001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.webserver;
016    
017    import com.liferay.portal.kernel.image.SpriteProcessor;
018    import com.liferay.portal.kernel.servlet.HttpHeaders;
019    import com.liferay.portal.kernel.servlet.ServletResponseUtil;
020    import com.liferay.portal.kernel.util.JavaConstants;
021    import com.liferay.portal.kernel.util.MimeTypesUtil;
022    import com.liferay.portal.kernel.util.StringPool;
023    import com.liferay.portal.kernel.util.Validator;
024    import com.liferay.portal.util.PropsValues;
025    
026    import java.io.File;
027    import java.io.FileInputStream;
028    import java.io.IOException;
029    
030    import java.net.URLDecoder;
031    
032    import javax.servlet.ServletConfig;
033    import javax.servlet.ServletException;
034    import javax.servlet.http.HttpServletRequest;
035    import javax.servlet.http.HttpServletResponse;
036    
037    /**
038     * @author Raymond Aug??
039     */
040    public class DynamicResourceServlet extends WebServerServlet {
041    
042            @Override
043            public void init(ServletConfig servletConfig) throws ServletException {
044                    super.init(servletConfig);
045    
046                    _tempDir = (File)getServletContext().getAttribute(
047                            JavaConstants.JAVAX_SERVLET_CONTEXT_TEMPDIR);
048            }
049    
050            @Override
051            public void service(
052                            HttpServletRequest request, HttpServletResponse response)
053                    throws IOException {
054    
055                    String servletPath = request.getServletPath();
056                    String pathInfo = URLDecoder.decode(
057                            request.getPathInfo(), StringPool.UTF8);
058    
059                    String path = servletPath.concat(pathInfo);
060    
061                    if (!isAllowedPath(path)) {
062                            response.setStatus(HttpServletResponse.SC_NOT_FOUND);
063    
064                            return;
065                    }
066    
067                    File rootDir = _tempDir;
068    
069                    File file = new File(rootDir, path);
070    
071                    if (servletPath.equals(SpriteProcessor.PATH)) {
072                            String spriteRootDirName = PropsValues.SPRITE_ROOT_DIR;
073    
074                            if (Validator.isNotNull(spriteRootDirName)) {
075                                    rootDir = new File(spriteRootDirName);
076    
077                                    file = new File(rootDir, pathInfo);
078                            }
079                    }
080    
081                    String canonicalPath = file.getCanonicalPath();
082    
083                    if (!file.exists() || file.isDirectory() || !file.canRead() ||
084                            file.isHidden() ||
085                            !canonicalPath.startsWith(rootDir.getCanonicalPath())) {
086    
087                            response.setStatus(HttpServletResponse.SC_NOT_FOUND);
088    
089                            return;
090                    }
091    
092                    long lastModified = file.lastModified();
093    
094                    if (lastModified > 0) {
095                            long ifModifiedSince = request.getDateHeader(
096                                    HttpHeaders.IF_MODIFIED_SINCE);
097    
098                            if ((ifModifiedSince > 0) && (ifModifiedSince == lastModified)) {
099                                    response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
100    
101                                    return;
102                            }
103                    }
104    
105                    if (lastModified > 0) {
106                            response.setDateHeader(HttpHeaders.LAST_MODIFIED, lastModified);
107                    }
108    
109                    String fileName = file.getName();
110    
111                    // Determine proper content type
112    
113                    String contentType = MimeTypesUtil.getContentType(fileName);
114    
115                    // Send file
116    
117                    if (isSupportsRangeHeader(contentType)) {
118                            ServletResponseUtil.sendFileWithRangeHeader(
119                                    request, response, fileName, new FileInputStream(file),
120                                    file.length(), contentType);
121                    }
122                    else {
123                            ServletResponseUtil.sendFile(
124                                    request, response, fileName, new FileInputStream(file),
125                                    file.length(), contentType);
126                    }
127            }
128    
129            protected boolean isAllowedPath(String path) {
130                    for (String allowedPath :
131                                    PropsValues.DYNAMIC_RESOURCE_SERVLET_ALLOWED_PATHS) {
132    
133                            if (path.startsWith(allowedPath)) {
134                                    return true;
135                            }
136                    }
137    
138                    return false;
139            }
140    
141            private File _tempDir;
142    
143    }