001/*
002 * This library is part of OpenCms -
003 * the Open Source Content Management System
004 *
005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
006 *
007 * This library is free software; you can redistribute it and/or
008 * modify it under the terms of the GNU Lesser General Public
009 * License as published by the Free Software Foundation; either
010 * version 2.1 of the License, or (at your option) any later version.
011 *
012 * This library is distributed in the hope that it will be useful,
013 * but WITHOUT ANY WARRANTY; without even the implied warranty of
014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015 * Lesser General Public License for more details.
016 *
017 * For further information about Alkacon Software, please see the
018 * company website: http://www.alkacon.com
019 *
020 * For further information about OpenCms, please see the
021 * project website: http://www.opencms.org
022 *
023 * You should have received a copy of the GNU Lesser General Public
024 * License along with this library; if not, write to the Free Software
025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
026 */
027
028package org.opencms.main;
029
030import org.opencms.file.CmsObject;
031
032import java.io.IOException;
033
034import javax.servlet.Filter;
035import javax.servlet.FilterChain;
036import javax.servlet.FilterConfig;
037import javax.servlet.ServletException;
038import javax.servlet.ServletRequest;
039import javax.servlet.ServletResponse;
040import javax.servlet.http.HttpServletRequest;
041import javax.servlet.http.HttpServletResponse;
042
043import org.apache.commons.logging.Log;
044
045/**
046 * Filter access to statically exported resources while checking permissions.<p>
047 */
048public class OpenCmsProtectedExportFilter implements Filter {
049
050    /** The static log object for this class. */
051    private static final Log LOG = CmsLog.getLog(OpenCmsProtectedExportFilter.class);
052
053    /** The protected export path prefix. */
054    private String m_prefix;
055
056    /**
057     * @see javax.servlet.Filter#destroy()
058     */
059    public void destroy() {
060
061        m_prefix = null;
062    }
063
064    /**
065    * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
066    */
067    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
068    throws IOException, ServletException {
069
070        if ((OpenCms.getStaticExportManager().getProtectedExportPath() != null)
071            && (req instanceof HttpServletRequest)) {
072            HttpServletRequest request = (HttpServletRequest)req;
073            String uri = request.getRequestURI();
074            if (uri.startsWith(getPrefix())) {
075                // direct access to the protected export folder is forbidden
076                ((HttpServletResponse)res).sendError(HttpServletResponse.SC_FORBIDDEN);
077                return;
078            }
079            try {
080                CmsObject cms = OpenCmsCore.getInstance().initCmsObject(request, (HttpServletResponse)res, false);
081                if (cms.getRequestContext().getCurrentProject().isOnlineProject()) {
082
083                    String rootPath = OpenCms.getLinkManager().getRootPath(cms, uri);
084                    if (rootPath != null) {
085                        String rfsName = OpenCms.getStaticExportManager().getProtectedExportName(rootPath);
086                        if (rfsName != null) {
087                            cms = OpenCms.initCmsObject(cms);
088                            cms.getRequestContext().setSiteRoot("");
089                            if (cms.existsResource(rootPath)) {
090                                req.getRequestDispatcher(rfsName).forward(request, res);
091                                return;
092                            }
093                        }
094                    }
095                }
096            } catch (Exception e) {
097                LOG.error(e.getLocalizedMessage(), e);
098            }
099        }
100        chain.doFilter(req, res);
101    }
102
103    /**
104     * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
105     */
106    public void init(FilterConfig arg0) {
107
108        // nothing to do
109    }
110
111    /**
112     * Returns the protected export path prefix.<p>
113     *
114     * @return the path prefix
115     */
116    private String getPrefix() {
117
118        if (m_prefix == null) {
119            m_prefix = OpenCms.getSystemInfo().getContextPath()
120                + "/"
121                + OpenCms.getStaticExportManager().getProtectedExportPath()
122                + "/";
123        }
124        return m_prefix;
125    }
126}