1 | package org.greenstone.gsdl3.core;
|
---|
2 |
|
---|
3 | import java.io.File;
|
---|
4 | import java.io.IOException;
|
---|
5 | import java.util.ArrayList;
|
---|
6 | import java.util.Arrays;
|
---|
7 | import java.util.HashMap;
|
---|
8 | import java.util.Hashtable;
|
---|
9 | import java.util.Map;
|
---|
10 |
|
---|
11 | import javax.servlet.Filter;
|
---|
12 | import javax.servlet.FilterChain;
|
---|
13 | import javax.servlet.FilterConfig;
|
---|
14 | import javax.servlet.ServletContext;
|
---|
15 | import javax.servlet.ServletException;
|
---|
16 | import javax.servlet.ServletOutputStream;
|
---|
17 | import javax.servlet.ServletRequest;
|
---|
18 | import javax.servlet.ServletResponse;
|
---|
19 | import javax.servlet.http.HttpSession;
|
---|
20 | import javax.servlet.http.HttpServletRequest;
|
---|
21 | import javax.servlet.http.HttpServletRequestWrapper;
|
---|
22 | import javax.servlet.http.HttpServletResponse;
|
---|
23 |
|
---|
24 | import java.awt.event.ActionEvent;
|
---|
25 | import java.awt.event.ActionListener;
|
---|
26 | import javax.swing.Timer;
|
---|
27 |
|
---|
28 | import org.apache.commons.io.FileUtils;
|
---|
29 | import org.apache.commons.lang3.StringUtils;
|
---|
30 |
|
---|
31 | import org.apache.log4j.Logger;
|
---|
32 | import org.greenstone.gsdl3.util.GSParams;
|
---|
33 | import org.greenstone.gsdl3.util.GSPath;
|
---|
34 | import org.greenstone.gsdl3.util.GSXML;
|
---|
35 | import org.greenstone.gsdl3.util.UserContext;
|
---|
36 | import org.greenstone.gsdl3.util.XMLConverter;
|
---|
37 | import org.greenstone.gsdl3.service.Authentication;
|
---|
38 | import org.w3c.dom.Document;
|
---|
39 | import org.w3c.dom.Element;
|
---|
40 | import org.w3c.dom.NodeList;
|
---|
41 |
|
---|
42 | public class URLFilter implements Filter
|
---|
43 | {
|
---|
44 | private FilterConfig _filterConfig = null;
|
---|
45 | private static Logger logger = Logger.getLogger(org.greenstone.gsdl3.core.URLFilter.class.getName());
|
---|
46 |
|
---|
47 | //Restricted URLs
|
---|
48 | protected static final String SITECONFIG_URL = "sites/[^/]+/siteConfig.xml";
|
---|
49 | protected static final String USERS_DB_URL = "etc/usersDB/.*";
|
---|
50 | protected static final ArrayList<String> _restrictedURLs;
|
---|
51 |
|
---|
52 | static
|
---|
53 | {
|
---|
54 | ArrayList<String> restrictedURLs = new ArrayList<String>();
|
---|
55 | restrictedURLs.add(SITECONFIG_URL);
|
---|
56 | restrictedURLs.add(USERS_DB_URL);
|
---|
57 | _restrictedURLs = restrictedURLs;
|
---|
58 | }
|
---|
59 |
|
---|
60 | //Constants
|
---|
61 | protected static final String DOCUMENT_PATH = "document";
|
---|
62 | protected static final String COLLECTION_PATH = "collection";
|
---|
63 | protected static final String GROUP_PATH = "group";
|
---|
64 | protected static final String PAGE_PATH = "page";
|
---|
65 | protected static final String SYSTEM_PATH = "system";
|
---|
66 | protected static final String BROWSE_PATH = "browse";
|
---|
67 | protected static final String SEARCH_PATH = "search";
|
---|
68 | protected static final ArrayList<String> _keywords;
|
---|
69 |
|
---|
70 | static
|
---|
71 | {
|
---|
72 | ArrayList<String> keywords = new ArrayList<String>();
|
---|
73 | keywords.add(PAGE_PATH);
|
---|
74 | keywords.add(BROWSE_PATH);
|
---|
75 | keywords.add(SEARCH_PATH);
|
---|
76 | keywords.add(DOCUMENT_PATH);
|
---|
77 | _keywords = keywords;
|
---|
78 | }
|
---|
79 |
|
---|
80 | protected static final String METADATA_RETRIEVAL_SERVICE = "DocumentMetadataRetrieve";
|
---|
81 | protected static final String ASSOCIATED_FILE_PATH = "/index/assoc/";
|
---|
82 | protected static final String COLLECTION_FILE_PATH = "/collect/";
|
---|
83 | protected static final String INTERFACE_PATH = "/interfaces/";
|
---|
84 | protected static final String SITES_PATH = "/sites/";
|
---|
85 |
|
---|
86 | protected static final String SYSTEM_SUBACTION_CONFIGURE = "configure";
|
---|
87 | protected static final String SYSTEM_SUBACTION_RECONFIGURE = "reconfigure";
|
---|
88 | protected static final String SYSTEM_SUBACTION_ACTIVATE = "activate";
|
---|
89 | protected static final String SYSTEM_SUBACTION_DEACTIVATE = "deactivate";
|
---|
90 |
|
---|
91 | // if we are showing terms and conditions to user, this remembers who has
|
---|
92 | // accepted already
|
---|
93 | protected Hashtable<String, UserTimer> verifiedUserMap = null;
|
---|
94 | // timeouts are in millisecs
|
---|
95 | // this is for if we have verify=once set in collectionConfig - the user will stay
|
---|
96 | // verified for 24 hours
|
---|
97 | protected static final int verifiedUserTimeout = 24 * 60 * 60 * 1000;
|
---|
98 | // this is a per document timeout - Chrome may make several requests to fetch a fastview pdf,
|
---|
99 | // plus another one if the user clicks download. Need to keep a record for a verified document
|
---|
100 | // so it can be fuly viewed and downloaded - get a network error if end up back at verification page.
|
---|
101 | // the user stays verified for the document for 2 hours.
|
---|
102 | protected static final int tempUserTimeout = 2 * 60 * 60 * 1000;
|
---|
103 |
|
---|
104 | public void init(FilterConfig filterConfig) throws ServletException
|
---|
105 | {
|
---|
106 | this._filterConfig = filterConfig;
|
---|
107 | this.verifiedUserMap = new Hashtable<String, UserTimer>();
|
---|
108 | }
|
---|
109 |
|
---|
110 | public void destroy()
|
---|
111 | {
|
---|
112 | this._filterConfig = null;
|
---|
113 | }
|
---|
114 |
|
---|
115 | @SuppressWarnings("deprecation")
|
---|
116 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
|
---|
117 | {
|
---|
118 | if (!(request instanceof HttpServletRequest)) {
|
---|
119 | // Can this ever happen?
|
---|
120 | logger.error("The request was not an HttpServletRequest");
|
---|
121 | return;
|
---|
122 | }
|
---|
123 |
|
---|
124 |
|
---|
125 | HttpServletRequest hRequest = ((HttpServletRequest) request);
|
---|
126 | HttpSession hSession = hRequest.getSession();
|
---|
127 | ServletContext context = hSession.getServletContext();
|
---|
128 |
|
---|
129 | GSHttpServletRequestWrapper gRequest = new GSHttpServletRequestWrapper(hRequest);
|
---|
130 |
|
---|
131 | // this is the part before the ?
|
---|
132 | String url = hRequest.getRequestURI().toString();
|
---|
133 | if (isURLRestricted(url)) {
|
---|
134 |
|
---|
135 | // TODO - should we make this a proper HTML page?
|
---|
136 | response.getWriter().println("ERROR: Access to this page is forbidden.");
|
---|
137 | return;
|
---|
138 | }
|
---|
139 |
|
---|
140 |
|
---|
141 | // Run security checks on files requested from a collection's index/assoc folder
|
---|
142 | if (url.contains(ASSOCIATED_FILE_PATH)) {
|
---|
143 | // we need to do security checking here in case the documents are private
|
---|
144 | // or if there is a terms and conditions page to be shown.
|
---|
145 | // Also, assoc files urls now contain the library name in them.
|
---|
146 | // e.g. greenstone3/library/sites/localsite/collect/collname/index/assoc/Hashxxx/doc.pdf
|
---|
147 | // so they are not a true link to a file. We remove the
|
---|
148 | // 'library' then forward the request to the new url.
|
---|
149 | securityCheckAssocFiles(url, hRequest, response);
|
---|
150 | return;
|
---|
151 | }
|
---|
152 |
|
---|
153 | //
|
---|
154 | if (url.contains(SITES_PATH)) {
|
---|
155 | // there are some site/collection images that are not associated files.
|
---|
156 | // these dont need to be security checked, but we need to remove the library name from the url if its there
|
---|
157 | String context_path = context.getContextPath();
|
---|
158 | String regex = context_path+"/.+"+SITES_PATH+".*";
|
---|
159 | if (url.matches(regex)) {
|
---|
160 | // a forward doesn't want the context path
|
---|
161 | String new_url = url.substring(url.indexOf(SITES_PATH));
|
---|
162 | request.getRequestDispatcher(new_url).forward(request, response);
|
---|
163 | return;
|
---|
164 | }
|
---|
165 | // else if it doesn't match, ie the url was /greenstone3/sites/...
|
---|
166 | // we don't do anything and just let it continue
|
---|
167 | }
|
---|
168 |
|
---|
169 |
|
---|
170 |
|
---|
171 | // if we are asking for an interface file, and it doesn't exist, then
|
---|
172 | // try loading up the interfaceConfig file to find out what the base
|
---|
173 | // interface was, then try looking in that interface for the file.
|
---|
174 | if (url.contains(INTERFACE_PATH))
|
---|
175 | {
|
---|
176 | String fileURL = url.replaceFirst(context.getContextPath(), "");
|
---|
177 | File requestedFile = new File(context.getRealPath(fileURL));
|
---|
178 |
|
---|
179 | if (!requestedFile.exists()) {
|
---|
180 | String baseURL = getFileInBaseInterface(fileURL, context);
|
---|
181 | if (baseURL != null) {
|
---|
182 | File baseInterfaceFile = new File(context.getRealPath(baseURL));
|
---|
183 | if (baseInterfaceFile.exists()) {
|
---|
184 | request.getRequestDispatcher(baseURL).forward(request, response);
|
---|
185 | // ServletOutputStream out = response.getOutputStream();
|
---|
186 | // out.write(FileUtils.readFileToByteArray(baseInterfaceFile));
|
---|
187 | // out.flush();
|
---|
188 | // out.close();
|
---|
189 | return;
|
---|
190 | }
|
---|
191 | }
|
---|
192 | }
|
---|
193 | }
|
---|
194 | else
|
---|
195 | {
|
---|
196 | //If we have a jsessionid on the end of our URL we want to ignore it
|
---|
197 | int index;
|
---|
198 | if ((index = url.indexOf(";jsessionid")) != -1)
|
---|
199 | {
|
---|
200 | url = url.substring(0, index);
|
---|
201 | }
|
---|
202 | String[] segments = url.split("/");
|
---|
203 | for (int i = 0; i < segments.length; i++)
|
---|
204 | {
|
---|
205 | String[] additionalParameters = null;
|
---|
206 | String[] defaultParamValues = null;
|
---|
207 | //COLLECTION
|
---|
208 | if (segments[i].equals(COLLECTION_PATH) && (i + 1) < segments.length) {
|
---|
209 | int j=i+1;
|
---|
210 | while(j+1 < segments.length && !_keywords.contains(segments[j+1])) {
|
---|
211 | j++;
|
---|
212 | }
|
---|
213 |
|
---|
214 | if (j>i+1) {
|
---|
215 | // we had a group part
|
---|
216 | String [] groups = Arrays.copyOfRange(segments, i+1, j);
|
---|
217 | String group = StringUtils.join(groups, "/");
|
---|
218 | gRequest.setParameter(GSParams.GROUP, group);
|
---|
219 | }
|
---|
220 | gRequest.setParameter(GSParams.COLLECTION, segments[j]);
|
---|
221 | }
|
---|
222 | // GROUP
|
---|
223 | else if(segments[i].equals(GROUP_PATH) && (i + 1) < segments.length)
|
---|
224 | {
|
---|
225 | // assume for now, no other path parts for group links
|
---|
226 | int j= segments.length - 1;
|
---|
227 | String group;
|
---|
228 | if (j==i+1) {
|
---|
229 | group = segments[j];
|
---|
230 | } else {
|
---|
231 | String [] groups = Arrays.copyOfRange(segments, i+1, j+1);
|
---|
232 | group = StringUtils.join(groups, "/");
|
---|
233 | }
|
---|
234 | gRequest.setParameter(GSParams.GROUP, group);
|
---|
235 | gRequest.setParameter(GSParams.ACTION, "p");
|
---|
236 | gRequest.setParameter(GSParams.SUBACTION, "home");
|
---|
237 |
|
---|
238 | }
|
---|
239 | //DOCUMENT
|
---|
240 | else if (segments[i].equals(DOCUMENT_PATH) && (i + 1) < segments.length)
|
---|
241 | {
|
---|
242 | gRequest.setParameter(GSParams.DOCUMENT, segments[i + 1]);
|
---|
243 |
|
---|
244 | additionalParameters = new String[] { GSParams.ACTION };
|
---|
245 | defaultParamValues = new String[] { "d" };
|
---|
246 | if ((i+2) < segments.length && segments[i+2].equals("print")) {
|
---|
247 | gRequest.setParameter(GSParams.SUBACTION, "print");
|
---|
248 | gRequest.setParameter("ed", "1");
|
---|
249 |
|
---|
250 | }
|
---|
251 |
|
---|
252 | }
|
---|
253 | //PAGE
|
---|
254 | else if (segments[i].equals(PAGE_PATH) && (i + 1) < segments.length)
|
---|
255 | {
|
---|
256 | gRequest.setParameter(GSParams.SUBACTION, segments[i + 1]);
|
---|
257 |
|
---|
258 | additionalParameters = new String[] { GSParams.ACTION };
|
---|
259 | defaultParamValues = new String[] { "p" };
|
---|
260 | }
|
---|
261 | //SYSTEM
|
---|
262 | else if (segments[i].equals(SYSTEM_PATH) && (i + 1) < segments.length)
|
---|
263 | {
|
---|
264 | String sa = segments[i + 1];
|
---|
265 | if (sa.equals(SYSTEM_SUBACTION_CONFIGURE) || sa.equals(SYSTEM_SUBACTION_RECONFIGURE))
|
---|
266 | {
|
---|
267 | sa = "c";
|
---|
268 | }
|
---|
269 | else if (sa.equals(SYSTEM_SUBACTION_ACTIVATE))
|
---|
270 | {
|
---|
271 | sa = "a";
|
---|
272 | }
|
---|
273 | else if (sa.equals(SYSTEM_SUBACTION_DEACTIVATE))
|
---|
274 | {
|
---|
275 | sa = "d";
|
---|
276 | }
|
---|
277 |
|
---|
278 | if (sa.equals("c") && (i + 2) < segments.length)
|
---|
279 | {
|
---|
280 | gRequest.setParameter(GSParams.SYSTEM_CLUSTER, segments[i + 2]);
|
---|
281 | }
|
---|
282 |
|
---|
283 | if (sa.equals("a") && (i + 2) < segments.length)
|
---|
284 | {
|
---|
285 | gRequest.setParameter(GSParams.SYSTEM_MODULE_TYPE, "collection");
|
---|
286 | gRequest.setParameter(GSParams.SYSTEM_MODULE_NAME, segments[i + 2]);
|
---|
287 | }
|
---|
288 |
|
---|
289 | if (sa.equals("d") && (i + 2) < segments.length)
|
---|
290 | {
|
---|
291 | gRequest.setParameter(GSParams.SYSTEM_CLUSTER, segments[i + 2]);
|
---|
292 | }
|
---|
293 |
|
---|
294 | gRequest.setParameter(GSParams.SUBACTION, sa);
|
---|
295 |
|
---|
296 | additionalParameters = new String[] { GSParams.ACTION };
|
---|
297 | defaultParamValues = new String[] { "s" };
|
---|
298 | }
|
---|
299 | //ADMIN
|
---|
300 | else if (segments[i].equals("admin") && (i + 1) < segments.length)
|
---|
301 | {
|
---|
302 | String pageName = segments[i + 1];
|
---|
303 |
|
---|
304 | gRequest.setParameter("s1.authpage", pageName);
|
---|
305 |
|
---|
306 | additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SUBACTION, GSParams.SERVICE };
|
---|
307 | defaultParamValues = new String[] { "g", "r", "authen", "Authentication" };
|
---|
308 | }
|
---|
309 | //BROWSE
|
---|
310 | else if (segments[i].equals(BROWSE_PATH) && (i + 1) < segments.length)
|
---|
311 | {
|
---|
312 | String cl = "";
|
---|
313 | for (int j = 1; (i + j) < segments.length; j++)
|
---|
314 | {
|
---|
315 | String currentSegment = segments[i + j].replace("CL", "").replace("cl", "");
|
---|
316 | if (currentSegment.contains("."))
|
---|
317 | {
|
---|
318 | String[] subsegments = currentSegment.split("\\.");
|
---|
319 | for (String subsegment : subsegments)
|
---|
320 | {
|
---|
321 | subsegment = subsegment.replace("CL", "").replace("cl", "");
|
---|
322 |
|
---|
323 | if (cl.length() > 0)
|
---|
324 | {
|
---|
325 | cl += ".";
|
---|
326 | }
|
---|
327 |
|
---|
328 | if (subsegment.length() > 0)
|
---|
329 | {
|
---|
330 | cl += subsegment;
|
---|
331 | }
|
---|
332 | }
|
---|
333 | continue;
|
---|
334 | }
|
---|
335 | if (!currentSegment.matches("^(CL|cl)?\\d+$"))
|
---|
336 | {
|
---|
337 | continue;
|
---|
338 | }
|
---|
339 |
|
---|
340 | if (cl.length() > 0)
|
---|
341 | {
|
---|
342 | cl += ".";
|
---|
343 | }
|
---|
344 |
|
---|
345 | cl += currentSegment;
|
---|
346 | }
|
---|
347 |
|
---|
348 | gRequest.setParameter("cl", "CL" + cl);
|
---|
349 |
|
---|
350 | additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SERVICE };
|
---|
351 | defaultParamValues = new String[] { "b", "s", "ClassifierBrowse" };
|
---|
352 | }
|
---|
353 | //QUERY
|
---|
354 | else if (segments[i].equals(SEARCH_PATH))
|
---|
355 | {
|
---|
356 | String serviceName = "";
|
---|
357 | if ((i + 1) < segments.length)
|
---|
358 | {
|
---|
359 | serviceName = segments[i + 1];
|
---|
360 | gRequest.setParameter("s", serviceName);
|
---|
361 |
|
---|
362 | additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE };
|
---|
363 | defaultParamValues = new String[] { "q", "", "d" };
|
---|
364 | }
|
---|
365 | if ((i + 2) < segments.length)
|
---|
366 | {
|
---|
367 | if (serviceName.equals("TextQuery") || serviceName.equals("RawQuery"))
|
---|
368 | {
|
---|
369 |
|
---|
370 | gRequest.setParameter("s1.query", segments[i + 2]);
|
---|
371 | }
|
---|
372 | else if (serviceName.equals("FieldQuery"))
|
---|
373 | {
|
---|
374 | gRequest.setParameter("s1.fqv", segments[i + 2]);
|
---|
375 | }
|
---|
376 | else if (serviceName.equals("AdvancedFieldQuery"))
|
---|
377 | {
|
---|
378 | gRequest.setParameter("s1.fqv", segments[i + 2]);
|
---|
379 | }
|
---|
380 | }
|
---|
381 | }
|
---|
382 | if (additionalParameters != null)
|
---|
383 | {
|
---|
384 | for (int j = 0; j < additionalParameters.length; j++)
|
---|
385 | {
|
---|
386 | if (gRequest.getParameter(additionalParameters[j]) == null)
|
---|
387 | {
|
---|
388 | gRequest.setParameter(additionalParameters[j], defaultParamValues[j]);
|
---|
389 | }
|
---|
390 | }
|
---|
391 | }
|
---|
392 | }
|
---|
393 | }
|
---|
394 |
|
---|
395 | chain.doFilter(gRequest, response);
|
---|
396 | }
|
---|
397 |
|
---|
398 | private boolean isURLRestricted(String url)
|
---|
399 | {
|
---|
400 | for (String restrictedURL : _restrictedURLs)
|
---|
401 | {
|
---|
402 | if (url.matches(".*" + restrictedURL + ".*"))
|
---|
403 | {
|
---|
404 | return true;
|
---|
405 | }
|
---|
406 | }
|
---|
407 |
|
---|
408 | return false;
|
---|
409 | }
|
---|
410 |
|
---|
411 | private String getFileInBaseInterface(String fileURL, ServletContext context) {
|
---|
412 | int interfaceNameStart = fileURL.indexOf(INTERFACE_PATH) + INTERFACE_PATH.length();
|
---|
413 | int interfaceNameEnd = fileURL.indexOf("/", interfaceNameStart);
|
---|
414 | String interfaceName = fileURL.substring(interfaceNameStart, interfaceNameEnd);
|
---|
415 | String interfacesDir = fileURL.substring(0, interfaceNameStart);
|
---|
416 | File interfaceConfigFile = new File(context.getRealPath(interfacesDir + interfaceName + "/interfaceConfig.xml"));
|
---|
417 |
|
---|
418 | if (interfaceConfigFile.exists()) {
|
---|
419 |
|
---|
420 | Document interfaceConfigDoc = XMLConverter.getDOM(interfaceConfigFile);
|
---|
421 |
|
---|
422 | String baseInterface = interfaceConfigDoc.getDocumentElement().getAttribute("baseInterface");
|
---|
423 | if (baseInterface.length() > 0)
|
---|
424 | {
|
---|
425 | return fileURL.replace("/" + interfaceName + "/", "/" + baseInterface + "/");
|
---|
426 | }
|
---|
427 | }
|
---|
428 | return null;
|
---|
429 | }
|
---|
430 |
|
---|
431 |
|
---|
432 | private void securityCheckAssocFiles(String url, HttpServletRequest request, ServletResponse response) throws IOException, ServletException {
|
---|
433 | HttpSession session = request.getSession();
|
---|
434 | String session_id = session.getId();
|
---|
435 | ServletContext context = session.getServletContext();
|
---|
436 |
|
---|
437 | // now we need to get library name from the path, which is like
|
---|
438 | // /greenstone3/library/sites/localsite/collect/collname/index/assoc/...
|
---|
439 | String library_name = url.replaceFirst(context.getContextPath(), "");
|
---|
440 | library_name = library_name.substring(0, library_name.indexOf(SITES_PATH));
|
---|
441 | if (library_name.equals("")) {
|
---|
442 | response.getWriter().println("ERROR: Assoc file paths must now contain the library name");
|
---|
443 | return;
|
---|
444 | }
|
---|
445 | // remove initial '/'
|
---|
446 | library_name = library_name.substring(1);
|
---|
447 |
|
---|
448 | MessageRouter gsRouter = (MessageRouter) context.getAttribute(library_name+"Router");
|
---|
449 |
|
---|
450 | if (gsRouter == null) {
|
---|
451 | logger.error("MR is null, stopping filter");
|
---|
452 | return;
|
---|
453 | }
|
---|
454 | // Sometimes we have a // before the filename - that mucks up the following code, so lets remove them
|
---|
455 | url = url.replaceAll("//","/");
|
---|
456 |
|
---|
457 | String dir = null;
|
---|
458 | int dirStart = url.indexOf(ASSOCIATED_FILE_PATH) + ASSOCIATED_FILE_PATH.length();
|
---|
459 | int dirEnd = -1;
|
---|
460 | if (dirStart < url.length() && url.indexOf("/", dirStart) != -1)
|
---|
461 | {
|
---|
462 | dirEnd = url.lastIndexOf("/");
|
---|
463 | }
|
---|
464 | if (dirEnd != -1)
|
---|
465 | {
|
---|
466 | dir = url.substring(dirStart, dirEnd);
|
---|
467 | }
|
---|
468 | if (dir == null)
|
---|
469 | {
|
---|
470 | return;
|
---|
471 | }
|
---|
472 |
|
---|
473 | String collection = null;
|
---|
474 | int colStart = url.indexOf(COLLECTION_FILE_PATH) + COLLECTION_FILE_PATH.length();
|
---|
475 | int colEnd = -1;
|
---|
476 | if (colStart < url.length() && url.indexOf("/", colStart) != -1)
|
---|
477 | {
|
---|
478 | colEnd = url.indexOf("/", colStart);
|
---|
479 | }
|
---|
480 | if (colEnd != -1)
|
---|
481 | {
|
---|
482 | collection = url.substring(colStart, colEnd);
|
---|
483 | }
|
---|
484 | if (collection == null)
|
---|
485 | {
|
---|
486 | return;
|
---|
487 | }
|
---|
488 |
|
---|
489 | String file_name = url.substring(url.lastIndexOf("/")+1);
|
---|
490 | // if there is ;jsessionid=xxx in the request, it is still here at this stage!!!
|
---|
491 | int semicol = file_name.indexOf(';');
|
---|
492 | if(semicol != -1) {
|
---|
493 | file_name = file_name.substring(0, semicol);
|
---|
494 | }
|
---|
495 |
|
---|
496 | // Query the MR with a request for the contains metadata for node "dir" - where dir is the assocfilepath
|
---|
497 | // In the jdbm db, have entries like
|
---|
498 | // [HASH1552e]
|
---|
499 | // <contains>HASH1552e3sdlkjf7sdfsdfk
|
---|
500 | // mapping assocfilepath to doc id
|
---|
501 | String document = queryMRforDOCID(gsRouter, collection, dir);
|
---|
502 | if (document == null) {
|
---|
503 | response.getWriter().println("ERROR: Couldn't find the document associated with assocfilepath: "+dir);
|
---|
504 | return;
|
---|
505 | }
|
---|
506 |
|
---|
507 | //Query the MR for the security info for this document
|
---|
508 | // - can we show the document?
|
---|
509 | // - Or do we need to be logged in?
|
---|
510 | // - Or do we need to throw up the verify page?
|
---|
511 |
|
---|
512 | // While we are doing this, query the document for its srclinkFile metadata - then we can determine if the
|
---|
513 | // file we are being asked for is the main doc (eg pdf) or just a supporting image on the page
|
---|
514 |
|
---|
515 | //Get the security info for this collection
|
---|
516 | Document gsDoc = XMLConverter.newDOM();
|
---|
517 | Element securityMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
|
---|
518 | Element securityRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_SECURITY, collection, new UserContext());
|
---|
519 |
|
---|
520 | securityMessage.appendChild(securityRequest);
|
---|
521 | securityRequest.setAttribute(GSXML.NODE_OID, document);
|
---|
522 |
|
---|
523 | // get the srclinkFile for the document
|
---|
524 | Element metadata_request = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_PROCESS, GSPath.appendLink(collection, "DocumentMetadataRetrieve"), new UserContext());
|
---|
525 | Element param_list = gsDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
|
---|
526 | GSXML.addParameterToList(param_list, "metadata", "srclinkFile");
|
---|
527 | metadata_request.appendChild(param_list);
|
---|
528 | Element doc_list = gsDoc.createElement(GSXML.DOC_NODE_ELEM + GSXML.LIST_MODIFIER);
|
---|
529 | metadata_request.appendChild(doc_list);
|
---|
530 | Element d = gsDoc.createElement(GSXML.DOC_NODE_ELEM);
|
---|
531 | d.setAttribute(GSXML.NODE_ID_ATT, document);
|
---|
532 | doc_list.appendChild(d);
|
---|
533 | securityMessage.appendChild(metadata_request);
|
---|
534 |
|
---|
535 |
|
---|
536 | Element mr_response = (Element)gsRouter.process(securityMessage);
|
---|
537 | //logger.debug("security response = "+XMLConverter.getPrettyString(mr_response));
|
---|
538 |
|
---|
539 | boolean verifiable_file = true;
|
---|
540 | // TODO check for errors
|
---|
541 |
|
---|
542 | Element meta_response = (Element) GSXML.getNamedElement(mr_response, GSXML.RESPONSE_ELEM, GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS);
|
---|
543 | Element metadata_list = (Element)meta_response.getElementsByTagName(GSXML.METADATA_ELEM+GSXML.LIST_MODIFIER).item(0);
|
---|
544 | String srcdoc = GSXML.getMetadataValue(metadata_list, "srclinkFile");
|
---|
545 | //logger.debug("srcdoc="+srcdoc+", filename="+file_name+", %20 decoded filename="+file_name.replaceAll("\\%20|\\+", " "));
|
---|
546 | // If file_name is the main file for the document, then it will == srcdoc. Both of these are URL encoded, with the exception of spaces. Spaces will be encoded in file_name, but are not encoded in srcdoc. So need to decode those and check again.
|
---|
547 | // srcdoc.equals(java.net.URLDecoder.decode(file_name, "UTF-8")) - this didn't work as both are URLEncoded except for spaces
|
---|
548 | if (!srcdoc.equals(file_name) && !srcdoc.equals(file_name.replaceAll("\\%20|\\+", " "))){
|
---|
549 | // the specified file is just a supporting file, not the main file.
|
---|
550 | // eg an image in an html doc.
|
---|
551 | verifiable_file = false;
|
---|
552 | }
|
---|
553 |
|
---|
554 | Element securityResponse = (Element) GSXML.getNamedElement(mr_response, GSXML.RESPONSE_ELEM, GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_SECURITY);
|
---|
555 | ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse);
|
---|
556 |
|
---|
557 | if (!groups.contains(""))
|
---|
558 | {
|
---|
559 | boolean found = false;
|
---|
560 | for (String group : groups)
|
---|
561 | {
|
---|
562 | if (((HttpServletRequest) request).isUserInRole(group))
|
---|
563 | {
|
---|
564 | found = true;
|
---|
565 | break;
|
---|
566 | }
|
---|
567 | }
|
---|
568 |
|
---|
569 | if (!found)
|
---|
570 | {
|
---|
571 | // return an error page to the browser
|
---|
572 | String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=error&c="+collection+"&ec=wrong_group";
|
---|
573 | ((HttpServletResponse)response).sendRedirect(new_url);
|
---|
574 | return;
|
---|
575 | }
|
---|
576 | }
|
---|
577 |
|
---|
578 | // if got here have no groups that we need to belong to
|
---|
579 | // do we have human verify thing?
|
---|
580 | if (verifiable_file) {
|
---|
581 | String verify = securityResponse.getAttribute(GSXML.VERIFY_ATT);
|
---|
582 | if (!verify.equals("")) {
|
---|
583 | // we are asking for the main document, and we have been asked to verify the user
|
---|
584 | // have we done the test previously?
|
---|
585 | String verify_map_key = session_id + ":"+collection;
|
---|
586 | String verify_map_doc_key = verify_map_key + ":" + file_name;
|
---|
587 | boolean already_verified = false;
|
---|
588 | String hmvf_response = request.getParameter(GSParams.VERIFIED);
|
---|
589 | if (hmvf_response != null && hmvf_response.equals("0")) {
|
---|
590 | // manually force the t&c (user has added hmvf=0 to url)
|
---|
591 | // whether we have previously verified or not
|
---|
592 | } else if (verifiedUserMap.containsKey(verify_map_key) || verifiedUserMap.containsKey(verify_map_doc_key)) {
|
---|
593 | already_verified = true;
|
---|
594 | }
|
---|
595 |
|
---|
596 | if (!already_verified) {
|
---|
597 | // have we just done the test?
|
---|
598 | // hmvf param will be set by form if the verify page was submitted
|
---|
599 | if (hmvf_response != null && hmvf_response.equals("1")) {
|
---|
600 | if (!securityResponse.getAttribute(GSXML.SITE_KEY_ATT).equals("")) {
|
---|
601 | String recaptcha_response = request.getParameter(Authentication.RECAPTCHA_RESPONSE_PARAM);
|
---|
602 | String secret_key = securityResponse.getAttribute(GSXML.SECRET_KEY_ATT);
|
---|
603 | int result = Authentication.verifyRecaptcha(secret_key, recaptcha_response);
|
---|
604 | if (result == Authentication.NO_ERROR) {
|
---|
605 | already_verified = true;
|
---|
606 | } else {
|
---|
607 | logger.error("something went wrong with recaptcha, error="+result);
|
---|
608 | logger.error(Authentication.getErrorKey(result));
|
---|
609 | // display error page
|
---|
610 | String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=error&c="+collection+"&ec=recap_fail";
|
---|
611 | ((HttpServletResponse)response).sendRedirect(new_url);
|
---|
612 | return;
|
---|
613 | }
|
---|
614 | }
|
---|
615 | already_verified = true;
|
---|
616 | // set up a timer for this verification - standard 24hour if
|
---|
617 | // verify==once, short, doc specific one otherwise (browsers seem to be trying to
|
---|
618 | // download prfs twice. Chrome gets stuck if the second time
|
---|
619 | // doesn't get verified. Also Chrome sends a second request if the
|
---|
620 | // user tries to download the document after viewing it. )
|
---|
621 | int delay;
|
---|
622 | String this_key;
|
---|
623 | if (verify.equals("once")) {
|
---|
624 | delay = verifiedUserTimeout;
|
---|
625 | this_key = verify_map_key;
|
---|
626 | } else {
|
---|
627 | delay = tempUserTimeout;
|
---|
628 | this_key = verify_map_doc_key;
|
---|
629 | }
|
---|
630 | UserTimer timer = new UserTimer(delay, this_key);
|
---|
631 | verifiedUserMap.put(this_key, timer);
|
---|
632 | timer.start();
|
---|
633 | // For the verify page, we just return back to the browser, as we have called this
|
---|
634 | // using ajax.
|
---|
635 | return;
|
---|
636 |
|
---|
637 | } // hmvf = 1
|
---|
638 | }
|
---|
639 |
|
---|
640 | if (!already_verified) {
|
---|
641 | // hmvf param is not set - we haven't shown them the form yet
|
---|
642 | // or we have been asked to force the T&C
|
---|
643 | // we need to display the verify page
|
---|
644 | //Lets encode the url parameter as we need it encoded in the page.
|
---|
645 | String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=verify&c="+collection+"&url="+java.net.URLEncoder.encode(url, "UTF-8");
|
---|
646 | ((HttpServletResponse)response).sendRedirect(new_url);
|
---|
647 | return;
|
---|
648 | }
|
---|
649 | } // end verify is set
|
---|
650 | }// end if verifiable file
|
---|
651 |
|
---|
652 | // if we got here, we have passed all security checks and just want to view the file.
|
---|
653 | // However, we need to remove the library_name from the URL. As can't change the
|
---|
654 | // existing URL, we need to forward to the new one.
|
---|
655 | // (Can't do redirect as it will come back into this code and fail as there won't be library in the url)
|
---|
656 | // Remove the context and library name parts.
|
---|
657 | // don't know what happens with the rest of the filter chain? Does this bypass that??
|
---|
658 | url = url.replaceFirst(context.getContextPath(), "");
|
---|
659 | url = url.replaceFirst("/"+library_name, "");
|
---|
660 | //logger.info("forwarding to "+url);
|
---|
661 | request.getRequestDispatcher(url).forward(request, response);
|
---|
662 |
|
---|
663 | return;
|
---|
664 | }
|
---|
665 |
|
---|
666 |
|
---|
667 |
|
---|
668 |
|
---|
669 | private String queryMRforDOCID(MessageRouter gsRouter, String collection, String assocfiledir) {
|
---|
670 | Document gsDoc = XMLConverter.newDOM();
|
---|
671 |
|
---|
672 | Element metaMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
|
---|
673 | Element metaRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_PROCESS, collection + "/" + METADATA_RETRIEVAL_SERVICE, new UserContext());
|
---|
674 | metaMessage.appendChild(metaRequest);
|
---|
675 |
|
---|
676 | Element paramList = gsDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
|
---|
677 | metaRequest.appendChild(paramList);
|
---|
678 |
|
---|
679 | Element param = gsDoc.createElement(GSXML.PARAM_ELEM);
|
---|
680 | param.setAttribute(GSXML.NAME_ATT, "metadata");
|
---|
681 | param.setAttribute(GSXML.VALUE_ATT, "contains");
|
---|
682 | paramList.appendChild(param);
|
---|
683 |
|
---|
684 | Element docList = gsDoc.createElement(GSXML.DOC_NODE_ELEM + GSXML.LIST_MODIFIER);
|
---|
685 | metaRequest.appendChild(docList);
|
---|
686 |
|
---|
687 | Element doc = gsDoc.createElement(GSXML.DOC_NODE_ELEM);
|
---|
688 | doc.setAttribute(GSXML.NODE_ID_ATT, assocfiledir);
|
---|
689 | docList.appendChild(doc);
|
---|
690 |
|
---|
691 | Element metaResponse = (Element) gsRouter.process(metaMessage);
|
---|
692 |
|
---|
693 | NodeList metadataList = metaResponse.getElementsByTagName(GSXML.METADATA_ELEM);
|
---|
694 | if (metadataList.getLength() == 0) {
|
---|
695 |
|
---|
696 | logger.error("Could not find the document ID related to this url");
|
---|
697 | return null;
|
---|
698 | }
|
---|
699 |
|
---|
700 | Element metadata = (Element) metadataList.item(0);
|
---|
701 | String document = metadata.getTextContent();
|
---|
702 | if (document != null && document.equals("")) {
|
---|
703 | document = null;
|
---|
704 | }
|
---|
705 | return document;
|
---|
706 |
|
---|
707 |
|
---|
708 | }
|
---|
709 |
|
---|
710 | private class UserTimer extends Timer implements ActionListener
|
---|
711 | {
|
---|
712 | String id = "";
|
---|
713 |
|
---|
714 | /* delay in milliseconds */
|
---|
715 | public UserTimer(int delay, String id)
|
---|
716 | {
|
---|
717 | super(delay, (ActionListener) null);
|
---|
718 | addActionListener(this);
|
---|
719 | this.id = id;
|
---|
720 | }
|
---|
721 |
|
---|
722 | public void actionPerformed(ActionEvent e)
|
---|
723 | {
|
---|
724 | verifiedUserMap.remove(id);
|
---|
725 | stop();
|
---|
726 | }
|
---|
727 |
|
---|
728 | }
|
---|
729 |
|
---|
730 |
|
---|
731 | }
|
---|