001: /* ===========================================================
002: * JFreeChart : a free chart library for the Java(tm) platform
003: * ===========================================================
004: *
005: * (C) Copyright 2000-2007, by Object Refinery Limited and Contributors.
006: *
007: * Project Info: http://www.jfree.org/jfreechart/index.html
008: *
009: * This library is free software; you can redistribute it and/or modify it
010: * under the terms of the GNU Lesser General Public License as published by
011: * the Free Software Foundation; either version 2.1 of the License, or
012: * (at your option) any later version.
013: *
014: * This library is distributed in the hope that it will be useful, but
015: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
016: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
017: * License for more details.
018: *
019: * You should have received a copy of the GNU Lesser General Public
020: * License along with this library; if not, write to the Free Software
021: * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
022: * USA.
023: *
024: * [Java is a trademark or registered trademark of Sun Microsystems, Inc.
025: * in the United States and other countries.]
026: *
027: * -----------------
028: * DisplayChart.java
029: * -----------------
030: * (C) Copyright 2002-2007, by Richard Atkinson and Contributors.
031: *
032: * Original Author: Richard Atkinson;
033: * Contributor(s): David Gilbert (for Object Refinery Limited);
034: *
035: * $Id: DisplayChart.java,v 1.2.2.3 2007/02/02 15:03:19 mungady Exp $
036: *
037: * Changes
038: * -------
039: * 19-Aug-2002 : Version 1;
040: * 09-Mar-2005 : Added facility to serve up "one time" charts - see
041: * ServletUtilities.java (DG);
042: * ------------- JFREECHART 1.0.x ---------------------------------------------
043: * 02-Feb-2007 : Removed author tags all over JFreeChart sources (DG);
044: *
045: */
046:
047: package org.jfree.chart.servlet;
048:
049: import java.io.File;
050: import java.io.IOException;
051:
052: import javax.servlet.ServletException;
053: import javax.servlet.http.HttpServlet;
054: import javax.servlet.http.HttpServletRequest;
055: import javax.servlet.http.HttpServletResponse;
056: import javax.servlet.http.HttpSession;
057:
058: /**
059: * Servlet used for streaming charts to the client browser from the temporary
060: * directory. You need to add this servlet and mapping to your deployment
061: * descriptor (web.xml) in order to get it to work. The syntax is as follows:
062: * <xmp>
063: * <servlet>
064: * <servlet-name>DisplayChart</servlet-name>
065: * <servlet-class>org.jfree.chart.servlet.DisplayChart</servlet-class>
066: * </servlet>
067: * <servlet-mapping>
068: * <servlet-name>DisplayChart</servlet-name>
069: * <url-pattern>/servlet/DisplayChart</url-pattern>
070: * </servlet-mapping>
071: * </xmp>
072: */
073: public class DisplayChart extends HttpServlet {
074:
075: /**
076: * Default constructor.
077: */
078: public DisplayChart() {
079: super ();
080: }
081:
082: /**
083: * Init method.
084: *
085: * @throws ServletException never.
086: */
087: public void init() throws ServletException {
088: return;
089: }
090:
091: /**
092: * Service method.
093: *
094: * @param request the request.
095: * @param response the response.
096: *
097: * @throws ServletException ??.
098: * @throws IOException ??.
099: */
100: public void service(HttpServletRequest request,
101: HttpServletResponse response) throws ServletException,
102: IOException {
103:
104: HttpSession session = request.getSession();
105: String filename = request.getParameter("filename");
106:
107: if (filename == null) {
108: throw new ServletException(
109: "Parameter 'filename' must be supplied");
110: }
111:
112: // Replace ".." with ""
113: // This is to prevent access to the rest of the file system
114: filename = ServletUtilities.searchReplace(filename, "..", "");
115:
116: // Check the file exists
117: File file = new File(System.getProperty("java.io.tmpdir"),
118: filename);
119: if (!file.exists()) {
120: throw new ServletException("File '"
121: + file.getAbsolutePath() + "' does not exist");
122: }
123:
124: // Check that the graph being served was created by the current user
125: // or that it begins with "public"
126: boolean isChartInUserList = false;
127: ChartDeleter chartDeleter = (ChartDeleter) session
128: .getAttribute("JFreeChart_Deleter");
129: if (chartDeleter != null) {
130: isChartInUserList = chartDeleter.isChartAvailable(filename);
131: }
132:
133: boolean isChartPublic = false;
134: if (filename.length() >= 6) {
135: if (filename.substring(0, 6).equals("public")) {
136: isChartPublic = true;
137: }
138: }
139:
140: boolean isOneTimeChart = false;
141: if (filename.startsWith(ServletUtilities
142: .getTempOneTimeFilePrefix())) {
143: isOneTimeChart = true;
144: }
145:
146: if (isChartInUserList || isChartPublic || isOneTimeChart) {
147: // Serve it up
148: ServletUtilities.sendTempFile(file, response);
149: if (isOneTimeChart) {
150: file.delete();
151: }
152: } else {
153: throw new ServletException("Chart image not found");
154: }
155: return;
156: }
157:
158: }
|