001/* 002 * This library is part of OpenCms - 003 * the Open Source Content Management System 004 * 005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com) 006 * 007 * This library is free software; you can redistribute it and/or 008 * modify it under the terms of the GNU Lesser General Public 009 * License as published by the Free Software Foundation; either 010 * version 2.1 of the License, or (at your option) any later version. 011 * 012 * This library is distributed in the hope that it will be useful, 013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 015 * Lesser General Public License for more details. 016 * 017 * For further information about Alkacon Software, please see the 018 * company website: http://www.alkacon.com 019 * 020 * For further information about OpenCms, please see the 021 * project website: http://www.opencms.org 022 * 023 * You should have received a copy of the GNU Lesser General Public 024 * License along with this library; if not, write to the Free Software 025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 026 */ 027 028package org.opencms.main; 029 030import org.opencms.file.CmsObject; 031 032import java.io.IOException; 033 034import javax.servlet.Filter; 035import javax.servlet.FilterChain; 036import javax.servlet.FilterConfig; 037import javax.servlet.ServletException; 038import javax.servlet.ServletRequest; 039import javax.servlet.ServletResponse; 040import javax.servlet.http.HttpServletRequest; 041import javax.servlet.http.HttpServletResponse; 042 043import org.apache.commons.logging.Log; 044 045/** 046 * Filter access to statically exported resources while checking permissions.<p> 047 */ 048public class OpenCmsProtectedExportFilter implements Filter { 049 050 /** The static log object for this class. */ 051 private static final Log LOG = CmsLog.getLog(OpenCmsProtectedExportFilter.class); 052 053 /** The protected export path prefix. */ 054 private String m_prefix; 055 056 /** 057 * @see javax.servlet.Filter#destroy() 058 */ 059 public void destroy() { 060 061 m_prefix = null; 062 } 063 064 /** 065 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) 066 */ 067 public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) 068 throws IOException, ServletException { 069 070 if ((OpenCms.getStaticExportManager().getProtectedExportPath() != null) 071 && (req instanceof HttpServletRequest)) { 072 HttpServletRequest request = (HttpServletRequest)req; 073 String uri = request.getRequestURI(); 074 if (uri.startsWith(getPrefix())) { 075 // direct access to the protected export folder is forbidden 076 ((HttpServletResponse)res).sendError(HttpServletResponse.SC_FORBIDDEN); 077 return; 078 } 079 try { 080 CmsObject cms = OpenCmsCore.getInstance().initCmsObject(request, (HttpServletResponse)res, false); 081 if (cms.getRequestContext().getCurrentProject().isOnlineProject()) { 082 083 String rootPath = OpenCms.getLinkManager().getRootPath(cms, uri); 084 if (rootPath != null) { 085 String rfsName = OpenCms.getStaticExportManager().getProtectedExportName(rootPath); 086 if (rfsName != null) { 087 cms = OpenCms.initCmsObject(cms); 088 cms.getRequestContext().setSiteRoot(""); 089 if (cms.existsResource(rootPath)) { 090 req.getRequestDispatcher(rfsName).forward(request, res); 091 return; 092 } 093 } 094 } 095 } 096 } catch (Exception e) { 097 LOG.error(e.getLocalizedMessage(), e); 098 } 099 } 100 chain.doFilter(req, res); 101 } 102 103 /** 104 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) 105 */ 106 public void init(FilterConfig arg0) { 107 108 // nothing to do 109 } 110 111 /** 112 * Returns the protected export path prefix.<p> 113 * 114 * @return the path prefix 115 */ 116 private String getPrefix() { 117 118 if (m_prefix == null) { 119 m_prefix = OpenCms.getSystemInfo().getContextPath() 120 + "/" 121 + OpenCms.getStaticExportManager().getProtectedExportPath() 122 + "/"; 123 } 124 return m_prefix; 125 } 126}