001: /* Copyright 2003 The JA-SIG Collaborative. All rights reserved.
002: * See license distributed with this file and
003: * available online at http://www.uportal.org/license.html
004: */
005:
006: package org.jasig.portal;
007:
008: import java.io.*;
009: import java.net.*;
010: import java.util.StringTokenizer;
011:
012: import javax.servlet.*;
013: import javax.servlet.http.*;
014:
015: import org.jasig.portal.properties.PropertiesManager;
016: import org.jasig.portal.services.HttpClientManager;
017: import org.apache.commons.httpclient.Header;
018: import org.apache.commons.httpclient.HttpClient;
019: import org.apache.commons.httpclient.methods.GetMethod;
020: import org.apache.commons.logging.Log;
021: import org.apache.commons.logging.LogFactory;
022:
023: /**
024: * Proxy embedded content such as images for portal sessions.
025: * When portal is running over ssl, HttpProxyServlet can be used
026: * to deliver insecure content such as images over ssl to avoid
027: * mixed content in the browser window.
028: *
029: * @author Drew Mazurek (drew.mazurek@yale.edu)
030: * @author Susan Bramhall (susan.bramhall@yale.edu)
031: * @version 1.0
032: * @since uPortal 2.2
033: */
034: public class HttpProxyServlet extends HttpServlet {
035:
036: private static final Log log = LogFactory
037: .getLog(HttpProxyServlet.class);
038:
039: /**
040: * Returns content retreived from location following context (Path Info)
041: * If no content found returns 404
042: */
043: public void doGet(HttpServletRequest request,
044: HttpServletResponse response) throws ServletException,
045: IOException {
046:
047: // check referrer property - return 404 if incorrect.
048: final String checkReferer = PropertiesManager.getProperty(
049: HttpProxyServlet.class.getName() + ".checkReferer",
050: null);
051:
052: String target;
053:
054: // if checking referer then only supply proxied content for specific referer
055: // Ensures requests come from pages in the portal
056: if (null != checkReferer && !checkReferer.equals("")) {
057: StringTokenizer checkedReferers = new StringTokenizer(
058: checkReferer, " ");
059: boolean refOK = false;
060: String referer = request.getHeader("Referer");
061:
062: if (log.isDebugEnabled()) {
063: log.debug("HttpProxyServlet: HTTP Referer: " + referer);
064: }
065: if (null != referer) {
066: while (checkedReferers.hasMoreTokens()) {
067: String goodRef = checkedReferers.nextToken();
068: if (log.isDebugEnabled()) {
069: log.debug("HttpProxyServlet: checking for "
070: + goodRef);
071: }
072: if (referer.startsWith(goodRef)) {
073: refOK = true;
074: if (log.isDebugEnabled()) {
075: log
076: .debug("HttpProxyServlet: referer accepted "
077: + goodRef);
078: }
079: break;
080: }
081: }
082: if (!refOK) {
083: if (log.isWarnEnabled()) {
084: log.warn("HttpProxyServlet: bad Referer: "
085: + referer);
086: }
087: response.setStatus(404);
088: return;
089: }
090: } else /* referer is null so don't return element */{
091: if (log.isWarnEnabled()) {
092: log.warn("HttpProxyServlet: bad Referer: "
093: + referer);
094: }
095: response.setStatus(404);
096: return;
097: }
098: }
099:
100: if (request.getSession(false) == null) {
101: if (log.isWarnEnabled())
102: log.warn("HttpProxyServlet: no session");
103: response.setStatus(404);
104: return;
105: }
106:
107: // pathinfo is "/host/url"
108: if (request.getPathInfo() != null
109: && !request.getPathInfo().equals("")) {
110: target = "http:/" + request.getPathInfo();
111: String qs = request.getQueryString();
112: if (qs != null) {
113: target += "?" + request.getQueryString();
114: }
115: } else {
116: response.setStatus(404);
117: log.warn("HttpProxyServlet: getPathInfo is empty");
118: return;
119: }
120:
121: try {
122: final HttpClient client = HttpClientManager
123: .getNewHTTPClient();
124: final GetMethod get = new GetMethod(target);
125: final int rc = client.executeMethod(get);
126: if (rc != 200) {
127: response.setStatus(404);
128: log
129: .info("httpProxyServlet returning response 404 after receiving response code: "
130: + rc + " from url: " + "target");
131: }
132: final Header contentType = get
133: .getResponseHeader("content-type");
134: if (log.isDebugEnabled())
135: log
136: .debug("httpProxyServlet examining element with content type = "
137: + contentType);
138: if (!contentType.getValue().startsWith("image")) {
139: response.setStatus(404);
140: log
141: .info("httpProxyServlet returning response 404 after receiving element with contentType ="
142: + contentType);
143: }
144: response.setContentType(contentType.getValue());
145:
146: final ServletOutputStream out = response.getOutputStream();
147: try {
148: final InputStream is = get.getResponseBodyAsStream();
149: try {
150: final byte[] buf = new byte[4096];
151: int bytesRead;
152: while ((bytesRead = is.read(buf)) != -1) {
153: out.write(buf, 0, bytesRead);
154: }
155: } finally {
156: is.close();
157: }
158: } finally {
159: out.close();
160: }
161: } catch (MalformedURLException e) {
162: response.setStatus(404);
163: log
164: .warn("HttpProxyServlet: target="
165: + target.toString(), e);
166:
167: } catch (IOException e) {
168: response.setStatus(404);
169: log.warn(e, e);
170: }
171: }
172: }
|