceName); 3242 } 3243 } else { 3244 // locale manager not initialized, this will be true _only_ during system startup 3245 // the values set does not matter, no locale information form VFS is used on system startup 3246 // this is just to protect against null pointer exceptions 3247 i18nInfo = new CmsI18nInfo(Locale.ENGLISH, getSystemInfo().getDefaultEncoding()); 3248 } 3249 3250 // decode the requested resource, always using UTF-8 3251 requestedResource = CmsEncoder.decode(requestedResource); 3252 3253 // in case the current site could be configured for single tree localization, if so, remove the locale prefix if present 3254 CmsSite site = OpenCms.getSiteManager().getSiteForSiteRoot(siteRoot); 3255 if ((site != null) && CmsSite.LocalizationMode.singleTree.equals(site.getLocalizationMode())) { 3256 Locale locale = CmsSingleTreeLocaleHandler.getLocaleFromPath(requestedResource); 3257 if (locale != null) { 3258 requestedResource = requestedResource.substring( 3259 requestedResource.indexOf(locale.toString()) + locale.toString().length()); 3260 } 3261 } 3262 3263 // initialize the context info 3264 CmsContextInfo contextInfo = new CmsContextInfo( 3265 user, 3266 project, 3267 requestedResource, 3268 requestMatcher, 3269 siteRoot, 3270 isSecureRequest, 3271 i18nInfo.getLocale(), 3272 i18nInfo.getEncoding(), 3273 remoteAddr, 3274 requestTime, 3275 ouFqn, 3276 false); 3277 3278 // now generate and return the CmsObject 3279 return initCmsObject(contextInfo); 3280 } 3281 3282 /** 3283 * Handles the user authentification for each request sent to OpenCms.<p> 3284 * 3285 * User authentification is done in three steps: 3286 * <ol> 3287 * <li>Session authentification: OpenCms stores information of all authentificated 3288 * users in an internal storage based on the users session.</li> 3289 * <li>Authorization handler authentification: If the session authentification fails, 3290 * the current configured authorization handler is called.</li> 3291 * <li>Default user: When both authentification methods fail, the user is set to 3292 * the default (Guest) user.</li> 3293 * </ol> 3294 * 3295 * @param req the current http request 3296 * @param res the current http response 3297 * 3298 * @return the initialized cms context 3299 * 3300 * @throws IOException if user authentication fails 3301 * @throws CmsException in case something goes wrong 3302 */ 3303 private CmsObject initCmsObject(HttpServletRequest req, HttpServletResponse res) throws IOException, CmsException { 3304 3305 return initCmsObject(req, res, true); 3306 } 3307 3308 /** 3309 * Returns an initialized CmsObject with the given users permissions.<p> 3310 * 3311 * In case the password is <code>null</code>, or the user is the <code>Guest</code> user, 3312 * no password check is done. Therefore you can initialize all users without knowing their passwords 3313 * by just supplying <code>null</code> as password. This is intended only for 3314 * internal operation in the core.<p> 3315 * 3316 * @param req the current request 3317 * @param res the current response 3318 * @param user the user to initialize the CmsObject with 3319 * @param password the password of the user 3320 * @param ouFqn the organizational unit, if <code>null</code> the users ou is used 3321 * 3322 * @return a cms context that has been initialized with "Guest" permissions 3323 * 3324 * @throws CmsException in case the CmsObject could not be initialized 3325 */ 3326 private CmsObject initCmsObject( 3327 HttpServletRequest req, 3328 HttpServletResponse res, 3329 String user, 3330 String password, 3331 String ouFqn) 3332 throws CmsException { 3333 3334 String siteroot = null; 3335 // gather information from request if provided 3336 if (req != null) { 3337 siteroot = OpenCms.getSiteManager().matchRequest(req).getSiteRoot(); 3338 } 3339 // initialize the user 3340 if (user == null) { 3341 user = getDefaultUsers().getUserGuest(); 3342 } 3343 if (siteroot == null) { 3344 siteroot = "/"; 3345 } 3346 CmsObject cms = initCmsObject( 3347 req, 3348 m_securityManager.readUser(null, user), 3349 siteroot, 3350 CmsProject.ONLINE_PROJECT_ID, 3351 ouFqn); 3352 // login the user if different from Guest and password was provided 3353 if ((password != null) && !getDefaultUsers().isUserGuest(user)) { 3354 cms.loginUser(user, password, CmsContextInfo.LOCALHOST); 3355 } 3356 return cms; 3357 } 3358 3359 /** 3360 * Checks whether the given request targets the workplace UI servlet.<p> 3361 * 3362 * @param req the request 3363 * 3364 * @return <code>true</code> in case the given request targets the workplace UI servlet 3365 */ 3366 private boolean isWorkplaceServletRequest(HttpServletRequest req) { 3367 3368 String servletPath = req.getServletPath(); 3369 return (servletPath != null) && servletPath.startsWith(CmsSystemInfo.WORKPLACE_PATH); 3370 } 3371 3372 /** 3373 * Sets the init level of this OpenCmsCore object instance.<p> 3374 * 3375 * For a detailed description about the possible run levels, 3376 * please see {@link OpenCms#getRunLevel()}.<p> 3377 * 3378 * @param level the level to set 3379 */ 3380 private void setRunLevel(int level) { 3381 3382 if (m_instance != null) { 3383 if (m_instance.m_runLevel >= OpenCms.RUNLEVEL_1_CORE_OBJECT) { 3384 // otherwise the log is not available 3385 if (CmsLog.INIT.isInfoEnabled()) { 3386 CmsLog.INIT.info( 3387 Messages.get().getBundle().key( 3388 Messages.INIT_RUNLEVEL_CHANGE_2, 3389 Integer.valueOf(m_instance.m_runLevel), 3390 Integer.valueOf(level))); 3391 } 3392 } 3393 m_instance.m_runLevel = level; 3394 } 3395 } 3396 3397}