KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > info > magnolia > cms > filters > MgnlInterceptFilter


1 /**
2  *
3  * Magnolia and its source-code is licensed under the LGPL.
4  * You may copy, adapt, and redistribute this file for commercial or non-commercial use.
5  * When copying, adapting, or redistributing this document in keeping with the guidelines above,
6  * you are required to provide proper attribution to obinary.
7  * If you reproduce or distribute the document without making any substantive modifications to its content,
8  * please use the following attribution line:
9  *
10  * Copyright 1993-2006 obinary Ltd. (http://www.obinary.com) All rights reserved.
11  *
12  */
13 package info.magnolia.cms.filters;
14
15 import info.magnolia.cms.beans.config.ContentRepository;
16 import info.magnolia.cms.beans.config.URI2RepositoryManager;
17 import info.magnolia.cms.beans.config.URI2RepositoryMapping;
18 import info.magnolia.cms.core.Aggregator;
19 import info.magnolia.cms.core.Content;
20 import info.magnolia.cms.core.HierarchyManager;
21 import info.magnolia.cms.core.Path;
22 import info.magnolia.cms.security.AccessDeniedException;
23 import info.magnolia.cms.security.Permission;
24 import info.magnolia.cms.util.ExclusiveWrite;
25 import info.magnolia.cms.util.Resource;
26 import info.magnolia.context.MgnlContext;
27
28 import java.io.IOException JavaDoc;
29
30 import javax.jcr.PathNotFoundException;
31 import javax.jcr.RepositoryException;
32 import javax.servlet.Filter JavaDoc;
33 import javax.servlet.FilterChain JavaDoc;
34 import javax.servlet.FilterConfig JavaDoc;
35 import javax.servlet.ServletException JavaDoc;
36 import javax.servlet.ServletRequest JavaDoc;
37 import javax.servlet.ServletResponse JavaDoc;
38 import javax.servlet.http.HttpServletRequest JavaDoc;
39 import javax.servlet.http.HttpServletResponse JavaDoc;
40 import javax.servlet.http.HttpSession JavaDoc;
41
42 import org.apache.commons.lang.BooleanUtils;
43 import org.apache.commons.lang.StringUtils;
44 import org.slf4j.Logger;
45 import org.slf4j.LoggerFactory;
46
47
48 /**
49  * Handle intercepted administrative requests.
50  * @author Fabrizio Giustina
51  * @version $Id: MgnlInterceptFilter.java 6996 2006-10-31 08:16:55Z philipp $
52  */
53 public class MgnlInterceptFilter implements Filter JavaDoc {
54
55     /**
56      * Request parameter: the INTERCEPT holds the name of an administrative action to perform.
57      */
58     public static final String JavaDoc INTERCEPT = "mgnlIntercept"; //$NON-NLS-1$
59
60     /**
61      * Action: sort a paragraph.
62      */
63     private static final String JavaDoc ACTION_NODE_SORT = "NODE_SORT"; //$NON-NLS-1$
64
65     /**
66      * Action: delete a paragraph.
67      */
68     private static final String JavaDoc ACTION_NODE_DELETE = "NODE_DELETE"; //$NON-NLS-1$
69
70     /**
71      * Action: preview a page.
72      */
73     private static final String JavaDoc ACTION_PREVIEW = "PREVIEW"; //$NON-NLS-1$
74
75     /**
76      * request parameter: repository name.
77      */
78     private static final String JavaDoc PARAM_REPOSITORY = "mgnlRepository"; //$NON-NLS-1$
79
80     /**
81      * request parameter: node path, used for paragraph deletion.
82      */
83     private static final String JavaDoc PARAM_PATH = "mgnlPath"; //$NON-NLS-1$
84
85     /**
86      * request parameter: sort-above paragraph.
87      */
88     private static final String JavaDoc PARAM_PATH_SORT_ABOVE = "mgnlPathSortAbove"; //$NON-NLS-1$
89
90     /**
91      * request parameter: selected paragraph.
92      */
93     private static final String JavaDoc PARAM_PATH_SELECTED = "mgnlPathSelected"; //$NON-NLS-1$
94
95     /**
96      * Logger.
97      */
98     private static Logger log = LoggerFactory.getLogger(MgnlInterceptFilter.class);
99
100     /**
101      * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
102      */
103     public void init(FilterConfig JavaDoc filterConfig) throws ServletException JavaDoc {
104         // unused
105 }
106
107     /**
108      * @see javax.servlet.Filter#destroy()
109      */
110     public void destroy() {
111         // unused
112 }
113
114     /**
115      * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
116      * javax.servlet.FilterChain)
117      */
118     public void doFilter(ServletRequest JavaDoc req, ServletResponse JavaDoc resp, FilterChain JavaDoc filterChain) throws IOException JavaDoc,
119         ServletException JavaDoc {
120
121         HttpServletRequest JavaDoc request = (HttpServletRequest JavaDoc) req;
122         HttpServletResponse JavaDoc response = (HttpServletResponse JavaDoc) resp;
123
124         // @todo the isAuthorized method is duplicated from EntryServlet!
125 if (isAuthorized(request, response)) {
126             if (req.getParameter(INTERCEPT) != null) {
127                 MgnlInterceptFilter.setHandleAndMapping(request);
128                 this.intercept(request, response);
129             }
130         }
131
132         filterChain.doFilter(req, resp);
133     }
134
135     private static void setHandleAndMapping(HttpServletRequest JavaDoc request) {
136         String JavaDoc uri = Path.getURI(request);
137         int firstDotPos = StringUtils.indexOf(uri, '.', StringUtils.lastIndexOf(uri, '/'));
138         String JavaDoc handle;
139         String JavaDoc selector;
140         String JavaDoc extension;
141         if (firstDotPos > -1) {
142             int lastDotPos = StringUtils.lastIndexOf(uri, '.');
143             handle = StringUtils.substring(uri, 0, firstDotPos);
144             selector = StringUtils.substring(uri, firstDotPos + 1, lastDotPos);
145             extension = StringUtils.substring(uri, lastDotPos + 1);
146         }
147         else {
148             // no dots (and no extension)
149 handle = uri;
150             selector = "";
151             extension = "";
152         }
153
154         URI2RepositoryMapping mapping = URI2RepositoryManager.getInstance().getMapping(uri);
155
156         // remove prefix if any
157 handle = mapping.getHandle(handle);
158
159         request.setAttribute(Aggregator.REPOSITORY, mapping.getRepository());
160         request.setAttribute(Aggregator.MAPPING, mapping);
161         request.setAttribute(Aggregator.HANDLE, handle);
162         request.setAttribute(Aggregator.SELECTOR, selector);
163         request.setAttribute(Aggregator.EXTENSION, extension);
164     }
165
166     /**
167      * Request and Response here is same as receivced by the original page so it includes all post/get data. Sub action
168      * could be called from here once this action finishes, it will continue loading the requested page.
169      */
170     public void intercept(HttpServletRequest JavaDoc request, HttpServletResponse JavaDoc response) {
171         String JavaDoc action = request.getParameter(INTERCEPT);
172         String JavaDoc repository = request.getParameter(PARAM_REPOSITORY);
173         String JavaDoc nodePath = request.getParameter(PARAM_PATH);
174         String JavaDoc handle = (String JavaDoc) request.getAttribute(Aggregator.HANDLE);
175         
176         if (repository == null) {
177             repository = (String JavaDoc) request.getAttribute(Aggregator.REPOSITORY);
178         }
179
180         if (repository == null) {
181             repository = ContentRepository.WEBSITE;
182         }
183
184         HierarchyManager hm = MgnlContext.getHierarchyManager(repository);
185         synchronized (ExclusiveWrite.getInstance()) {
186             if (action.equals(ACTION_PREVIEW)) {
187                 // preview mode (button in main bar)
188 String JavaDoc preview = request.getParameter(Resource.MGNL_PREVIEW_ATTRIBUTE);
189                 if (preview != null) {
190                     
191                     // @todo IMPORTANT remove use of http session
192 HttpSession JavaDoc httpsession = request.getSession(true);
193                     if (BooleanUtils.toBoolean(preview)) {
194                         httpsession.setAttribute(Resource.MGNL_PREVIEW_ATTRIBUTE, Boolean.TRUE);
195                     }
196                     else {
197                         httpsession.removeAttribute(Resource.MGNL_PREVIEW_ATTRIBUTE);
198                     }
199                 }
200             }
201             else if (action.equals(ACTION_NODE_DELETE)) {
202                 // delete paragraph
203 try {
204                     Content page = hm.getContent(handle);
205                     page.updateMetaData();
206                     hm.delete(nodePath);
207                     hm.save();
208                 }
209                 catch (RepositoryException e) {
210                     log.error("Exception caught: " + e.getMessage(), e); //$NON-NLS-1$
211 }
212             }
213             else if (action.equals(ACTION_NODE_SORT)) {
214                 // sort paragrpahs
215 try {
216                     String JavaDoc pathSelected = request.getParameter(PARAM_PATH_SELECTED);
217                     String JavaDoc pathSortAbove = request.getParameter(PARAM_PATH_SORT_ABOVE);
218                     String JavaDoc pathParent = StringUtils.substringBeforeLast(pathSelected, "/"); //$NON-NLS-1$
219 String JavaDoc srcName = StringUtils.substringAfterLast(pathSelected, "/");
220                     String JavaDoc destName = StringUtils.substringAfterLast(pathSortAbove, "/");
221                     if (StringUtils.equalsIgnoreCase(destName, "mgnlNew")) {
222                         destName = null;
223                     }
224                     hm.getContent(pathParent).orderBefore(srcName, destName);
225                     hm.save();
226                 }
227                 catch (RepositoryException e) {
228                     if (log.isDebugEnabled()) {
229                         log.debug("Exception caught: " + e.getMessage(), e); //$NON-NLS-1$
230 }
231                 }
232             }
233         }
234     }
235
236     /**
237      * Uses access manager to authorise this request.
238      * @param req HttpServletRequest as received by the service method
239      * @param res HttpServletResponse as received by the service method
240      * @return boolean true if read access is granted
241      * @throws IOException can be thrown when the servlet is unable to write to the response stream
242      */
243     protected boolean isAuthorized(HttpServletRequest JavaDoc req, HttpServletResponse JavaDoc res) throws IOException JavaDoc {
244         if (MgnlContext.getAccessManager(ContentRepository.WEBSITE) != null) {
245             String JavaDoc path = StringUtils.substringBefore(Path.getURI(req), "."); //$NON-NLS-1$
246 if (!MgnlContext.getAccessManager(ContentRepository.WEBSITE).isGranted(path, Permission.READ)) {
247                 res.sendError(HttpServletResponse.SC_FORBIDDEN);
248             }
249         }
250         return true;
251     }
252
253 }
Popular Tags