/**
* Write a file to the response stream.
*
* @param servlet called from here
* @param contentPath file root path
* @param path file path reletive to the root
* @param req the request
* @param res the response
* @param contentType content type, or null
* @throws IOException on write error
*/
public static void returnFile(
HttpServlet servlet,
String contentPath,
String path,
HttpServletRequest req,
HttpServletResponse res,
String contentType)
throws IOException {
String filename = ServletUtil.formFilename(contentPath, path);
log.debug("returnFile(): returning file <" + filename + ">.");
// No file, nothing to view
if (filename == null) {
log.info(
"returnFile(): "
+ UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_NOT_FOUND, 0));
res.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
// dontallow ..
if (filename.indexOf("..") != -1) {
log.info(
"returnFile(): "
+ UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_FORBIDDEN, 0));
res.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
// dont allow access to WEB-INF or META-INF
String upper = filename.toUpperCase();
if (upper.indexOf("WEB-INF") != -1 || upper.indexOf("META-INF") != -1) {
log.info(
"returnFile(): "
+ UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_FORBIDDEN, 0));
res.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
returnFile(servlet, req, res, new File(filename), contentType);
}
/**
* Convenience routine used by handleRequestForContentFile() and handleRequestForRootFile().
*
* @param pathPrefix
* @param path
* @param servlet
* @param req request
* @param res response
* @throws IOException on IO error
*/
private static void handleRequestForContentOrRootFile(
String pathPrefix,
String path,
HttpServlet servlet,
HttpServletRequest req,
HttpServletResponse res)
throws IOException {
if (!pathPrefix.equals("/content/") && !pathPrefix.equals("/root/")) {
log.error(
"handleRequestForContentFile(): The path prefix <"
+ pathPrefix
+ "> must be \"/content/\" or \"/root/\".");
throw new IllegalArgumentException("Path prefix must be \"/content/\" or \"/root/\".");
}
if (!path.startsWith(pathPrefix)) {
log.error(
"handleRequestForContentFile(): path <"
+ path
+ "> must start with \""
+ pathPrefix
+ "\".");
throw new IllegalArgumentException("Path must start with \"" + pathPrefix + "\".");
}
// Don't allow ".." directories in path.
if (path.indexOf("/../") != -1
|| path.equals("..")
|| path.startsWith("../")
|| path.endsWith("/..")) {
res.sendError(HttpServletResponse.SC_FORBIDDEN, "Path cannot contain \"..\" directory.");
log.info(UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_FORBIDDEN, -1));
return;
}
// Find the requested file.
File file =
new File(
ServletUtil.formFilename(getContentPath(), path.substring(pathPrefix.length() - 1)));
if (file.exists()) {
// Do not allow request for a directory.
if (file.isDirectory()) {
if (!path.endsWith("/")) {
String redirectPath = req.getRequestURL().append("/").toString();
ServletUtil.sendPermanentRedirect(redirectPath, req, res);
return;
}
int i = HtmlWriter.getInstance().writeDirectory(res, file, path);
int status = i == 0 ? HttpServletResponse.SC_NOT_FOUND : HttpServletResponse.SC_OK;
log.info(UsageLog.closingMessageForRequestContext(status, i));
return;
}
// Return the requested file.
ServletUtil.returnFile(servlet, req, res, file, null);
} else {
// Requested file not found.
log.info(UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_NOT_FOUND, -1));
res.sendError(HttpServletResponse.SC_NOT_FOUND); // 404
}
}
/**
* Handle a request for a raw/static file (i.e., not a catalog or dataset request).
*
* <p>Look in the content (user) directory then the root (distribution) directory for a file that
* matches the given path and, if found, return it as the content of the HttpServletResponse. If
* the file is forbidden (i.e., the path contains a "..", "WEB-INF", or "META-INF" directory),
* send a HttpServletResponse.SC_FORBIDDEN response. If no file matches the request (including an
* "index.html" file if the path ends in "/"), send an HttpServletResponse.SC_NOT_FOUND..
*
* <p>
*
* <ol>
* <li>Make sure the path does not contain ".." directories.
* <li>Make sure the path does not contain "WEB-INF" or "META-INF".
* <li>Check for requested file in the content directory (if the path is a directory, make sure
* the path ends with "/" and check for an "index.html" file).
* <li>Check for requested file in the root directory (if the path is a directory, make sure the
* path ends with "/" and check for an "index.html" file). </ol
*
* @param path the requested path
* @param servlet the servlet handling the request
* @param req the HttpServletRequest
* @param res the HttpServletResponse
* @throws IOException if can't complete request due to IO problems.
*/
public static void handleRequestForRawFile(
String path, HttpServlet servlet, HttpServletRequest req, HttpServletResponse res)
throws IOException {
// Don't allow ".." directories in path.
if (path.indexOf("/../") != -1
|| path.equals("..")
|| path.startsWith("../")
|| path.endsWith("/..")) {
res.sendError(HttpServletResponse.SC_FORBIDDEN, "Path cannot contain \"..\" directory.");
log.info(UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_FORBIDDEN, -1));
return;
}
// Don't allow access to WEB-INF or META-INF directories.
String upper = path.toUpperCase();
if (upper.indexOf("WEB-INF") != -1 || upper.indexOf("META-INF") != -1) {
res.sendError(
HttpServletResponse.SC_FORBIDDEN, "Path cannot contain \"WEB-INF\" or \"META-INF\".");
log.info(UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_FORBIDDEN, -1));
return;
}
// Find a regular file
File regFile = null;
// Look in content directory for regular file.
File cFile = new File(ServletUtil.formFilename(getContentPath(), path));
if (cFile.exists()) {
if (cFile.isDirectory()) {
if (!path.endsWith("/")) {
String newPath = req.getRequestURL().append("/").toString();
ServletUtil.sendPermanentRedirect(newPath, req, res);
}
// If request path is a directory, check for index.html file.
cFile = new File(cFile, "index.html");
if (cFile.exists() && !cFile.isDirectory()) regFile = cFile;
}
// If not a directory, use this file.
else regFile = cFile;
}
if (regFile == null) {
// Look in root directory.
File rFile = new File(ServletUtil.formFilename(getRootPath(), path));
if (rFile.exists()) {
if (rFile.isDirectory()) {
if (!path.endsWith("/")) {
String newPath = req.getRequestURL().append("/").toString();
ServletUtil.sendPermanentRedirect(newPath, req, res);
}
rFile = new File(rFile, "index.html");
if (rFile.exists() && !rFile.isDirectory()) regFile = rFile;
} else regFile = rFile;
}
}
if (regFile == null) {
res.sendError(HttpServletResponse.SC_NOT_FOUND); // 404
log.info(UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_NOT_FOUND, -1));
return;
}
ServletUtil.returnFile(servlet, req, res, regFile, null);
}
