/** {@inheritDoc} */ @Override protected ModelAndView handleRequestInternal( HttpServletRequest request, HttpServletResponse response) throws Exception { String fileName = request.getParameter("fileName"); m_reportdConfigurationDao = BeanUtils.getBean("reportdContext", "reportdConfigDao", ReportdConfigurationDao.class); final File storageDirectory = new File(m_reportdConfigurationDao.getStorageDirectory()); if (fileName != null) { final File requestedFile = new File(fileName); if (!requestedFile .getParentFile() .getCanonicalFile() .equals(storageDirectory.getCanonicalFile())) { LogUtils.warnf( this, "User attempted to retrieve file %s but was restricted to %s", requestedFile, storageDirectory); throw new IllegalArgumentException( "Cannot retrieve reports from outside Reportd storage directory"); } if (fileName.toLowerCase().endsWith(".pdf")) { response.setContentType("application/pdf;charset=UTF-8"); } if (fileName.toLowerCase().endsWith(".csv")) { response.setContentType("text/csv;charset=UTF-8"); } response.setHeader("Content-disposition", "inline; filename=" + fileName); response.setHeader("Pragma", "public"); response.setHeader("Cache-Control", "cache"); response.setHeader("Cache-Control", "must-revalidate"); StreamUtils.copy(new FileInputStream(new File(fileName)), response.getOutputStream()); return null; } String[] requiredParameters = new String[] {"locatorId", "format"}; for (String requiredParameter : requiredParameters) { if (request.getParameter(requiredParameter) == null) { throw new MissingParameterException(requiredParameter, requiredParameters); } } try { Integer reportCatalogEntryId = Integer.valueOf(WebSecurityUtils.safeParseInt(request.getParameter("locatorId"))); String requestFormat = new String(request.getParameter("format")); if ((ReportFormat.PDF == ReportFormat.valueOf(requestFormat)) || (ReportFormat.SVG == ReportFormat.valueOf(requestFormat))) { response.setContentType("application/pdf;charset=UTF-8"); response.setHeader( "Content-disposition", "inline; filename=" + reportCatalogEntryId.toString() + ".pdf"); response.setHeader("Pragma", "public"); response.setHeader("Cache-Control", "cache"); response.setHeader("Cache-Control", "must-revalidate"); } if (ReportFormat.CSV == ReportFormat.valueOf(requestFormat)) { response.setContentType("text/csv;charset=UTF-8"); response.setHeader( "Content-disposition", "inline; filename=" + reportCatalogEntryId.toString() + ".csv"); response.setHeader("Pragma", "public"); response.setHeader("Cache-Control", "cache"); response.setHeader("Cache-Control", "must-revalidate"); } m_reportStoreService.render( reportCatalogEntryId, ReportFormat.valueOf(requestFormat), (OutputStream) response.getOutputStream()); } catch (NumberFormatException e) { // TODO something useful here. } return null; }