1 package com.dotmarketing.filters; 2 3 import java.io.IOException ; 4 import java.util.List ; 5 6 import javax.servlet.Filter ; 7 import javax.servlet.FilterChain ; 8 import javax.servlet.FilterConfig ; 9 import javax.servlet.ServletException ; 10 import javax.servlet.ServletRequest ; 11 import javax.servlet.ServletResponse ; 12 import javax.servlet.http.HttpServletRequest ; 13 import javax.servlet.http.HttpServletResponse ; 14 import javax.servlet.http.HttpSession ; 15 16 import org.apache.commons.logging.LogFactory; 17 import org.apache.struts.Globals; 18 19 import com.dotmarketing.beans.Host; 20 import com.dotmarketing.beans.Identifier; 21 import com.dotmarketing.cache.IdentifierCache; 22 import com.dotmarketing.cache.LiveCache; 23 import com.dotmarketing.cache.PageNotFoundCache; 24 import com.dotmarketing.cache.PermissionCache; 25 import com.dotmarketing.cache.VirtualLinksCache; 26 import com.dotmarketing.cache.WorkingCache; 27 import com.dotmarketing.factories.HostFactory; 28 import com.dotmarketing.factories.PermissionFactory; 29 import com.dotmarketing.portlets.files.factories.FileFactory; 30 import com.dotmarketing.portlets.folders.factories.FolderFactory; 31 import com.dotmarketing.util.Config; 32 import com.dotmarketing.util.Logger; 33 import com.dotmarketing.util.UtilMethods; 34 import com.dotmarketing.util.WebKeys; 35 import com.dotmarketing.velocity.VelocityServlet; 36 import com.liferay.portal.model.User; 37 import com.liferay.util.ObjectValuePair; 38 39 public class CMSFilter implements Filter { 40 41 public void destroy() { 42 43 } 44 45 String ASSET_PATH = null; 46 47 String VELOCITY_PAGE_EXTENSION = null; 48 49 public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException , ServletException { 50 51 HttpServletRequest request = (HttpServletRequest ) req; 52 HttpServletResponse response = (HttpServletResponse ) res; 53 HttpSession session = request.getSession(false); 54 String uri = request.getRequestURI(); 55 56 60 if (uri.startsWith("/html") || uri.trim().equals("/c") || uri.trim().equals("/c/") || uri.startsWith("/c/portal") 61 || uri.startsWith("/portal") || uri.startsWith("/icon") || uri.startsWith("/dwr") || uri.startsWith("/titleServlet") 62 || uri.startsWith("/xspf") || uri.startsWith("/thumbnail") || uri.startsWith("/image/company_logo") 63 || uri.startsWith(Config.getStringProperty("SAVED_UPLOAD_FILES_PATH"))) { 64 chain.doFilter(request, response); 65 return; 66 } 67 68 boolean ADMIN_MODE = false; 70 boolean EDIT_MODE = false; 71 boolean PREVIEW_MODE = false; 72 73 LogFactory.getLog(this.getClass()).debug("CMS Filter URI = " + uri); 74 75 if (session != null) { 76 if (session.getAttribute(Globals.ERROR_KEY) != null) { 78 request.setAttribute(Globals.ERROR_KEY, session.getAttribute(Globals.ERROR_KEY)); 79 session.removeAttribute(Globals.ERROR_KEY); 80 } 81 if (session.getAttribute(Globals.MESSAGE_KEY) != null) { 82 request.setAttribute(Globals.MESSAGE_KEY, session.getAttribute(Globals.MESSAGE_KEY)); 83 session.removeAttribute(Globals.MESSAGE_KEY); 84 } 85 ADMIN_MODE = (session.getAttribute(com.dotmarketing.util.WebKeys.ADMIN_MODE_SESSION) != null); 87 PREVIEW_MODE = (session.getAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION) != null && ADMIN_MODE); 88 EDIT_MODE = (session.getAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION) != null && ADMIN_MODE); 89 90 if (request.getParameter("livePage") != null && request.getParameter("livePage").equals("1")) { 91 PREVIEW_MODE = false; 92 EDIT_MODE = false; 93 session.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, null); 94 request.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, null); 95 session.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, null); 96 request.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, null); 97 LogFactory.getLog(this.getClass()).debug("CMS FILTER Cleaning PREVIEW_MODE_SESSION LIVE!!!!"); 98 99 } 100 101 if (request.getParameter("previewPage") != null && request.getParameter("previewPage").equals("1")) { 102 PREVIEW_MODE = false; 103 EDIT_MODE = true; 104 session.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, null); 105 request.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, null); 106 session.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, "true"); 107 request.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, "true"); 108 LogFactory.getLog(this.getClass()).debug("CMS FILTER Cleaning EDIT_MODE_SESSION PREVIEW!!!!"); 109 } 110 111 if (request.getParameter("previewPage") != null && request.getParameter("previewPage").equals("2")) { 112 PREVIEW_MODE = true; 113 EDIT_MODE = false; 114 session.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, "true"); 115 request.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, "true"); 116 session.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, null); 117 request.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, null); 118 LogFactory.getLog(this.getClass()).debug("CMS FILTER Cleaning PREVIEW_MODE_SESSION PREVIEW!!!!"); 119 } 120 } 121 125 if (request.getAttribute(WebKeys.CMSFILTER_REDIRECTING) == null) { 126 127 130 Host host = null; 132 String pageHostId = request.getParameter("host_id"); 133 if (pageHostId != null && EDIT_MODE && session != null) { 134 host = HostFactory.getHost(pageHostId); 135 HostFactory.setHostInRequest(request, host); 136 session.setAttribute(WebKeys.CURRENT_HOST, host); 137 } else { 138 host = HostFactory.getCurrentHost(request, EDIT_MODE); 139 } 140 141 145 146 if (uri.startsWith(ASSET_PATH)) { 147 response.sendError(403, "Forbidden"); 148 return; 149 } 150 151 request.setAttribute(WebKeys.CMSFILTER_REDIRECTING, "1"); 152 153 String pointer = null; 154 155 if (PREVIEW_MODE || EDIT_MODE) { 156 pointer = WorkingCache.getPathFromCache(uri, host); 157 if (!UtilMethods.isSet(pointer) 158 && (uri.endsWith(Config.getStringProperty("VELOCITY_PAGE_EXTENSION")) || FolderFactory.getFolderByPath(uri, host).getInode() > 0)) { 159 String url = uri; 160 if (!uri.endsWith(Config.getStringProperty("VELOCITY_PAGE_EXTENSION"))) { 161 url = url + "index." + Config.getStringProperty("VELOCITY_PAGE_EXTENSION"); 162 } 163 request.getRequestDispatcher("/html/portlet/ext/htmlpages/page_not_found_404.jsp?url=" + url + "&hostId=" + host.getInode()) 164 .forward(req, res); 165 return; 166 } 167 LogFactory.getLog(this.getClass()).debug("CMS preview pointer = " + uri + ":" + pointer); 168 } else { 169 170 if (PageNotFoundCache.getPageFromCache(uri) != null) { 171 response.sendError(404); 172 return; 173 } else { 174 pointer = LiveCache.getPathFromCache(uri, host); 175 LogFactory.getLog(this.getClass()).debug("CMS live pointer = " + uri + ":" + pointer); 176 } 177 } 178 179 if (UtilMethods.isSet(pointer) && (pointer.startsWith("http://") || pointer.startsWith("https://"))) { 181 response.sendRedirect(pointer); 182 return; 183 } 184 185 if (!UtilMethods.isSet(pointer)) { 187 if (uri.endsWith("/")) 188 uri = uri.substring(0, uri.length() - 1); 189 pointer = VirtualLinksCache.getPathFromCache(host.getHostname() + ":" + uri); 190 if (!UtilMethods.isSet(pointer)) { 191 pointer = VirtualLinksCache.getPathFromCache(uri); 192 } 193 194 if (UtilMethods.isSet(pointer)) { 195 LogFactory.getLog(this.getClass()).warn("CMS found virtual link pointer = " + uri + ":" + pointer); 196 request.setAttribute(WebKeys.VIRTUAL_LINK, uri); 197 } 198 199 } 200 201 if (UtilMethods.isSet(pointer)) { 202 if (!pointer.endsWith(VELOCITY_PAGE_EXTENSION)) { 203 User user = null; 205 try { 206 if (session != null) 207 user = (com.liferay.portal.model.User) session.getAttribute(com.dotmarketing.util.WebKeys.CMS_USER); 208 } catch (Exception nsue) { 209 Logger.warn(this, "Exception trying to getUser: " + nsue.getMessage(), nsue); 210 } 211 212 boolean signedIn = false; 213 if (user != null) { 214 signedIn = true; 215 } 216 217 List permissions = PermissionCache.getRoleNamesWithReadPermissionFromCache(uri, host); 218 if (!permissions.contains(Config.getStringProperty("CMS_ANONYMOUS_ROLE"))) { 219 220 221 229 230 231 232 233 234 if (!signedIn) { 236 request.getSession().setAttribute(com.liferay.portal.util.WebKeys.LAST_PATH, 239 new ObjectValuePair(uri, request.getParameterMap())); 240 request.getSession().setAttribute(com.dotmarketing.util.WebKeys.REDIRECT_AFTER_LOGIN, uri); 241 242 LogFactory.getLog(VelocityServlet.class).debug("VELOCITY CHECKING PERMISSION: Page doesn't have anonymous access" + uri); 243 244 245 LogFactory.getLog(VelocityServlet.class).debug("Unauthorized URI = " + uri); 246 response.sendError(401, "The requested page/file is unauthorized"); 247 return; 248 249 } else { 250 LogFactory.getLog(VelocityServlet.class).debug("VELOCITY CHECKING PERMISSION: User signed in"); 252 253 if (!PermissionFactory.userHasReadPermission(user, permissions)) { 255 LogFactory.getLog(VelocityServlet.class).warn( 259 "VELOCITY CHECKING PERMISSION: Page doesn't have any access for this user"); 260 response.sendError(403, "The requested page/file is forbidden"); 261 return; 262 } 263 } 264 } 265 String mimeType = new javax.activation.MimetypesFileTypeMap ().getContentType(Config.CONTEXT.getRealPath(pointer)); 266 response.setContentType(mimeType); 267 } 268 if (UtilMethods.isSet(pointer) && (pointer.startsWith("http://") || pointer.startsWith("https://"))) { 269 response.sendRedirect(pointer); 270 return; 271 } 272 273 LogFactory.getLog(this.getClass()).debug("CMS Filter going to redirect to pointer"); 274 if (pointer.endsWith(VELOCITY_PAGE_EXTENSION) || !UtilMethods.isSet(Config.getStringProperty("ASSET_REAL_PATH"))) { 275 request.getRequestDispatcher(pointer).forward(request, response); 278 279 } 280 281 else { 282 request.getRequestDispatcher("/dotAsset/" + pointer).forward(request, response); 283 } 284 return; 285 286 } 287 288 } 289 290 294 295 chain.doFilter(request, response); 296 297 } 298 299 public void init(FilterConfig config) throws ServletException { 300 VELOCITY_PAGE_EXTENSION = Config.getStringProperty("VELOCITY_PAGE_EXTENSION"); 301 ASSET_PATH = FileFactory.getRelativeAssetsRootPath(); 302 } 303 304 } | Popular Tags |