KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > pentaho > ui > servlet > GetImage


1 /*
2  * Copyright 2006 Pentaho Corporation. All rights reserved.
3  * This software was developed by Pentaho Corporation and is provided under the terms
4  * of the Mozilla Public License, Version 1.1, or any later version. You may not use
5  * this file except in compliance with the license. If you need a copy of the license,
6  * please go to http://www.mozilla.org/MPL/MPL-1.1.txt. The Original Code is the Pentaho
7  * BI Platform. The Initial Developer is Pentaho Corporation.
8  *
9  * Software distributed under the Mozilla Public License is distributed on an "AS IS"
10  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. Please refer to
11  * the license for the specific language governing your rights and limitations.
12  *
13  * @created Jul 26, 2005
14  * @author Gretchen Moran
15  *
16  */
17
18 package org.pentaho.ui.servlet;
19
20 import java.io.IOException JavaDoc;
21 import java.io.InputStream JavaDoc;
22 import java.io.OutputStream JavaDoc;
23
24 import javax.servlet.ServletException JavaDoc;
25 import javax.servlet.http.HttpServletRequest JavaDoc;
26 import javax.servlet.http.HttpServletResponse JavaDoc;
27
28 import org.apache.commons.logging.Log;
29 import org.apache.commons.logging.LogFactory;
30 import org.pentaho.core.repository.ISolutionRepository;
31 import org.pentaho.core.session.IPentahoSession;
32 import org.pentaho.core.system.PentahoSystem;
33 import org.pentaho.messages.Messages;
34
35 public class GetImage extends ServletBase {
36   private static final long serialVersionUID = 119698153917362988L;
37
38   private static final Log logger = LogFactory.getLog(GetImage.class);
39
40   public GetImage() {
41   }
42
43   protected void doGet(HttpServletRequest JavaDoc arg0, HttpServletResponse JavaDoc arg1)
44       throws ServletException JavaDoc, IOException JavaDoc {
45     doPost(arg0, arg1);
46   }
47
48   public Log getLogger() {
49     return logger;
50   }
51
52   protected void doPost(HttpServletRequest JavaDoc request, HttpServletResponse JavaDoc response)
53       throws ServletException JavaDoc, IOException JavaDoc {
54     try {
55       PentahoSystem.systemEntryPoint();
56
57       // TODO perform any authorization here...
58 final IPentahoSession userSession = getPentahoSession(request);
59       final String JavaDoc user = request.getRemoteUser();
60       if (user != null && !userSession.isAuthenticated()) {
61         // the user was not logged in before but is now....
62 userSession.setAuthenticated(user);
63       }
64
65       final String JavaDoc image = request.getParameter("image"); //$NON-NLS-1$
66 if (image != null) {
67         if (debug) {
68           debug(Messages.getString("IMAGE.DEBUG_IMAGE_PARAMETER") + image); //$NON-NLS-1$
69 }
70       } else {
71         error(Messages.getErrorString("IMAGE.ERROR_0001_IMAGE_PARAMETER_EMPTY")); //$NON-NLS-1$
72 return;
73       }
74
75       // some sanity checks ...
76 if ((image.indexOf("/../") >= 0) || ((image.indexOf("\\..\\") >= 0))) { //$NON-NLS-1$ //$NON-NLS-2$
77 error(Messages.getErrorString("IMAGE.ERROR_0002_FILE_NOT_FOUND", image)); //$NON-NLS-1$
78 // we dont give hints that we check the parameter. Just return not
79 // found.
80 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
81         return;
82       }
83
84       final String JavaDoc tempDirectory = "system/tmp/"; //$NON-NLS-1$
85
86       String JavaDoc location = image.charAt(0) != '/' && image.charAt(0) != '\\' ? tempDirectory+image : tempDirectory+image.substring(1);
87 // if (image.charAt(0) != '/' && image.charAt(0) != '\\') {
88 // file = new File(tempDirectory, image);
89 // } else {
90 // file = new File(tempDirectory, image.substring(1));
91 // }
92
93       // paranoia: Check whether the new file is contained in the temp
94 // directory.
95 // an evil user could simply use "//" as parameter and would therefore
96 // circument the test above ...
97 // IOUtils ioUtils = IOUtils.getInstance();
98 // if (ioUtils.isSubDirectory(tempDirectory, file) == false) {
99 // error(Messages.getErrorString("IMAGE.ERROR_0002_FILE_NOT_FOUND", image)); //$NON-NLS-1$
100 // // we dont give hints that we check the parameter. Just return not
101 // // found.
102 // response.setStatus(HttpServletResponse.SC_NOT_FOUND);
103 // return;
104 // }
105 ISolutionRepository repository = PentahoSystem.getSolutionRepository(userSession);
106       
107 // Open the file and output streams
108 InputStream JavaDoc in = repository.getResourceInputStream(location);
109       
110       if (in == null) {
111         error(Messages.getErrorString("IMAGE.ERROR_0002_FILE_NOT_FOUND", image)); //$NON-NLS-1$
112 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
113         return;
114       }
115
116  
117       String JavaDoc mimeType = getServletContext().getMimeType(image);
118       if ((null == mimeType) || (mimeType.length() <= 0)) {
119         // Hard coded to PNG because BIRT does not give us a mime type at
120 // all...
121 response.setContentType("image/png"); //$NON-NLS-1$
122 }
123       OutputStream JavaDoc out = response.getOutputStream();
124       try {
125           byte buffer[] = new byte[2048];
126           int n, length = 0;
127           while ((n = in.read(buffer)) > 0) {
128               out.write(buffer, 0, n);
129               length += n;
130           }
131           response.setContentLength(length);
132       } finally {
133         in.close();
134         out.close();
135       }
136     } finally {
137       PentahoSystem.systemExitPoint();
138     }
139
140   }
141
142 }
143
Popular Tags