1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.filters;
35
36 import info.magnolia.cms.beans.runtime.File;
37 import info.magnolia.cms.beans.runtime.FileProperties;
38 import info.magnolia.cms.core.AggregationState;
39 import info.magnolia.cms.core.Content;
40 import info.magnolia.cms.core.HierarchyManager;
41 import info.magnolia.cms.core.NodeData;
42 import info.magnolia.cms.security.AccessDeniedException;
43 import info.magnolia.context.MgnlContext;
44
45 import java.io.IOException;
46
47 import javax.jcr.PathNotFoundException;
48 import javax.jcr.PropertyType;
49 import javax.jcr.RepositoryException;
50 import javax.servlet.FilterChain;
51 import javax.servlet.ServletException;
52 import javax.servlet.http.HttpServletRequest;
53 import javax.servlet.http.HttpServletResponse;
54
55 import org.apache.commons.lang.StringUtils;
56 import org.slf4j.Logger;
57 import org.slf4j.LoggerFactory;
58
59
60
61
62
63
64
65
66 public class AggregatorFilter extends AbstractMgnlFilter{
67 private static final Logger log = LoggerFactory.getLogger(AggregatorFilter.class);
68 private final String VERSION_NUMBER = "mgnlVersion";
69
70 @Override
71 public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException{
72
73 boolean success;
74 try {
75 success = collect();
76 }
77 catch (AccessDeniedException e) {
78
79 log.debug(e.getMessage(), e);
80 if (!response.isCommitted()) {
81 response.setStatus(HttpServletResponse.SC_FORBIDDEN);
82 }
83
84 return;
85 }
86 catch (RepositoryException e) {
87 log.error(e.getMessage(), e);
88 throw new ServletException(e.getMessage(), e);
89 }
90
91 if (!success) {
92 log.debug("Resource not found, redirecting request for [{}] to 404 URI", request.getRequestURI());
93
94 if (!response.isCommitted()) {
95 response.sendError(HttpServletResponse.SC_NOT_FOUND);
96 }
97 else {
98 log.info("Unable to redirect to 404 page, response is already committed. URI was {}", request.getRequestURI());
99 }
100
101 return;
102 }
103 chain.doFilter(request, response);
104 }
105
106
107
108
109
110
111 protected boolean collect() throws RepositoryException {
112 final AggregationState aggregationState = MgnlContext.getAggregationState();
113 final String repository = aggregationState.getRepository();
114 final String handle = aggregationState.getHandle();
115
116 final HierarchyManager hierarchyManager = MgnlContext.getHierarchyManager(repository);
117
118 Content requestedPage = null;
119 NodeData requestedData = null;
120 final String templateName;
121
122 if (!isJcrPathValid(handle)) {
123
124 return false;
125 }
126
127 if (hierarchyManager.isExist(handle) && !hierarchyManager.isNodeData(handle)) {
128 requestedPage = hierarchyManager.getContent(handle);
129
130
131 if (MgnlContext.getAttribute(VERSION_NUMBER) != null) {
132
133 try {
134 requestedPage = requestedPage.getVersionedContent((String)MgnlContext.getAttribute(VERSION_NUMBER));
135 }
136 catch (RepositoryException re) {
137 log.debug(re.getMessage(), re);
138 log.error("Unable to get versioned state, rendering current state of {}", handle);
139 }
140 }
141
142 templateName = requestedPage.getMetaData().getTemplate();
143
144 if (StringUtils.isBlank(templateName)) {
145 log.error("No template configured for page [{}].", requestedPage.getHandle());
146 }
147 }
148 else {
149 if (hierarchyManager.isNodeData(handle)) {
150 requestedData = hierarchyManager.getNodeData(handle);
151 }
152 else {
153
154 int lastIndexOfSlash = handle.lastIndexOf("/");
155
156 if (lastIndexOfSlash > 0) {
157
158 final String handleToUse = StringUtils.substringBeforeLast(handle, "/");
159
160 try {
161 requestedData = hierarchyManager.getNodeData(handleToUse);
162 aggregationState.setHandle(handleToUse);
163
164
165 }
166 catch (PathNotFoundException e) {
167
168 return false;
169 }
170 catch (RepositoryException e) {
171 log.debug(e.getMessage(), e);
172 return false;
173 }
174 }
175 }
176
177 if (requestedData != null) {
178 templateName = requestedData.getAttribute(FileProperties.PROPERTY_TEMPLATE);
179 }
180 else {
181 return false;
182 }
183 }
184
185
186 if (requestedPage != null) {
187 aggregationState.setMainContent(requestedPage);
188 aggregationState.setCurrentContent(requestedPage);
189 }
190 if ((requestedData != null) && (requestedData.getType() == PropertyType.BINARY)) {
191 File file = new File(requestedData);
192 aggregationState.setFile(file);
193 }
194
195 aggregationState.setTemplateName(templateName);
196
197 return true;
198 }
199
200
201
202
203
204
205 private boolean isJcrPathValid(String handle) {
206 if (StringUtils.isBlank(handle) || StringUtils.equals(handle, "/")) {
207
208 return false;
209 }
210 if (StringUtils.containsAny(handle, new char[]{':', '*', '\n'})) {
211
212 return false;
213 }
214 if (StringUtils.contains(handle, " /")) {
215
216 return false;
217 }
218 return true;
219 }
220
221 }