Source Code Cross Referenced for GetImage.java in  » Report » pentaho-report » org » pentaho » ui » servlet » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /*
002:         * Copyright 2006 Pentaho Corporation.  All rights reserved. 
003:         * This software was developed by Pentaho Corporation and is provided under the terms 
004:         * of the Mozilla Public License, Version 1.1, or any later version. You may not use 
005:         * this file except in compliance with the license. If you need a copy of the license, 
006:         * please go to http://www.mozilla.org/MPL/MPL-1.1.txt. The Original Code is the Pentaho 
007:         * BI Platform.  The Initial Developer is Pentaho Corporation.
008:         *
009:         * Software distributed under the Mozilla Public License is distributed on an "AS IS" 
010:         * basis, WITHOUT WARRANTY OF ANY KIND, either express or  implied. Please refer to 
011:         * the license for the specific language governing your rights and limitations.
012:         *
013:         * @created Jul 26, 2005 
014:         * @author Gretchen Moran 
015:         * 
016:         */
017:
018:        package org.pentaho.ui.servlet;
019:
020:        import java.io.IOException;
021:        import java.io.InputStream;
022:        import java.io.OutputStream;
023:
024:        import javax.servlet.ServletException;
025:        import javax.servlet.http.HttpServletRequest;
026:        import javax.servlet.http.HttpServletResponse;
027:
028:        import org.apache.commons.logging.Log;
029:        import org.apache.commons.logging.LogFactory;
030:        import org.pentaho.core.repository.ISolutionRepository;
031:        import org.pentaho.core.session.IPentahoSession;
032:        import org.pentaho.core.system.PentahoSystem;
033:        import org.pentaho.messages.Messages;
034:        import org.pentaho.util.StringUtil;
035:
036:        public class GetImage extends ServletBase {
037:            private static final long serialVersionUID = 119698153917362988L;
038:
039:            private static final Log logger = LogFactory.getLog(GetImage.class);
040:
041:            public GetImage() {
042:            }
043:
044:            protected void doGet(HttpServletRequest arg0,
045:                    HttpServletResponse arg1) throws ServletException,
046:                    IOException {
047:                doPost(arg0, arg1);
048:            }
049:
050:            public Log getLogger() {
051:                return logger;
052:            }
053:
054:            protected void doPost(HttpServletRequest request,
055:                    HttpServletResponse response) throws ServletException,
056:                    IOException {
057:                try {
058:                    PentahoSystem.systemEntryPoint();
059:
060:                    // TODO perform any authorization here...
061:                    final IPentahoSession userSession = getPentahoSession(request);
062:                    final String user = request.getRemoteUser();
063:                    if (user != null && !userSession.isAuthenticated()) {
064:                        // the user was not logged in before but is now....
065:                        userSession.setAuthenticated(user);
066:                    }
067:
068:                    final String image = request.getParameter("image"); //$NON-NLS-1$
069:                    if (image != null) {
070:                        if (debug) {
071:                            debug(Messages
072:                                    .getString("IMAGE.DEBUG_IMAGE_PARAMETER") + image); //$NON-NLS-1$
073:                        }
074:                    } else {
075:                        error(Messages
076:                                .getErrorString("IMAGE.ERROR_0001_IMAGE_PARAMETER_EMPTY")); //$NON-NLS-1$
077:                        return;
078:                    }
079:
080:                    // some sanity checks ...
081:                    if (StringUtil.doesPathContainParentPathSegment(image)) {
082:                        error(Messages.getErrorString(
083:                                "IMAGE.ERROR_0002_FILE_NOT_FOUND", image)); //$NON-NLS-1$
084:                        // we don't give hints that we check the parameter. Just return not
085:                        // found.
086:                        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
087:                        return;
088:                    }
089:
090:                    final String tempDirectory = "system/tmp/"; //$NON-NLS-1$
091:
092:                    String location = image.charAt(0) != '/'
093:                            && image.charAt(0) != '\\' ? tempDirectory + image
094:                            : tempDirectory + image.substring(1);
095:                    //      if (image.charAt(0) != '/' && image.charAt(0) != '\\') {
096:                    //        file = new File(tempDirectory, image);
097:                    //      } else {
098:                    //        file = new File(tempDirectory, image.substring(1));
099:                    //      }
100:
101:                    // paranoia: Check whether the new file is contained in the temp
102:                    // directory.
103:                    // an evil user could simply use "//" as parameter and would therefore
104:                    // circument the test above ...
105:                    //      IOUtils ioUtils = IOUtils.getInstance();
106:                    //      if (ioUtils.isSubDirectory(tempDirectory, file) == false) {
107:                    //        error(Messages.getErrorString("IMAGE.ERROR_0002_FILE_NOT_FOUND", image)); //$NON-NLS-1$
108:                    //        // we dont give hints that we check the parameter. Just return not
109:                    //        // found.
110:                    //        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
111:                    //        return;
112:                    //      }
113:                    ISolutionRepository repository = PentahoSystem
114:                            .getSolutionRepository(userSession);
115:
116:                    //    Open the file and output streams
117:                    InputStream in = repository.getResourceInputStream(
118:                            location, true);
119:
120:                    if (in == null) {
121:                        error(Messages.getErrorString(
122:                                "IMAGE.ERROR_0002_FILE_NOT_FOUND", image)); //$NON-NLS-1$
123:                        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
124:                        return;
125:                    }
126:
127:                    String mimeType = getServletContext().getMimeType(image);
128:                    if ((null == mimeType) || (mimeType.length() <= 0)) {
129:                        // Hard coded to PNG because BIRT does not give us a mime type at
130:                        // all...
131:                        response.setContentType("image/png"); //$NON-NLS-1$
132:                    } else {
133:                        response.setContentType(mimeType);
134:                    }
135:                    OutputStream out = response.getOutputStream();
136:                    try {
137:                        byte buffer[] = new byte[2048];
138:                        int n, length = 0;
139:                        while ((n = in.read(buffer)) > 0) {
140:                            out.write(buffer, 0, n);
141:                            length += n;
142:                        }
143:                        response.setContentLength(length);
144:                    } finally {
145:                        in.close();
146:                        out.close();
147:                    }
148:                } finally {
149:                    PentahoSystem.systemExitPoint();
150:                }
151:
152:            }
153:
154:        }