KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > dotmarketing > filters > CMSFilter


1 package com.dotmarketing.filters;
2
3 import java.io.IOException JavaDoc;
4 import java.util.List JavaDoc;
5
6 import javax.servlet.Filter JavaDoc;
7 import javax.servlet.FilterChain JavaDoc;
8 import javax.servlet.FilterConfig JavaDoc;
9 import javax.servlet.ServletException JavaDoc;
10 import javax.servlet.ServletRequest JavaDoc;
11 import javax.servlet.ServletResponse JavaDoc;
12 import javax.servlet.http.HttpServletRequest JavaDoc;
13 import javax.servlet.http.HttpServletResponse JavaDoc;
14 import javax.servlet.http.HttpSession JavaDoc;
15
16 import org.apache.commons.logging.LogFactory;
17 import org.apache.struts.Globals;
18
19 import com.dotmarketing.beans.Host;
20 import com.dotmarketing.beans.Identifier;
21 import com.dotmarketing.cache.IdentifierCache;
22 import com.dotmarketing.cache.LiveCache;
23 import com.dotmarketing.cache.PageNotFoundCache;
24 import com.dotmarketing.cache.PermissionCache;
25 import com.dotmarketing.cache.VirtualLinksCache;
26 import com.dotmarketing.cache.WorkingCache;
27 import com.dotmarketing.factories.HostFactory;
28 import com.dotmarketing.factories.PermissionFactory;
29 import com.dotmarketing.portlets.files.factories.FileFactory;
30 import com.dotmarketing.portlets.folders.factories.FolderFactory;
31 import com.dotmarketing.util.Config;
32 import com.dotmarketing.util.Logger;
33 import com.dotmarketing.util.UtilMethods;
34 import com.dotmarketing.util.WebKeys;
35 import com.dotmarketing.velocity.VelocityServlet;
36 import com.liferay.portal.model.User;
37 import com.liferay.util.ObjectValuePair;
38
39 public class CMSFilter implements Filter JavaDoc {
40
41     public void destroy() {
42
43     }
44
45     String JavaDoc ASSET_PATH = null;
46
47     String JavaDoc VELOCITY_PAGE_EXTENSION = null;
48
49     public void doFilter(ServletRequest JavaDoc req, ServletResponse JavaDoc res, FilterChain JavaDoc chain) throws IOException JavaDoc, ServletException JavaDoc {
50
51         HttpServletRequest JavaDoc request = (HttpServletRequest JavaDoc) req;
52         HttpServletResponse JavaDoc response = (HttpServletResponse JavaDoc) res;
53         HttpSession JavaDoc session = request.getSession(false);
54         String JavaDoc uri = request.getRequestURI();
55
56         /*
57          * Here is a list of directories that we will ignore b/c of legacy code
58          * and servlet mappings. This is a mess and should be much cleaner
59          */
60         if (uri.startsWith("/html") || uri.trim().equals("/c") || uri.trim().equals("/c/") || uri.startsWith("/c/portal")
61                 || uri.startsWith("/portal") || uri.startsWith("/icon") || uri.startsWith("/dwr") || uri.startsWith("/titleServlet")
62                 || uri.startsWith("/xspf") || uri.startsWith("/thumbnail") || uri.startsWith("/image/company_logo")
63                 || uri.startsWith(Config.getStringProperty("SAVED_UPLOAD_FILES_PATH"))) {
64             chain.doFilter(request, response);
65             return;
66         }
67
68         // set the preview mode
69 boolean ADMIN_MODE = false;
70         boolean EDIT_MODE = false;
71         boolean PREVIEW_MODE = false;
72
73         LogFactory.getLog(this.getClass()).debug("CMS Filter URI = " + uri);
74
75         if (session != null) {
76             // struts crappy messages have to be retrived from session
77 if (session.getAttribute(Globals.ERROR_KEY) != null) {
78                 request.setAttribute(Globals.ERROR_KEY, session.getAttribute(Globals.ERROR_KEY));
79                 session.removeAttribute(Globals.ERROR_KEY);
80             }
81             if (session.getAttribute(Globals.MESSAGE_KEY) != null) {
82                 request.setAttribute(Globals.MESSAGE_KEY, session.getAttribute(Globals.MESSAGE_KEY));
83                 session.removeAttribute(Globals.MESSAGE_KEY);
84             }
85             // set the preview mode
86 ADMIN_MODE = (session.getAttribute(com.dotmarketing.util.WebKeys.ADMIN_MODE_SESSION) != null);
87             PREVIEW_MODE = (session.getAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION) != null && ADMIN_MODE);
88             EDIT_MODE = (session.getAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION) != null && ADMIN_MODE);
89
90             if (request.getParameter("livePage") != null && request.getParameter("livePage").equals("1")) {
91                 PREVIEW_MODE = false;
92                 EDIT_MODE = false;
93                 session.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, null);
94                 request.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, null);
95                 session.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, null);
96                 request.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, null);
97                 LogFactory.getLog(this.getClass()).debug("CMS FILTER Cleaning PREVIEW_MODE_SESSION LIVE!!!!");
98
99             }
100
101             if (request.getParameter("previewPage") != null && request.getParameter("previewPage").equals("1")) {
102                 PREVIEW_MODE = false;
103                 EDIT_MODE = true;
104                 session.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, null);
105                 request.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, null);
106                 session.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, "true");
107                 request.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, "true");
108                 LogFactory.getLog(this.getClass()).debug("CMS FILTER Cleaning EDIT_MODE_SESSION PREVIEW!!!!");
109             }
110
111             if (request.getParameter("previewPage") != null && request.getParameter("previewPage").equals("2")) {
112                 PREVIEW_MODE = true;
113                 EDIT_MODE = false;
114                 session.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, "true");
115                 request.setAttribute(com.dotmarketing.util.WebKeys.PREVIEW_MODE_SESSION, "true");
116                 session.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, null);
117                 request.setAttribute(com.dotmarketing.util.WebKeys.EDIT_MODE_SESSION, null);
118                 LogFactory.getLog(this.getClass()).debug("CMS FILTER Cleaning PREVIEW_MODE_SESSION PREVIEW!!!!");
119             }
120         }
121         /*
122          * This "if" prevented the filter from running twice
123          *
124          */
125         if (request.getAttribute(WebKeys.CMSFILTER_REDIRECTING) == null) {
126
127             /*
128              * Getting host object form the session
129              */
130             // Host host = HostFactory.getCurrentHost(request);
131 Host host = null;
132             String JavaDoc pageHostId = request.getParameter("host_id");
133             if (pageHostId != null && EDIT_MODE && session != null) {
134                 host = HostFactory.getHost(pageHostId);
135                 HostFactory.setHostInRequest(request, host);
136                 session.setAttribute(WebKeys.CURRENT_HOST, host);
137             } else {
138                 host = HostFactory.getCurrentHost(request, EDIT_MODE);
139             }
140
141             /*
142              * If someone is trying to go right to an asset without going
143              * through the cms, give them a 404
144              */
145
146             if (uri.startsWith(ASSET_PATH)) {
147                 response.sendError(403, "Forbidden");
148                 return;
149             }
150
151             request.setAttribute(WebKeys.CMSFILTER_REDIRECTING, "1");
152
153             String JavaDoc pointer = null;
154
155             if (PREVIEW_MODE || EDIT_MODE) {
156                 pointer = WorkingCache.getPathFromCache(uri, host);
157                 if (!UtilMethods.isSet(pointer)
158                         && (uri.endsWith(Config.getStringProperty("VELOCITY_PAGE_EXTENSION")) || FolderFactory.getFolderByPath(uri, host).getInode() > 0)) {
159                     String JavaDoc url = uri;
160                     if (!uri.endsWith(Config.getStringProperty("VELOCITY_PAGE_EXTENSION"))) {
161                         url = url + "index." + Config.getStringProperty("VELOCITY_PAGE_EXTENSION");
162                     }
163                     request.getRequestDispatcher("/html/portlet/ext/htmlpages/page_not_found_404.jsp?url=" + url + "&hostId=" + host.getInode())
164                             .forward(req, res);
165                     return;
166                 }
167                 LogFactory.getLog(this.getClass()).debug("CMS preview pointer = " + uri + ":" + pointer);
168             } else {
169
170                 if (PageNotFoundCache.getPageFromCache(uri) != null) {
171                     response.sendError(404);
172                     return;
173                 } else {
174                     pointer = LiveCache.getPathFromCache(uri, host);
175                     LogFactory.getLog(this.getClass()).debug("CMS live pointer = " + uri + ":" + pointer);
176                 }
177             }
178
179             // if absolute link somewhere else
180 if (UtilMethods.isSet(pointer) && (pointer.startsWith("http://") || pointer.startsWith("https://"))) {
181                 response.sendRedirect(pointer);
182                 return;
183             }
184
185             // virtual links only after other links
186 if (!UtilMethods.isSet(pointer)) {
187                 if (uri.endsWith("/"))
188                     uri = uri.substring(0, uri.length() - 1);
189                 pointer = VirtualLinksCache.getPathFromCache(host.getHostname() + ":" + uri);
190                 if (!UtilMethods.isSet(pointer)) {
191                     pointer = VirtualLinksCache.getPathFromCache(uri);
192                 }
193
194                 if (UtilMethods.isSet(pointer)) {
195                     LogFactory.getLog(this.getClass()).warn("CMS found virtual link pointer = " + uri + ":" + pointer);
196                     request.setAttribute(WebKeys.VIRTUAL_LINK, uri);
197                 }
198
199             }
200
201             if (UtilMethods.isSet(pointer)) {
202                 if (!pointer.endsWith(VELOCITY_PAGE_EXTENSION)) {
203                     // Validate the permission
204 User user = null;
205                     try {
206                         if (session != null)
207                             user = (com.liferay.portal.model.User) session.getAttribute(com.dotmarketing.util.WebKeys.CMS_USER);
208                     } catch (Exception JavaDoc nsue) {
209                         Logger.warn(this, "Exception trying to getUser: " + nsue.getMessage(), nsue);
210                     }
211
212                     boolean signedIn = false;
213                     if (user != null) {
214                         signedIn = true;
215                     }
216
217                     List JavaDoc permissions = PermissionCache.getRoleNamesWithReadPermissionFromCache(uri, host);
218                     if (!permissions.contains(Config.getStringProperty("CMS_ANONYMOUS_ROLE"))) {
219                         
220                         
221                         /************************************************
222                          * If we need to redirect someone somewhere
223                          * to login before seeing a page, we
224                          * need to edit the /portal/401.jsp page to
225                          * sendRedirect the user to the proper login
226                          * page. We are not using the REDIRECT_TO_LOGIN variable
227                          * in the config any longer.
228                          ****************************************/
229                         
230                         
231                         
232                         
233                         
234                         // this page is protected. not anonymous access
235 if (!signedIn) {
236                             // user is not logged in, needs to go to login page.
237 // go to login page
238 request.getSession().setAttribute(com.liferay.portal.util.WebKeys.LAST_PATH,
239                                     new ObjectValuePair(uri, request.getParameterMap()));
240                             request.getSession().setAttribute(com.dotmarketing.util.WebKeys.REDIRECT_AFTER_LOGIN, uri);
241
242                             LogFactory.getLog(VelocityServlet.class).debug("VELOCITY CHECKING PERMISSION: Page doesn't have anonymous access" + uri);
243
244
245                             LogFactory.getLog(VelocityServlet.class).debug("Unauthorized URI = " + uri);
246                             response.sendError(401, "The requested page/file is unauthorized");
247                             return;
248
249                         } else {
250                             // user is logged in need to check user permissions
251 LogFactory.getLog(VelocityServlet.class).debug("VELOCITY CHECKING PERMISSION: User signed in");
252
253                             // check user permissions on this asset
254 if (!PermissionFactory.userHasReadPermission(user, permissions)) {
255                                 // the user doesn't have permissions to see this
256 // page
257 // go to unauthorized page
258 LogFactory.getLog(VelocityServlet.class).warn(
259                                         "VELOCITY CHECKING PERMISSION: Page doesn't have any access for this user");
260                                 response.sendError(403, "The requested page/file is forbidden");
261                                 return;
262                             }
263                         }
264                     }
265                     String JavaDoc mimeType = new javax.activation.MimetypesFileTypeMap JavaDoc().getContentType(Config.CONTEXT.getRealPath(pointer));
266                     response.setContentType(mimeType);
267                 }
268                 if (UtilMethods.isSet(pointer) && (pointer.startsWith("http://") || pointer.startsWith("https://"))) {
269                     response.sendRedirect(pointer);
270                     return;
271                 }
272
273                 LogFactory.getLog(this.getClass()).debug("CMS Filter going to redirect to pointer");
274                 if (pointer.endsWith(VELOCITY_PAGE_EXTENSION) || !UtilMethods.isSet(Config.getStringProperty("ASSET_REAL_PATH"))) {
275                     // request.getRequestDispatcher(pointer).forward(request,
276 // response);
277 request.getRequestDispatcher(pointer).forward(request, response);
278
279                 }
280
281                 else {
282                     request.getRequestDispatcher("/dotAsset/" + pointer).forward(request, response);
283                 }
284                 return;
285
286             }
287
288         }
289
290         /*
291          * This will allow any file not under CMS to be served (.jsps, mapped
292          * dirs, etc...)
293          */
294
295         chain.doFilter(request, response);
296
297     }
298
299     public void init(FilterConfig JavaDoc config) throws ServletException JavaDoc {
300         VELOCITY_PAGE_EXTENSION = Config.getStringProperty("VELOCITY_PAGE_EXTENSION");
301         ASSET_PATH = FileFactory.getRelativeAssetsRootPath();
302     }
303
304 }
Popular Tags