source: main/trunk/greenstone3/src/java/org/greenstone/gsdl3/core/URLFilter.java@ 34103

Last change on this file since 34103 was 34103, checked in by kjdon, 4 years ago

a couple small modifications. when comparing srcdoc with filename - to see if the requested file is the main document or a supporting html image, we need to decode %20 to space - the filename coming from the browser will be URL encoded including spaces, but the srcfileLink in collection is url encoded but not the spaces. (why??). secondly, for fast view pdfs, chrome's pdf viewer may make several requests to get the doc for viewing. And then it makes another one for downloading. the verification is now done via ajax, and once that returns, then the page redirects to the pdf file. So we just return if we have successfully verified. We need to keep a short timer for that document so the browser can make more requests and not have to verify it. currently set to 2 hours.
  • Property svn:executable set to *
File size: 26.4 KB
Line 
1package org.greenstone.gsdl3.core;
2
3import java.io.File;
4import java.io.IOException;
5import java.util.ArrayList;
6import java.util.Arrays;
7import java.util.HashMap;
8import java.util.Hashtable;
9import java.util.Map;
10
11import javax.servlet.Filter;
12import javax.servlet.FilterChain;
13import javax.servlet.FilterConfig;
14import javax.servlet.ServletContext;
15import javax.servlet.ServletException;
16import javax.servlet.ServletOutputStream;
17import javax.servlet.ServletRequest;
18import javax.servlet.ServletResponse;
19import javax.servlet.http.HttpSession;
20import javax.servlet.http.HttpServletRequest;
21import javax.servlet.http.HttpServletRequestWrapper;
22import javax.servlet.http.HttpServletResponse;
23
24import java.awt.event.ActionEvent;
25import java.awt.event.ActionListener;
26import javax.swing.Timer;
27
28import org.apache.commons.io.FileUtils;
29import org.apache.commons.lang3.StringUtils;
30
31import org.apache.log4j.Logger;
32import org.greenstone.gsdl3.util.GSParams;
33import org.greenstone.gsdl3.util.GSPath;
34import org.greenstone.gsdl3.util.GSXML;
35import org.greenstone.gsdl3.util.UserContext;
36import org.greenstone.gsdl3.util.XMLConverter;
37import org.greenstone.gsdl3.service.Authentication;
38import org.w3c.dom.Document;
39import org.w3c.dom.Element;
40import org.w3c.dom.NodeList;
41
42public class URLFilter implements Filter
43{
44 private FilterConfig _filterConfig = null;
45 private static Logger logger = Logger.getLogger(org.greenstone.gsdl3.core.URLFilter.class.getName());
46
47 //Restricted URLs
48 protected static final String SITECONFIG_URL = "sites/[^/]+/siteConfig.xml";
49 protected static final String USERS_DB_URL = "etc/usersDB/.*";
50 protected static final ArrayList<String> _restrictedURLs;
51
52 static
53 {
54 ArrayList<String> restrictedURLs = new ArrayList<String>();
55 restrictedURLs.add(SITECONFIG_URL);
56 restrictedURLs.add(USERS_DB_URL);
57 _restrictedURLs = restrictedURLs;
58 }
59
60 //Constants
61 protected static final String DOCUMENT_PATH = "document";
62 protected static final String COLLECTION_PATH = "collection";
63 protected static final String GROUP_PATH = "group";
64 protected static final String PAGE_PATH = "page";
65 protected static final String SYSTEM_PATH = "system";
66 protected static final String BROWSE_PATH = "browse";
67 protected static final String SEARCH_PATH = "search";
68 protected static final ArrayList<String> _keywords;
69
70 static
71 {
72 ArrayList<String> keywords = new ArrayList<String>();
73 keywords.add(PAGE_PATH);
74 keywords.add(BROWSE_PATH);
75 keywords.add(SEARCH_PATH);
76 keywords.add(DOCUMENT_PATH);
77 _keywords = keywords;
78 }
79
80 protected static final String METADATA_RETRIEVAL_SERVICE = "DocumentMetadataRetrieve";
81 protected static final String ASSOCIATED_FILE_PATH = "/index/assoc/";
82 protected static final String COLLECTION_FILE_PATH = "/collect/";
83 protected static final String INTERFACE_PATH = "/interfaces/";
84 protected static final String SITES_PATH = "/sites/";
85
86 protected static final String SYSTEM_SUBACTION_CONFIGURE = "configure";
87 protected static final String SYSTEM_SUBACTION_RECONFIGURE = "reconfigure";
88 protected static final String SYSTEM_SUBACTION_ACTIVATE = "activate";
89 protected static final String SYSTEM_SUBACTION_DEACTIVATE = "deactivate";
90
91 // if we are showing terms and conditions to user, this remembers who has
92 // accepted already
93 protected Hashtable<String, UserTimer> verifiedUserMap = null;
94 // timeouts are in millisecs
95 // this is for if we have verify=once set in collectionConfig - the user will stay
96 // verified for 24 hours
97 protected static final int verifiedUserTimeout = 24 * 60 * 60 * 1000;
98 // this is a per document timeout - Chrome may make several requests to fetch a fastview pdf,
99 // plus another one if the user clicks download. Need to keep a record for a verified document
100 // so it can be fuly viewed and downloaded - get a network error if end up back at verification page.
101 // the user stays verified for the document for 2 hours.
102 protected static final int tempUserTimeout = 2 * 60 * 60 * 1000;
103
104 public void init(FilterConfig filterConfig) throws ServletException
105 {
106 this._filterConfig = filterConfig;
107 this.verifiedUserMap = new Hashtable<String, UserTimer>();
108 }
109
110 public void destroy()
111 {
112 this._filterConfig = null;
113 }
114
115 @SuppressWarnings("deprecation")
116 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
117 {
118 if (!(request instanceof HttpServletRequest)) {
119 // Can this ever happen?
120 logger.error("The request was not an HttpServletRequest");
121 return;
122 }
123
124
125 HttpServletRequest hRequest = ((HttpServletRequest) request);
126 HttpSession hSession = hRequest.getSession();
127 ServletContext context = hSession.getServletContext();
128
129 GSHttpServletRequestWrapper gRequest = new GSHttpServletRequestWrapper(hRequest);
130
131 // this is the part before the ?
132 String url = hRequest.getRequestURI().toString();
133 if (isURLRestricted(url)) {
134
135 // TODO - should we make this a proper HTML page?
136 response.getWriter().println("ERROR: Access to this page is forbidden.");
137 return;
138 }
139
140
141 // Run security checks on files requested from a collection's index/assoc folder
142 if (url.contains(ASSOCIATED_FILE_PATH)) {
143 // we need to do security checking here in case the documents are private
144 // or if there is a terms and conditions page to be shown.
145 // Also, assoc files urls now contain the library name in them.
146 // e.g. greenstone3/library/sites/localsite/collect/collname/index/assoc/Hashxxx/doc.pdf
147 // so they are not a true link to a file. We remove the
148 // 'library' then forward the request to the new url.
149 securityCheckAssocFiles(url, hRequest, response);
150 return;
151 }
152
153 //
154 if (url.contains(SITES_PATH)) {
155 // there are some site/collection images that are not associated files.
156 // these dont need to be security checked, but we need to remove the library name from the url if its there
157 String context_path = context.getContextPath();
158 String regex = context_path+"/.+"+SITES_PATH+".*";
159 if (url.matches(regex)) {
160 // a forward doesn't want the context path
161 String new_url = url.substring(url.indexOf(SITES_PATH));
162 request.getRequestDispatcher(new_url).forward(request, response);
163 return;
164 }
165 // else if it doesn't match, ie the url was /greenstone3/sites/...
166 // we don't do anything and just let it continue
167 }
168
169
170
171 // if we are asking for an interface file, and it doesn't exist, then
172 // try loading up the interfaceConfig file to find out what the base
173 // interface was, then try looking in that interface for the file.
174 if (url.contains(INTERFACE_PATH))
175 {
176 String fileURL = url.replaceFirst(context.getContextPath(), "");
177 File requestedFile = new File(context.getRealPath(fileURL));
178
179 if (!requestedFile.exists()) {
180 String baseURL = getFileInBaseInterface(fileURL, context);
181 if (baseURL != null) {
182 File baseInterfaceFile = new File(context.getRealPath(baseURL));
183 if (baseInterfaceFile.exists()) {
184 request.getRequestDispatcher(baseURL).forward(request, response);
185 // ServletOutputStream out = response.getOutputStream();
186 // out.write(FileUtils.readFileToByteArray(baseInterfaceFile));
187 // out.flush();
188 // out.close();
189 return;
190 }
191 }
192 }
193 }
194 else
195 {
196 //If we have a jsessionid on the end of our URL we want to ignore it
197 int index;
198 if ((index = url.indexOf(";jsessionid")) != -1)
199 {
200 url = url.substring(0, index);
201 }
202 String[] segments = url.split("/");
203 for (int i = 0; i < segments.length; i++)
204 {
205 String[] additionalParameters = null;
206 String[] defaultParamValues = null;
207 //COLLECTION
208 if (segments[i].equals(COLLECTION_PATH) && (i + 1) < segments.length) {
209 int j=i+1;
210 while(j+1 < segments.length && !_keywords.contains(segments[j+1])) {
211 j++;
212 }
213
214 if (j>i+1) {
215 // we had a group part
216 String [] groups = Arrays.copyOfRange(segments, i+1, j);
217 String group = StringUtils.join(groups, "/");
218 gRequest.setParameter(GSParams.GROUP, group);
219 }
220 gRequest.setParameter(GSParams.COLLECTION, segments[j]);
221 }
222 // GROUP
223 else if(segments[i].equals(GROUP_PATH) && (i + 1) < segments.length)
224 {
225 // assume for now, no other path parts for group links
226 int j= segments.length - 1;
227 String group;
228 if (j==i+1) {
229 group = segments[j];
230 } else {
231 String [] groups = Arrays.copyOfRange(segments, i+1, j+1);
232 group = StringUtils.join(groups, "/");
233 }
234 gRequest.setParameter(GSParams.GROUP, group);
235 gRequest.setParameter(GSParams.ACTION, "p");
236 gRequest.setParameter(GSParams.SUBACTION, "home");
237
238 }
239 //DOCUMENT
240 else if (segments[i].equals(DOCUMENT_PATH) && (i + 1) < segments.length)
241 {
242 gRequest.setParameter(GSParams.DOCUMENT, segments[i + 1]);
243
244 additionalParameters = new String[] { GSParams.ACTION };
245 defaultParamValues = new String[] { "d" };
246 if ((i+2) < segments.length && segments[i+2].equals("print")) {
247 gRequest.setParameter(GSParams.SUBACTION, "print");
248 gRequest.setParameter("ed", "1");
249
250 }
251
252 }
253 //PAGE
254 else if (segments[i].equals(PAGE_PATH) && (i + 1) < segments.length)
255 {
256 gRequest.setParameter(GSParams.SUBACTION, segments[i + 1]);
257
258 additionalParameters = new String[] { GSParams.ACTION };
259 defaultParamValues = new String[] { "p" };
260 }
261 //SYSTEM
262 else if (segments[i].equals(SYSTEM_PATH) && (i + 1) < segments.length)
263 {
264 String sa = segments[i + 1];
265 if (sa.equals(SYSTEM_SUBACTION_CONFIGURE) || sa.equals(SYSTEM_SUBACTION_RECONFIGURE))
266 {
267 sa = "c";
268 }
269 else if (sa.equals(SYSTEM_SUBACTION_ACTIVATE))
270 {
271 sa = "a";
272 }
273 else if (sa.equals(SYSTEM_SUBACTION_DEACTIVATE))
274 {
275 sa = "d";
276 }
277
278 if (sa.equals("c") && (i + 2) < segments.length)
279 {
280 gRequest.setParameter(GSParams.SYSTEM_CLUSTER, segments[i + 2]);
281 }
282
283 if (sa.equals("a") && (i + 2) < segments.length)
284 {
285 gRequest.setParameter(GSParams.SYSTEM_MODULE_TYPE, "collection");
286 gRequest.setParameter(GSParams.SYSTEM_MODULE_NAME, segments[i + 2]);
287 }
288
289 if (sa.equals("d") && (i + 2) < segments.length)
290 {
291 gRequest.setParameter(GSParams.SYSTEM_CLUSTER, segments[i + 2]);
292 }
293
294 gRequest.setParameter(GSParams.SUBACTION, sa);
295
296 additionalParameters = new String[] { GSParams.ACTION };
297 defaultParamValues = new String[] { "s" };
298 }
299 //ADMIN
300 else if (segments[i].equals("admin") && (i + 1) < segments.length)
301 {
302 String pageName = segments[i + 1];
303
304 gRequest.setParameter("s1.authpage", pageName);
305
306 additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SUBACTION, GSParams.SERVICE };
307 defaultParamValues = new String[] { "g", "r", "authen", "Authentication" };
308 }
309 //BROWSE
310 else if (segments[i].equals(BROWSE_PATH) && (i + 1) < segments.length)
311 {
312 String cl = "";
313 for (int j = 1; (i + j) < segments.length; j++)
314 {
315 String currentSegment = segments[i + j].replace("CL", "").replace("cl", "");
316 if (currentSegment.contains("."))
317 {
318 String[] subsegments = currentSegment.split("\\.");
319 for (String subsegment : subsegments)
320 {
321 subsegment = subsegment.replace("CL", "").replace("cl", "");
322
323 if (cl.length() > 0)
324 {
325 cl += ".";
326 }
327
328 if (subsegment.length() > 0)
329 {
330 cl += subsegment;
331 }
332 }
333 continue;
334 }
335 if (!currentSegment.matches("^(CL|cl)?\\d+$"))
336 {
337 continue;
338 }
339
340 if (cl.length() > 0)
341 {
342 cl += ".";
343 }
344
345 cl += currentSegment;
346 }
347
348 gRequest.setParameter("cl", "CL" + cl);
349
350 additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SERVICE };
351 defaultParamValues = new String[] { "b", "s", "ClassifierBrowse" };
352 }
353 //QUERY
354 else if (segments[i].equals(SEARCH_PATH))
355 {
356 String serviceName = "";
357 if ((i + 1) < segments.length)
358 {
359 serviceName = segments[i + 1];
360 gRequest.setParameter("s", serviceName);
361
362 additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE };
363 defaultParamValues = new String[] { "q", "", "d" };
364 }
365 if ((i + 2) < segments.length)
366 {
367 if (serviceName.equals("TextQuery") || serviceName.equals("RawQuery"))
368 {
369
370 gRequest.setParameter("s1.query", segments[i + 2]);
371 }
372 else if (serviceName.equals("FieldQuery"))
373 {
374 gRequest.setParameter("s1.fqv", segments[i + 2]);
375 }
376 else if (serviceName.equals("AdvancedFieldQuery"))
377 {
378 gRequest.setParameter("s1.fqv", segments[i + 2]);
379 }
380 }
381 }
382 if (additionalParameters != null)
383 {
384 for (int j = 0; j < additionalParameters.length; j++)
385 {
386 if (gRequest.getParameter(additionalParameters[j]) == null)
387 {
388 gRequest.setParameter(additionalParameters[j], defaultParamValues[j]);
389 }
390 }
391 }
392 }
393 }
394
395 chain.doFilter(gRequest, response);
396 }
397
398 private boolean isURLRestricted(String url)
399 {
400 for (String restrictedURL : _restrictedURLs)
401 {
402 if (url.matches(".*" + restrictedURL + ".*"))
403 {
404 return true;
405 }
406 }
407
408 return false;
409 }
410
411 private String getFileInBaseInterface(String fileURL, ServletContext context) {
412 int interfaceNameStart = fileURL.indexOf(INTERFACE_PATH) + INTERFACE_PATH.length();
413 int interfaceNameEnd = fileURL.indexOf("/", interfaceNameStart);
414 String interfaceName = fileURL.substring(interfaceNameStart, interfaceNameEnd);
415 String interfacesDir = fileURL.substring(0, interfaceNameStart);
416 File interfaceConfigFile = new File(context.getRealPath(interfacesDir + interfaceName + "/interfaceConfig.xml"));
417
418 if (interfaceConfigFile.exists()) {
419
420 Document interfaceConfigDoc = XMLConverter.getDOM(interfaceConfigFile);
421
422 String baseInterface = interfaceConfigDoc.getDocumentElement().getAttribute("baseInterface");
423 if (baseInterface.length() > 0)
424 {
425 return fileURL.replace("/" + interfaceName + "/", "/" + baseInterface + "/");
426 }
427 }
428 return null;
429 }
430
431
432 private void securityCheckAssocFiles(String url, HttpServletRequest request, ServletResponse response) throws IOException, ServletException {
433 HttpSession session = request.getSession();
434 String session_id = session.getId();
435 ServletContext context = session.getServletContext();
436
437 // now we need to get library name from the path, which is like
438 // /greenstone3/library/sites/localsite/collect/collname/index/assoc/...
439 String library_name = url.replaceFirst(context.getContextPath(), "");
440 library_name = library_name.substring(0, library_name.indexOf(SITES_PATH));
441 if (library_name.equals("")) {
442 response.getWriter().println("ERROR: Assoc file paths must now contain the library name");
443 return;
444 }
445 // remove initial '/'
446 library_name = library_name.substring(1);
447
448 MessageRouter gsRouter = (MessageRouter) context.getAttribute(library_name+"Router");
449
450 if (gsRouter == null) {
451 logger.error("MR is null, stopping filter");
452 return;
453 }
454 // Sometimes we have a // before the filename - that mucks up the following code, so lets remove them
455 url = url.replaceAll("//","/");
456
457 String dir = null;
458 int dirStart = url.indexOf(ASSOCIATED_FILE_PATH) + ASSOCIATED_FILE_PATH.length();
459 int dirEnd = -1;
460 if (dirStart < url.length() && url.indexOf("/", dirStart) != -1)
461 {
462 dirEnd = url.lastIndexOf("/");
463 }
464 if (dirEnd != -1)
465 {
466 dir = url.substring(dirStart, dirEnd);
467 }
468 if (dir == null)
469 {
470 return;
471 }
472
473 String collection = null;
474 int colStart = url.indexOf(COLLECTION_FILE_PATH) + COLLECTION_FILE_PATH.length();
475 int colEnd = -1;
476 if (colStart < url.length() && url.indexOf("/", colStart) != -1)
477 {
478 colEnd = url.indexOf("/", colStart);
479 }
480 if (colEnd != -1)
481 {
482 collection = url.substring(colStart, colEnd);
483 }
484 if (collection == null)
485 {
486 return;
487 }
488
489 String file_name = url.substring(url.lastIndexOf("/")+1);
490 // if there is ;jsessionid=xxx in the request, it is still here at this stage!!!
491 int semicol = file_name.indexOf(';');
492 if(semicol != -1) {
493 file_name = file_name.substring(0, semicol);
494 }
495
496 // Query the MR with a request for the contains metadata for node "dir" - where dir is the assocfilepath
497 // In the jdbm db, have entries like
498 // [HASH1552e]
499 // <contains>HASH1552e3sdlkjf7sdfsdfk
500 // mapping assocfilepath to doc id
501 String document = queryMRforDOCID(gsRouter, collection, dir);
502 if (document == null) {
503 response.getWriter().println("ERROR: Couldn't find the document associated with assocfilepath: "+dir);
504 return;
505 }
506
507 //Query the MR for the security info for this document
508 // - can we show the document?
509 // - Or do we need to be logged in?
510 // - Or do we need to throw up the verify page?
511
512 // While we are doing this, query the document for its srclinkFile metadata - then we can determine if the
513 // file we are being asked for is the main doc (eg pdf) or just a supporting image on the page
514
515 //Get the security info for this collection
516 Document gsDoc = XMLConverter.newDOM();
517 Element securityMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
518 Element securityRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_SECURITY, collection, new UserContext());
519
520 securityMessage.appendChild(securityRequest);
521 securityRequest.setAttribute(GSXML.NODE_OID, document);
522
523 // get the srclinkFile for the document
524 Element metadata_request = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_PROCESS, GSPath.appendLink(collection, "DocumentMetadataRetrieve"), new UserContext());
525 Element param_list = gsDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
526 GSXML.addParameterToList(param_list, "metadata", "srclinkFile");
527 metadata_request.appendChild(param_list);
528 Element doc_list = gsDoc.createElement(GSXML.DOC_NODE_ELEM + GSXML.LIST_MODIFIER);
529 metadata_request.appendChild(doc_list);
530 Element d = gsDoc.createElement(GSXML.DOC_NODE_ELEM);
531 d.setAttribute(GSXML.NODE_ID_ATT, document);
532 doc_list.appendChild(d);
533 securityMessage.appendChild(metadata_request);
534
535
536 Element mr_response = (Element)gsRouter.process(securityMessage);
537 //logger.debug("security response = "+XMLConverter.getPrettyString(mr_response));
538
539 boolean verifiable_file = true;
540 // TODO check for errors
541
542 Element meta_response = (Element) GSXML.getNamedElement(mr_response, GSXML.RESPONSE_ELEM, GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS);
543 Element metadata_list = (Element)meta_response.getElementsByTagName(GSXML.METADATA_ELEM+GSXML.LIST_MODIFIER).item(0);
544 String srcdoc = GSXML.getMetadataValue(metadata_list, "srclinkFile");
545 //logger.debug("srcdoc="+srcdoc+", filename="+file_name+", %20 decoded filename="+file_name.replaceAll("\\%20|\\+", " "));
546 // If file_name is the main file for the document, then it will == srcdoc. Both of these are URL encoded, with the exception of spaces. Spaces will be encoded in file_name, but are not encoded in srcdoc. So need to decode those and check again.
547 // srcdoc.equals(java.net.URLDecoder.decode(file_name, "UTF-8")) - this didn't work as both are URLEncoded except for spaces
548 if (!srcdoc.equals(file_name) && !srcdoc.equals(file_name.replaceAll("\\%20|\\+", " "))){
549 // the specified file is just a supporting file, not the main file.
550 // eg an image in an html doc.
551 verifiable_file = false;
552 }
553
554 Element securityResponse = (Element) GSXML.getNamedElement(mr_response, GSXML.RESPONSE_ELEM, GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_SECURITY);
555 ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse);
556
557 if (!groups.contains(""))
558 {
559 boolean found = false;
560 for (String group : groups)
561 {
562 if (((HttpServletRequest) request).isUserInRole(group))
563 {
564 found = true;
565 break;
566 }
567 }
568
569 if (!found)
570 {
571 // return an error page to the browser
572 String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=error&c="+collection+"&ec=wrong_group";
573 ((HttpServletResponse)response).sendRedirect(new_url);
574 return;
575 }
576 }
577
578 // if got here have no groups that we need to belong to
579 // do we have human verify thing?
580 if (verifiable_file) {
581 String verify = securityResponse.getAttribute(GSXML.VERIFY_ATT);
582 if (!verify.equals("")) {
583 // we are asking for the main document, and we have been asked to verify the user
584 // have we done the test previously?
585 String verify_map_key = session_id + ":"+collection;
586 String verify_map_doc_key = verify_map_key + ":" + file_name;
587 boolean already_verified = false;
588 String hmvf_response = request.getParameter(GSParams.VERIFIED);
589 if (hmvf_response != null && hmvf_response.equals("0")) {
590 // manually force the t&c (user has added hmvf=0 to url)
591 // whether we have previously verified or not
592 } else if (verifiedUserMap.containsKey(verify_map_key) || verifiedUserMap.containsKey(verify_map_doc_key)) {
593 already_verified = true;
594 }
595
596 if (!already_verified) {
597 // have we just done the test?
598 // hmvf param will be set by form if the verify page was submitted
599 if (hmvf_response != null && hmvf_response.equals("1")) {
600 if (!securityResponse.getAttribute(GSXML.SITE_KEY_ATT).equals("")) {
601 String recaptcha_response = request.getParameter(Authentication.RECAPTCHA_RESPONSE_PARAM);
602 String secret_key = securityResponse.getAttribute(GSXML.SECRET_KEY_ATT);
603 int result = Authentication.verifyRecaptcha(secret_key, recaptcha_response);
604 if (result == Authentication.NO_ERROR) {
605 already_verified = true;
606 } else {
607 logger.error("something went wrong with recaptcha, error="+result);
608 logger.error(Authentication.getErrorKey(result));
609 // display error page
610 String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=error&c="+collection+"&ec=recap_fail";
611 ((HttpServletResponse)response).sendRedirect(new_url);
612 return;
613 }
614 }
615 already_verified = true;
616 // set up a timer for this verification - standard 24hour if
617 // verify==once, short, doc specific one otherwise (browsers seem to be trying to
618 // download prfs twice. Chrome gets stuck if the second time
619 // doesn't get verified. Also Chrome sends a second request if the
620 // user tries to download the document after viewing it. )
621 int delay;
622 String this_key;
623 if (verify.equals("once")) {
624 delay = verifiedUserTimeout;
625 this_key = verify_map_key;
626 } else {
627 delay = tempUserTimeout;
628 this_key = verify_map_doc_key;
629 }
630 UserTimer timer = new UserTimer(delay, this_key);
631 verifiedUserMap.put(this_key, timer);
632 timer.start();
633 // For the verify page, we just return back to the browser, as we have called this
634 // using ajax.
635 return;
636
637 } // hmvf = 1
638 }
639
640 if (!already_verified) {
641 // hmvf param is not set - we haven't shown them the form yet
642 // or we have been asked to force the T&C
643 // we need to display the verify page
644 //Lets encode the url parameter as we need it encoded in the page.
645 String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=verify&c="+collection+"&url="+java.net.URLEncoder.encode(url, "UTF-8");
646 ((HttpServletResponse)response).sendRedirect(new_url);
647 return;
648 }
649 } // end verify is set
650 }// end if verifiable file
651
652 // if we got here, we have passed all security checks and just want to view the file.
653 // However, we need to remove the library_name from the URL. As can't change the
654 // existing URL, we need to forward to the new one.
655 // (Can't do redirect as it will come back into this code and fail as there won't be library in the url)
656 // Remove the context and library name parts.
657 // don't know what happens with the rest of the filter chain? Does this bypass that??
658 url = url.replaceFirst(context.getContextPath(), "");
659 url = url.replaceFirst("/"+library_name, "");
660 //logger.info("forwarding to "+url);
661 request.getRequestDispatcher(url).forward(request, response);
662
663 return;
664 }
665
666
667
668
669 private String queryMRforDOCID(MessageRouter gsRouter, String collection, String assocfiledir) {
670 Document gsDoc = XMLConverter.newDOM();
671
672 Element metaMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
673 Element metaRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_PROCESS, collection + "/" + METADATA_RETRIEVAL_SERVICE, new UserContext());
674 metaMessage.appendChild(metaRequest);
675
676 Element paramList = gsDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
677 metaRequest.appendChild(paramList);
678
679 Element param = gsDoc.createElement(GSXML.PARAM_ELEM);
680 param.setAttribute(GSXML.NAME_ATT, "metadata");
681 param.setAttribute(GSXML.VALUE_ATT, "contains");
682 paramList.appendChild(param);
683
684 Element docList = gsDoc.createElement(GSXML.DOC_NODE_ELEM + GSXML.LIST_MODIFIER);
685 metaRequest.appendChild(docList);
686
687 Element doc = gsDoc.createElement(GSXML.DOC_NODE_ELEM);
688 doc.setAttribute(GSXML.NODE_ID_ATT, assocfiledir);
689 docList.appendChild(doc);
690
691 Element metaResponse = (Element) gsRouter.process(metaMessage);
692
693 NodeList metadataList = metaResponse.getElementsByTagName(GSXML.METADATA_ELEM);
694 if (metadataList.getLength() == 0) {
695
696 logger.error("Could not find the document ID related to this url");
697 return null;
698 }
699
700 Element metadata = (Element) metadataList.item(0);
701 String document = metadata.getTextContent();
702 if (document != null && document.equals("")) {
703 document = null;
704 }
705 return document;
706
707
708 }
709
710 private class UserTimer extends Timer implements ActionListener
711 {
712 String id = "";
713
714 /* delay in milliseconds */
715 public UserTimer(int delay, String id)
716 {
717 super(delay, (ActionListener) null);
718 addActionListener(this);
719 this.id = id;
720 }
721
722 public void actionPerformed(ActionEvent e)
723 {
724 verifiedUserMap.remove(id);
725 stop();
726 }
727
728 }
729
730
731}
Note: See TracBrowser for help on using the repository browser.