View Javadoc
1   /**
2    * This file Copyright (c) 2018 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.admincentral;
35  
36  import static info.magnolia.cms.util.RequestDispatchUtil.REDIRECT_PREFIX;
37  import static java.util.stream.Collectors.toList;
38  
39  import info.magnolia.cms.util.RequestDispatchUtil;
40  import info.magnolia.cms.util.ServletUtil;
41  import info.magnolia.event.EventBus;
42  import info.magnolia.event.SystemEventBus;
43  import info.magnolia.objectfactory.ComponentProvider;
44  import info.magnolia.objectfactory.Components;
45  import info.magnolia.ui.framework.ioc.MagnoliaUiGuiceComponentProviderFactory;
46  import info.magnolia.ui.framework.ioc.SessionStore;
47  
48  import java.io.IOException;
49  import java.util.List;
50  
51  import javax.inject.Inject;
52  import javax.servlet.ServletException;
53  import javax.servlet.http.HttpServletRequest;
54  import javax.servlet.http.HttpServletResponse;
55  
56  import org.slf4j.Logger;
57  import org.slf4j.LoggerFactory;
58  
59  import com.google.inject.name.Names;
60  import com.vaadin.server.DeploymentConfiguration;
61  import com.vaadin.server.RequestHandler;
62  import com.vaadin.server.ServiceException;
63  import com.vaadin.server.VaadinRequest;
64  import com.vaadin.server.VaadinResponse;
65  import com.vaadin.server.VaadinServlet;
66  import com.vaadin.server.VaadinServletRequest;
67  import com.vaadin.server.VaadinServletResponse;
68  import com.vaadin.server.VaadinServletService;
69  import com.vaadin.server.VaadinSession;
70  import com.vaadin.server.communication.ServletBootstrapHandler;
71  
72  /**
73   * The {@link AdmincentralServlet} is responsible for initializing the root UI context,
74   * for further use of the Magnolia UI Framework within the {@link ResurfaceUI}.
75   *
76   * <p>In particular, it creates a new Magnolia {@link ComponentProvider} (<i>i.e.</i> Guice {@link com.google.inject.Injector Injector})
77   * upon servlet init, and makes sure all further Vaadin requests use it.
78   *
79   * @see MagnoliaUiGuiceComponentProviderFactory
80   * @see info.magnolia.ui.framework.ioc.UiContextReference
81   * @see ResurfaceUI
82   */
83  public class AdmincentralServlet extends VaadinServlet {
84      private static final Logger log = LoggerFactory.getLogger(AdmincentralServlet.class);
85  
86      private final MagnoliaUiGuiceComponentProviderFactory componentProviderFactory;
87      private ComponentProvider componentProvider;
88  
89      @Inject
90      public AdmincentralServlet(MagnoliaUiGuiceComponentProviderFactory componentProviderFactory) {
91          this.componentProviderFactory = componentProviderFactory;
92      }
93  
94      @Override
95      protected void servletInitialized() throws ServletException {
96          super.servletInitialized();
97          this.componentProvider = componentProviderFactory.create();
98  
99          EventBus systemEventBus = Components.getComponentWithAnnotation(EventBus.class, Names.named(SystemEventBus.NAME));
100         getServletContext().setAttribute("componentProvider", componentProvider);
101 
102         getService().addSessionInitListener(event -> {
103             VaadinSession session = event.getSession();
104             session.setAttribute(SessionStore.class, new SessionStore(session, systemEventBus));
105             session.addUIProvider(componentProvider.newInstance(ResurfaceUIProvider.class));
106         });
107     }
108 
109     @Override
110     protected void service(HttpServletRequest request, HttpServletResponse response) throws IOException {
111         try {
112             Components.pushProvider(componentProvider);
113             super.service(request, response);
114         } catch (Exception e) {
115             log.error("An internal error has occurred in the AdmincentralServlet.", e);
116         } finally {
117             Components.popProvider();
118         }
119     }
120 
121     @Override
122     protected VaadinServletService createServletService(DeploymentConfiguration deploymentConfiguration) throws ServiceException {
123         VaadinServletService service = new VaadinServletService(this, deploymentConfiguration) {
124             @Override
125             protected List<RequestHandler> createRequestHandlers() throws ServiceException {
126                 List<RequestHandler> handlers = super.createRequestHandlers();
127                 return handlers.stream()
128                         .map(requestHandler -> {
129                             // discard default bootstrap-handler
130                             if (requestHandler instanceof ServletBootstrapHandler) {
131                                 return new JsessionidFriendlyBootstrapHandler();
132                             }
133                             return requestHandler;
134                         })
135                         .collect(toList());
136             }
137         };
138         service.init();
139         return service;
140     }
141 
142     /**
143      * We replace the default {@link ServletBootstrapHandler} with our own so that we can specify
144      * the `serviceUrl` explicitly. It's otherwise left empty making the client determine it
145      * using location.href. The client does not play well with this and appends paths after
146      * the JSESSIONID instead of in front of it.
147      *
148      * <p>This could result in problems both for {@linkplain com.vaadin.server.communication.UidlRequestHandler UIDL communication}
149      * as well as for loading {@linkplain com.vaadin.server.communication.PublishedFileHandler published resources}
150      * specified using {@link com.vaadin.ui.JavaScript @JavaScript} and {@link org.w3c.dom.stylesheets.StyleSheet @StyleSheet}.<br/>
151      * This serves the same purpose as former `info.magnolia.ui.admincentral.AdmincentralVaadinServlet`.
152      *
153      * <p>In addition, since Vaadin requires cookies to function, we strip the JSESSIONID altogether
154      * once we know the cookie method is gonna be used.
155      *
156      * @see com.vaadin.client.ApplicationConfiguration
157      * @see <a href="http://jira.magnolia-cms.com/browse/MGNLUI-4642">MGNLUI-4642</a>
158      */
159     static class JsessionidFriendlyBootstrapHandler extends ServletBootstrapHandler {
160         @Override
161         public boolean synchronizedHandleRequest(VaadinSession session, VaadinRequest request, VaadinResponse response) throws IOException {
162             if (request instanceof HttpServletRequest) {
163                 // we expect this to be a VaadinServletRequest (both a VaadinRequest and an HttpServletRequest)
164                 HttpServletRequest httpRequest = (HttpServletRequest) request;
165 
166                 // redirect initial bootstrap requests should they come with a JSESSIONID
167                 // effectively amend the redirection done by LoginFilter (via HttpServletResponse#encodeRedirectURL)
168                 // by the Vaadin stage we know it's using cooking session-tracking.
169                 if (httpRequest.isRequestedSessionIdFromCookie() && httpRequest.getRequestURI().contains(";jsessionid")) {
170                     String redirectUri = ServletUtil.stripPathParameters(httpRequest.getRequestURI());
171                     return RequestDispatchUtil.dispatch(REDIRECT_PREFIX + redirectUri, ((VaadinServletRequest) request).getHttpServletRequest(), (VaadinServletResponse) response);
172                 }
173             }
174 
175             return super.synchronizedHandleRequest(session, request, response);
176         }
177 
178         @Override
179         protected String getServiceUrl(BootstrapContext context) {
180             return ServletUtil.getOriginalRequestURI(((VaadinServletRequest) context.getRequest()).getHttpServletRequest());
181         }
182     }
183 }