001
014
015 package com.liferay.portal.webserver;
016
017 import com.liferay.portal.kernel.image.SpriteProcessor;
018 import com.liferay.portal.kernel.servlet.HttpHeaders;
019 import com.liferay.portal.kernel.servlet.ServletResponseUtil;
020 import com.liferay.portal.kernel.util.JavaConstants;
021 import com.liferay.portal.kernel.util.MimeTypesUtil;
022 import com.liferay.portal.kernel.util.StringPool;
023 import com.liferay.portal.kernel.util.Validator;
024 import com.liferay.portal.util.PropsValues;
025
026 import java.io.File;
027 import java.io.FileInputStream;
028 import java.io.IOException;
029
030 import java.net.URLDecoder;
031
032 import javax.servlet.ServletConfig;
033 import javax.servlet.ServletException;
034 import javax.servlet.http.HttpServletRequest;
035 import javax.servlet.http.HttpServletResponse;
036
037
040 public class DynamicResourceServlet extends WebServerServlet {
041
042 @Override
043 public void init(ServletConfig servletConfig) throws ServletException {
044 super.init(servletConfig);
045
046 _tempDir = (File)getServletContext().getAttribute(
047 JavaConstants.JAVAX_SERVLET_CONTEXT_TEMPDIR);
048 }
049
050 @Override
051 public void service(
052 HttpServletRequest request, HttpServletResponse response)
053 throws IOException {
054
055 String servletPath = request.getServletPath();
056 String pathInfo = URLDecoder.decode(
057 request.getPathInfo(), StringPool.UTF8);
058
059 String path = servletPath.concat(pathInfo);
060
061 if (!isAllowedPath(path)) {
062 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
063
064 return;
065 }
066
067 File rootDir = _tempDir;
068
069 File file = new File(rootDir, path);
070
071 if (servletPath.equals(SpriteProcessor.PATH)) {
072 String spriteRootDirName = PropsValues.SPRITE_ROOT_DIR;
073
074 if (Validator.isNotNull(spriteRootDirName)) {
075 rootDir = new File(spriteRootDirName);
076
077 file = new File(rootDir, pathInfo);
078 }
079 }
080
081 String canonicalPath = file.getCanonicalPath();
082
083 if (!file.exists() || file.isDirectory() || !file.canRead() ||
084 file.isHidden() ||
085 !canonicalPath.startsWith(rootDir.getCanonicalPath())) {
086
087 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
088
089 return;
090 }
091
092 long lastModified = file.lastModified();
093
094 if (lastModified > 0) {
095 long ifModifiedSince = request.getDateHeader(
096 HttpHeaders.IF_MODIFIED_SINCE);
097
098 if ((ifModifiedSince > 0) && (ifModifiedSince == lastModified)) {
099 response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
100
101 return;
102 }
103 }
104
105 if (lastModified > 0) {
106 response.setDateHeader(HttpHeaders.LAST_MODIFIED, lastModified);
107 }
108
109 String fileName = file.getName();
110
111
112
113 String contentType = MimeTypesUtil.getContentType(fileName);
114
115
116
117 if (isSupportsRangeHeader(contentType)) {
118 ServletResponseUtil.sendFileWithRangeHeader(
119 request, response, fileName, new FileInputStream(file),
120 file.length(), contentType);
121 }
122 else {
123 ServletResponseUtil.sendFile(
124 request, response, fileName, new FileInputStream(file),
125 file.length(), contentType);
126 }
127 }
128
129 protected boolean isAllowedPath(String path) {
130 for (String allowedPath :
131 PropsValues.DYNAMIC_RESOURCE_SERVLET_ALLOWED_PATHS) {
132
133 if (path.startsWith(allowedPath)) {
134 return true;
135 }
136 }
137
138 return false;
139 }
140
141 private File _tempDir;
142
143 }