Skip to content

D
DHAS
Switch branch/tag
Find file
Normal viewHistoryPermalink
GetImage.java 5.17 KB
Newer Older
UPGIT10
40c38a72
 
Thitichaipun Wutthisak committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 
/*
 * Copyright 2006 Pentaho Corporation.  All rights reserved. 
 * This software was developed by Pentaho Corporation and is provided under the terms 
 * of the Mozilla Public License, Version 1.1, or any later version. You may not use 
 * this file except in compliance with the license. If you need a copy of the license, 
 * please go to http://www.mozilla.org/MPL/MPL-1.1.txt. The Original Code is the Pentaho 
 * BI Platform.  The Initial Developer is Pentaho Corporation.
 *
 * Software distributed under the Mozilla Public License is distributed on an "AS IS" 
 * basis, WITHOUT WARRANTY OF ANY KIND, either express or  implied. Please refer to 
 * the license for the specific language governing your rights and limitations.
 *
 * @created Jul 26, 2005 
 * @author Gretchen Moran 
 * 
 */

package org.pentaho.ui.servlet;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.core.repository.ISolutionRepository;
import org.pentaho.core.session.IPentahoSession;
import org.pentaho.core.system.PentahoSystem;
import org.pentaho.messages.Messages;
import org.pentaho.util.StringUtil;

public class GetImage extends ServletBase {
  private static final long serialVersionUID = 119698153917362988L;

  private static final Log logger = LogFactory.getLog(GetImage.class);

  public GetImage() {
  }

  protected void doGet(HttpServletRequest arg0, HttpServletResponse arg1) throws ServletException, IOException {
    doPost(arg0, arg1);
  }

  public Log getLogger() {
    return logger;
  }

  protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    try {
      PentahoSystem.systemEntryPoint();

      // TODO perform any authorization here...
      final IPentahoSession userSession = getPentahoSession(request);
      final String user = request.getRemoteUser();
      if (user != null && !userSession.isAuthenticated()) {
        // the user was not logged in before but is now....
        userSession.setAuthenticated(user);
      }

      final String image = request.getParameter("image"); //$NON-NLS-1$
      if (image != null) {
        if (debug) {
          debug(Messages.getString("IMAGE.DEBUG_IMAGE_PARAMETER") + image); //$NON-NLS-1$
        }
      } else {
        error(Messages.getErrorString("IMAGE.ERROR_0001_IMAGE_PARAMETER_EMPTY")); //$NON-NLS-1$
        return;
      }

      // some sanity checks ...
      if ( StringUtil.doesPathContainParentPathSegment( image ) ) {
        error(Messages.getErrorString("IMAGE.ERROR_0002_FILE_NOT_FOUND", image)); //$NON-NLS-1$
        // we don't give hints that we check the parameter. Just return not
        // found.
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
        return;
      }

      final String tempDirectory = "system/tmp/"; //$NON-NLS-1$

      String location = image.charAt(0) != '/' && image.charAt(0) != '\\' ? tempDirectory + image : tempDirectory
          + image.substring(1);
      //      if (image.charAt(0) != '/' && image.charAt(0) != '\\') {
      //        file = new File(tempDirectory, image);
      //      } else {
      //        file = new File(tempDirectory, image.substring(1));
      //      }

      // paranoia: Check whether the new file is contained in the temp
      // directory.
      // an evil user could simply use "//" as parameter and would therefore
      // circument the test above ...
      //      IOUtils ioUtils = IOUtils.getInstance();
      //      if (ioUtils.isSubDirectory(tempDirectory, file) == false) {
      //        error(Messages.getErrorString("IMAGE.ERROR_0002_FILE_NOT_FOUND", image)); //$NON-NLS-1$
      //        // we dont give hints that we check the parameter. Just return not
      //        // found.
      //        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
      //        return;
      //      }
      ISolutionRepository repository = PentahoSystem.getSolutionRepository(userSession);

      //    Open the file and output streams
      InputStream in = repository.getResourceInputStream(location, true);

      if (in == null) {
        error(Messages.getErrorString("IMAGE.ERROR_0002_FILE_NOT_FOUND", image)); //$NON-NLS-1$
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
        return;
      }

      String mimeType = getServletContext().getMimeType(image);
      if ((null == mimeType) || (mimeType.length() <= 0)) {
        // Hard coded to PNG because BIRT does not give us a mime type at
        // all...
        response.setContentType("image/png"); //$NON-NLS-1$
      } else {
        response.setContentType(mimeType);
      }
      OutputStream out = response.getOutputStream();
      try {
        byte buffer[] = new byte[2048];
        int n, length = 0;
        while ((n = in.read(buffer)) > 0) {
          out.write(buffer, 0, n);
          length += n;
        }
        response.setContentLength(length);
      } finally {
        in.close();
        out.close();
      }
    } finally {
      PentahoSystem.systemExitPoint();
    }

  }

}