/**
* return OutputStream of JasperReport object, this page could only be viewed from localhost for
* security concern. parameter can be (id), or (table and type)
*
* @param id - report id, or
* @param table - table name
* @param type - reporttype "s","l","o", case insensitive
* @param client(*) - client domain
* @param version - version number, default to -1
*/
public void process(HttpServletRequest request, HttpServletResponse response) throws Exception {
String clientName = request.getParameter("client");
int objectId = ParamUtils.getIntAttributeOrParameter(request, "id", -1);
if (objectId == -1) {
// try using table and type
objectId =
getReportId(clientName, request.getParameter("table"), request.getParameter("type"));
}
if (objectId == -1) {
logger.error("report not found, request is:" + Tools.toString(request));
throw new NDSException("report not found");
}
int version = ParamUtils.getIntAttributeOrParameter(request, "version", -1);
File reportXMLFile = new File(ReportTools.getReportFile(objectId, clientName));
if (reportXMLFile.exists()) {
// generate jasperreport if file not exists or not newer
String reportName =
reportXMLFile.getName().substring(0, reportXMLFile.getName().lastIndexOf("."));
File reportJasperFile = new File(reportXMLFile.getParent(), reportName + ".jasper");
if (!reportJasperFile.exists()
|| reportJasperFile.lastModified() < reportXMLFile.lastModified()) {
JasperCompileManager.compileReportToFile(
reportXMLFile.getAbsolutePath(), reportJasperFile.getAbsolutePath());
}
InputStream is = new FileInputStream(reportJasperFile);
response.setContentType("application/octetstream;");
response.setContentLength((int) reportJasperFile.length());
// response.setHeader("Content-Disposition","inline;filename=\""+reportJasperFile.getName()+"\"");
ServletOutputStream os = response.getOutputStream();
byte[] b = new byte[8192];
int bInt;
while ((bInt = is.read(b, 0, b.length)) != -1) {
os.write(b, 0, bInt);
}
is.close();
os.flush();
os.close();
} else {
throw new NDSException("Not found report template");
}
}
public void download(HttpServletResponse response, String filename) throws IOException {
StringTokenizer tokenTO = new StringTokenizer(filename, "\\");
int j = 0;
String[] filepath1 = new String[10];
while (tokenTO.hasMoreTokens()) {
filepath1[j] = tokenTO.nextToken();
j++;
}
String filepath = "";
for (int m = 0; m < j - 1; m++) {
filepath = filepath + filepath1[m] + "\\";
}
filepath = filepath + filepath1[j - 1];
File down_file = new java.io.File(filepath);
long l = down_file.length(); // 文件长度
InputStream in = new FileInputStream(down_file);
if (in != null) {
try {
String fs = down_file.getName();
response.reset();
response.setContentType(null); //
String s = "attachment; filename=" + fs; //
response.setHeader("Content-Disposition", s); // 以上输出文件元信息
OutputStream output = null;
FileInputStream fis = null;
output = response.getOutputStream();
fis = new FileInputStream(filepath);
response.setContentLength((int) l);
byte[] b = new byte[2048];
int i = 0;
while ((i = fis.read(b)) > 0) {
output.write(b, 0, i);
}
output.flush();
in.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
public void writeLandingPage(HttpServletRequest request, HttpServletResponse response)
throws IOException {
String landingPage = getNewTokenLandingPage();
/** default to current page * */
if (landingPage == null) {
StringBuilder sb = new StringBuilder();
sb.append(request.getContextPath());
sb.append(request.getServletPath());
landingPage = sb.toString();
}
/** create auto posting form * */
StringBuilder sb = new StringBuilder();
sb.append("<html>\r\n");
sb.append("<head>\r\n");
sb.append("<title>OWASP CSRFGuard Project - New Token Landing Page</title>\r\n");
sb.append("</head>\r\n");
sb.append("<body>\r\n");
sb.append("<script type=\"text/javascript\">\r\n");
sb.append("var form = document.createElement(\"form\");\r\n");
sb.append("form.setAttribute(\"method\", \"post\");\r\n");
sb.append("form.setAttribute(\"action\", \"");
sb.append(landingPage);
sb.append("\");\r\n");
/** only include token if needed * */
if (isProtectedPage(landingPage)) {
sb.append("var hiddenField = document.createElement(\"input\");\r\n");
sb.append("hiddenField.setAttribute(\"type\", \"hidden\");\r\n");
sb.append("hiddenField.setAttribute(\"name\", \"");
sb.append(getTokenName());
sb.append("\");\r\n");
sb.append("hiddenField.setAttribute(\"value\", \"");
sb.append(getTokenValue(request, landingPage));
sb.append("\");\r\n");
sb.append("form.appendChild(hiddenField);\r\n");
}
sb.append("document.body.appendChild(form);\r\n");
sb.append("form.submit();\r\n");
sb.append("</script>\r\n");
sb.append("</body>\r\n");
sb.append("</html>\r\n");
String code = sb.toString();
/** setup headers * */
response.setContentType("text/html");
response.setContentLength(code.length());
/** write auto posting form * */
OutputStream output = null;
PrintWriter writer = null;
try {
output = response.getOutputStream();
writer = new PrintWriter(output);
writer.write(code);
writer.flush();
} finally {
Writers.close(writer);
Streams.close(output);
}
}
/**
* Write a file to the response stream. Handles Range requests.
*
* @param req request
* @param res response
* @param file must exists and not be a directory
* @param contentType must not be null
* @throws IOException or error
*/
public static void returnFile(
HttpServletRequest req, HttpServletResponse res, File file, String contentType)
throws IOException {
res.setContentType(contentType);
// see if its a Range Request
boolean isRangeRequest = false;
long startPos = 0, endPos = Long.MAX_VALUE;
String rangeRequest = req.getHeader("Range");
if (rangeRequest != null) { // bytes=12-34 or bytes=12-
int pos = rangeRequest.indexOf("=");
if (pos > 0) {
int pos2 = rangeRequest.indexOf("-");
if (pos2 > 0) {
String startString = rangeRequest.substring(pos + 1, pos2);
String endString = rangeRequest.substring(pos2 + 1);
startPos = Long.parseLong(startString);
if (endString.length() > 0) endPos = Long.parseLong(endString) + 1;
isRangeRequest = true;
}
}
}
// set content length
long fileSize = file.length();
long contentLength = fileSize;
if (isRangeRequest) {
endPos = Math.min(endPos, fileSize);
contentLength = endPos - startPos;
}
if (contentLength > Integer.MAX_VALUE)
res.addHeader(
"Content-Length", Long.toString(contentLength)); // allow content length > MAX_INT
else res.setContentLength((int) contentLength); // note HEAD only allows this
String filename = file.getPath();
boolean debugRequest = Debug.isSet("returnFile");
if (debugRequest)
log.debug(
"returnFile(): filename = "
+ filename
+ " contentType = "
+ contentType
+ " contentLength = "
+ contentLength);
// indicate we allow Range Requests
res.addHeader("Accept-Ranges", "bytes");
if (req.getMethod().equals("HEAD")) {
log.info(
"returnFile(): "
+ UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_OK, 0));
return;
}
try {
if (isRangeRequest) {
// set before content is sent
res.addHeader("Content-Range", "bytes " + startPos + "-" + (endPos - 1) + "/" + fileSize);
res.setStatus(HttpServletResponse.SC_PARTIAL_CONTENT);
FileCacheRaf.Raf craf = null;
try {
craf = fileCacheRaf.acquire(filename);
IO.copyRafB(
craf.getRaf(), startPos, contentLength, res.getOutputStream(), new byte[60000]);
log.info(
"returnFile(): "
+ UsageLog.closingMessageForRequestContext(
HttpServletResponse.SC_PARTIAL_CONTENT, contentLength));
return;
} finally {
if (craf != null) fileCacheRaf.release(craf);
}
}
// Return the file
ServletOutputStream out = res.getOutputStream();
IO.copyFileB(file, out, 60000);
res.flushBuffer();
out.close();
if (debugRequest) log.debug("returnFile(): returnFile ok = " + filename);
log.info(
"returnFile(): "
+ UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_OK, contentLength));
}
// @todo Split up this exception handling: those from file access vs those from dealing with
// response
// File access: catch and res.sendError()
// response: don't catch (let bubble up out of doGet() etc)
catch (FileNotFoundException e) {
log.error("returnFile(): FileNotFoundException= " + filename);
log.info(
"returnFile(): "
+ UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_NOT_FOUND, 0));
if (!res.isCommitted()) res.sendError(HttpServletResponse.SC_NOT_FOUND);
} catch (java.net.SocketException e) {
log.info("returnFile(): SocketException sending file: " + filename + " " + e.getMessage());
log.info("returnFile(): " + UsageLog.closingMessageForRequestContext(STATUS_CLIENT_ABORT, 0));
} catch (IOException e) {
String eName =
e.getClass().getName(); // dont want compile time dependency on ClientAbortException
if (eName.equals("org.apache.catalina.connector.ClientAbortException")) {
log.info(
"returnFile(): ClientAbortException while sending file: "
+ filename
+ " "
+ e.getMessage());
log.info(
"returnFile(): " + UsageLog.closingMessageForRequestContext(STATUS_CLIENT_ABORT, 0));
return;
}
log.error("returnFile(): IOException (" + e.getClass().getName() + ") sending file ", e);
log.error(
"returnFile(): "
+ UsageLog.closingMessageForRequestContext(HttpServletResponse.SC_NOT_FOUND, 0));
if (!res.isCommitted())
res.sendError(HttpServletResponse.SC_NOT_FOUND, "Problem sending file: " + e.getMessage());
}
}
