1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.myfaces.webapp.filter; 20 21 import java.io.IOException; 22 23 import javax.servlet.Filter; 24 import javax.servlet.FilterChain; 25 import javax.servlet.FilterConfig; 26 import javax.servlet.ServletContext; 27 import javax.servlet.ServletException; 28 import javax.servlet.ServletRequest; 29 import javax.servlet.ServletResponse; 30 import javax.servlet.http.HttpServletRequest; 31 import javax.servlet.http.HttpServletResponse; 32 33 import org.apache.commons.fileupload.servlet.ServletFileUpload; 34 import org.apache.commons.logging.Log; 35 import org.apache.commons.logging.LogFactory; 36 import org.apache.myfaces.renderkit.html.util.AddResource; 37 import org.apache.myfaces.renderkit.html.util.AddResource2; 38 import org.apache.myfaces.renderkit.html.util.AddResourceFactory; 39 40 /** 41 * This filter provides a number of functions that many tomahawk components require. 42 * <p> 43 * In tomahawk versions up to and including 1.1.6, it is mandatory to define this filter in the application's 44 * web.xml in order to use some tomahawk components. In Tomahawk version 1.1.7, this filter is now optional; 45 * when defined it will be used as for earlier versions. When omitted, the same functionality is now 46 * automatically provided via classes TomahawkFacesContextFactory and ServeResourcePhaseListener. 47 * 48 * <h2>Response Buffering</h2> 49 * 50 * When the request is for a JSF page, and the configured "resource manager" 51 * requires response buffering then a response wrapper is created which 52 * buffers the entire output from the current request in memory. 53 * <p> 54 * Tomahawk provides at least three "resource managers": 55 * <ul> 56 * <li> DefaultAddResources (the default) does require response buffering. 57 * <li> NonBufferingAddResource does not require response buffering, but it 58 * renders javascript on body and offer support in portlets enviroments. 59 * <li> StreamingAddResources does not, but only provides a subset of the 60 * features of DefaultAddResources and therefore does not work with all 61 * Tomahawk components. 62 * </ul> 63 * <p> 64 * Only one "resource manager" may be configured for a webapp. See class 65 * AddResourceFactory for further details on configuring this. 66 * <p> 67 * When DefaultAddResources is enabled (default behaviour), the resulting 68 * response buffering does cause some unnecessary memory and performance 69 * impact for pages where no component in the page actually registers a 70 * resource that needs to be inserted into the page - but whether a page 71 * does that or not cannot be known until after the page has been rendered. 72 * In the rare case where a request to a JSF page generates non-html 73 * output (eg a PDF is generated as a response to a submit of a jsf page), 74 * the data is unfortunately buffered. However it is not post-processed, 75 * because its http content-type header will not be "text/html" (see other 76 * documentation for this class). 77 * 78 * <h2>Inserting Resources into HTML responses (DefaultAddResources)</h2> 79 * 80 * After the response has been completely generated (and cached in memory), 81 * this filter checks the http content-type header. If it is not html or xhtml, 82 * then the data is simply send to the response stream without further processing. 83 * 84 * For html or xhtml responses, this filter causes the data to be post-processed 85 * to insert any "resources" registered via the AddResources framework. This 86 * allows jsf components (and other code if it wants) to register data that 87 * should be output into an HTML page, particularly into places like an html 88 * "head" section, even when the component occurs after that part of the 89 * response has been generated. 90 * <p> 91 * The default "resource manager" (DefaultAddResources) supports inserting 92 * resources into any part of the generated page. The alternate class 93 * StreamingAddResources does not; it does not buffer output and therefore 94 * can only insert resources for a jsf component into the page after the 95 * point at which that component is rendered. In particular, this means that 96 * components that use external javascript files will not work with that 97 * "resource manager" as [script href=...] only works in the head section 98 * of an html page. 99 * 100 * <h2>Serving Resources from the Classpath</h2> 101 * 102 * Exactly what text gets inserted into an HTML page via a "resource" 103 * (see above) is managed by the AddResources class, not this one. However 104 * often it is useful for jsf components to be able to refer to resources 105 * that are on the classpath, and in particular when the resource is in the 106 * same jar as the component code. Servlet engines do not support serving 107 * resources from the classpath. However the AddResources framework can be 108 * used to generate a special url prefix that this filter can be mapped to, 109 * allowing this to be done. In particular, many Tomahawk components use 110 * this to bundle their necessary resources within the tomahawk jarfile. 111 * <p> 112 * When a request to such a url is found by this filter, the actual resource 113 * is located and streamed back to the user (no buffering required). See the 114 * AddResource class documentation for further details. 115 * 116 * <h2>Handling File Uploads</h2> 117 * 118 * Sometimes an application needs to allow a user to send a file of data 119 * to the web application. The html page needs only to include an input 120 * tag with type=file; clicking on this will prompt the user for a file 121 * to send. The browser will then send an http request to the server 122 * which is marked as a "mime multipart request" with normal http post 123 * parameters in one mime part, and the file contents in another mime part. 124 * <p> 125 * This filter also handles such requests, using the Apache HttpClient 126 * library to save the file into a configurable local directory before 127 * allowing the normal processing for the url that the post request 128 * refers to. A number of configuration properties on this filter control 129 * maximum file upload sizes and various other useful settings. See the 130 * documentation for the init method for more details. 131 * 132 * <h2>Avoiding Processing</h2> 133 * 134 * When the ExtensionsFilter is enabled, and the DefaultAddResources 135 * implementation is used then there is no way to avoid having the 136 * response buffered in memory. However as long as the mime-type set 137 * for the response data is <i>not</i> text/html then the data will 138 * be written out without any modifications. 139 * 140 * @author Sylvain Vieujot (latest modification by $Author: lu4242 $) 141 * @version $Revision: 954965 $ $Date: 2010-06-15 11:58:31 -0500 (Tue, 15 Jun 2010) $ 142 */ 143 public class ExtensionsFilter implements Filter { 144 145 private Log log = LogFactory.getLog(ExtensionsFilter.class); 146 147 private int _uploadMaxSize = 100 * 1024 * 1024; // 100 MB 148 149 private int _uploadMaxFileSize = 100 * 1024 * 1024; // 100 MB 150 151 private int _uploadThresholdSize = 1 * 1024 * 1024; // 1 MB 152 153 private String _uploadRepositoryPath = null; //standard temp directory 154 155 private boolean _cacheFileSizeErrors = false; 156 157 private ServletContext _servletContext; 158 159 public static final String DOFILTER_CALLED = "org.apache.myfaces.component.html.util.ExtensionFilter.doFilterCalled"; 160 161 /** 162 * Init method for this filter. 163 * <p> 164 * The following filter init parameters can be configured in the web.xml file 165 * for this filter: 166 * <ul> 167 * <li>uploadMaxFileSize</li> 168 * <li>uploadThresholdSize</li> 169 * <li>uploadRepositoryPath</li> 170 * <li>uploadMaxSize</li> 171 * <li>cacheFileSizeErrors</li> 172 * </ul> 173 * </p> 174 * <p> 175 * All size parameters may have the suffix "g" (gigabytes), "m" (megabytes) or "k" (kilobytes). 176 * </p> 177 * 178 * <h2>uploadMaxFileSize</h2> 179 * 180 * Sets the maximum allowable size for uploaded files. 181 * <p> 182 * If the user attempts to upload a file which is larger than this, then the data <i>is</i> 183 * transmitted from the browser to the server (this cannot be prevented with standard HTML 184 * functionality). However the file will not be saved in memory or on disk. An error message 185 * will be added to the standard JSF error messages, and the page re-rendered (as for a 186 * validation failure). 187 * </p> 188 * <p> 189 * The default value is 100 Megabytes. 190 * </p> 191 * 192 * <h2>uploadThresholdSize</h2> 193 * 194 * Sets the size threshold beyond which files are written directly to disk. Files which are 195 * smaller than this are simply held in memory. The default is 1 Megabyte. 196 * 197 * <h2>uploadRepositoryPath</h2> 198 * 199 * Sets the directory in which temporary files (ie caches for those uploaded files that 200 * are larger than uploadThresholdSize) are to be stored. 201 * 202 * <h2>uploadMaxSize</h2> 203 * 204 * Sets the maximum allowable size for the current request. If not set, its value is the 205 * value set on uploadMaxFileSize param. 206 * 207 * <h2>cacheFileSizeErrors</h2> 208 * 209 * Catch and swallow FileSizeLimitExceededExceptions in order to return as 210 * many usable items as possible. 211 * 212 */ 213 public void init(FilterConfig filterConfig) { 214 // Note that the code here to extract FileUpload configuration params is not actually used. 215 // The handling of multipart requests was moved from this Filter into a custom FacesContext 216 // (TomahawkFacesContextWrapper) so that Portlets could be supported (Portlets cannot use 217 // servlet filters). 218 // 219 // For backwards compatibility, the TomahawkFacesContextWrapper class *parses* the 220 // web.xml to retrieve these same filter config params. That is IMO seriously ugly 221 // and hopefully will be fixed. 222 223 String param = filterConfig.getInitParameter("uploadMaxFileSize"); 224 225 _uploadMaxFileSize = resolveSize(param, _uploadMaxFileSize); 226 227 param = filterConfig.getInitParameter("uploadMaxSize"); 228 229 if (param != null) 230 { 231 _uploadMaxSize = resolveSize(param, _uploadMaxSize); 232 } 233 else 234 { 235 //If not set, default to uploadMaxFileSize 236 _uploadMaxSize = resolveSize(param, _uploadMaxFileSize); 237 } 238 239 param = filterConfig.getInitParameter("uploadThresholdSize"); 240 241 _uploadThresholdSize = resolveSize(param, _uploadThresholdSize); 242 243 _uploadRepositoryPath = filterConfig.getInitParameter("uploadRepositoryPath"); 244 245 _cacheFileSizeErrors = getBooleanValue(filterConfig.getInitParameter("cacheFileSizeErrors"), false); 246 247 _servletContext = filterConfig.getServletContext(); 248 } 249 250 private int resolveSize(String param, int defaultValue) { 251 int numberParam = defaultValue; 252 253 if (param != null) { 254 param = param.toLowerCase(); 255 int factor = 1; 256 String number = param; 257 258 if (param.endsWith("g")) { 259 factor = 1024 * 1024 * 1024; 260 number = param.substring(0, param.length() - 1); 261 } else if (param.endsWith("m")) { 262 factor = 1024 * 1024; 263 number = param.substring(0, param.length() - 1); 264 } else if (param.endsWith("k")) { 265 factor = 1024; 266 number = param.substring(0, param.length() - 1); 267 } 268 269 numberParam = Integer.parseInt(number) * factor; 270 } 271 return numberParam; 272 } 273 274 private static boolean getBooleanValue(String initParameter, boolean defaultVal) 275 { 276 if(initParameter == null || initParameter.trim().length()==0) 277 return defaultVal; 278 279 return (initParameter.equalsIgnoreCase("on") || initParameter.equals("1") || initParameter.equalsIgnoreCase("true")); 280 } 281 282 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { 283 284 if(request.getAttribute(DOFILTER_CALLED)!=null) 285 { 286 chain.doFilter(request, response); 287 return; 288 } 289 290 request.setAttribute(DOFILTER_CALLED,"true"); 291 292 if (!(response instanceof HttpServletResponse)) { 293 //If this is a portlet request, just continue the chaining 294 chain.doFilter(request, response); 295 return; 296 } 297 298 HttpServletResponse httpResponse = (HttpServletResponse) response; 299 HttpServletRequest httpRequest = (HttpServletRequest) request; 300 301 // Serve resources 302 AddResource addResource; 303 304 try 305 { 306 addResource = AddResourceFactory.getInstance(httpRequest,_servletContext); 307 if( addResource.isResourceUri(_servletContext, httpRequest ) ){ 308 addResource.serveResource(_servletContext, httpRequest, httpResponse); 309 return; 310 } 311 } 312 catch(Throwable th) 313 { 314 log.error("Exception wile retrieving addResource",th); 315 throw new ServletException(th); 316 } 317 318 HttpServletRequest extendedRequest = httpRequest; 319 320 // For multipart/form-data requests 321 // This is done by TomahawkFacesContextWrapper 322 if (ServletFileUpload.isMultipartContent(httpRequest)) { 323 extendedRequest = new MultipartRequestWrapper(httpRequest, _uploadMaxFileSize, 324 _uploadThresholdSize, _uploadRepositoryPath, _uploadMaxSize, _cacheFileSizeErrors); 325 } 326 327 try 328 { 329 if (addResource instanceof AddResource2) 330 { 331 ((AddResource2)addResource).responseStarted(_servletContext, extendedRequest); 332 } 333 else 334 { 335 addResource.responseStarted(); 336 } 337 338 //This case is necessary when is used 339 //org.apache.myfaces.renderkit.html.util.DefaultAddResource 340 //Buffers the output and add to the header the necessary stuff 341 //In other case this is simply ignored (NonBufferingAddResource and 342 //StreamingAddResource), because this not require buffering 343 //and the chaining continues. 344 if (addResource.requiresBuffer()) 345 { 346 ExtensionsResponseWrapper extendedResponse = new ExtensionsResponseWrapper((HttpServletResponse) response); 347 348 // Standard request 349 chain.doFilter(extendedRequest, extendedResponse); 350 351 extendedResponse.finishResponse(); 352 353 // write the javascript stuff for myfaces and headerInfo, if needed 354 HttpServletResponse servletResponse = (HttpServletResponse)response; 355 356 // only parse HTML responses 357 if (extendedResponse.getContentType() != null && isValidContentType(extendedResponse.getContentType())) 358 { 359 addResource.parseResponse(extendedRequest, extendedResponse.toString(), 360 servletResponse); 361 362 addResource.writeMyFacesJavascriptBeforeBodyEnd(extendedRequest, 363 servletResponse); 364 365 if( ! addResource.hasHeaderBeginInfos() ){ 366 // writes the response if no header info is needed 367 addResource.writeResponse(extendedRequest, servletResponse); 368 return; 369 } 370 371 // Some headerInfo has to be added 372 addResource.writeWithFullHeader(extendedRequest, servletResponse); 373 374 // writes the response 375 addResource.writeResponse(extendedRequest, servletResponse); 376 } 377 else 378 { 379 380 byte[] responseArray = extendedResponse.getBytes(); 381 382 if(responseArray.length > 0) 383 { 384 // When not filtering due to not valid content-type, deliver the byte-array instead of a charset-converted string. 385 // Otherwise a binary stream gets corrupted. 386 servletResponse.getOutputStream().write(responseArray); 387 } 388 } 389 } 390 else 391 { 392 chain.doFilter(extendedRequest, response); 393 } 394 } 395 finally 396 { 397 addResource.responseFinished(); 398 } 399 400 //chain.doFilter(extendedRequest, response); 401 } 402 403 public boolean isValidContentType(String contentType) 404 { 405 return contentType.startsWith("text/html") || 406 contentType.startsWith("text/xml") || 407 contentType.startsWith("application/xhtml+xml") || 408 contentType.startsWith("application/xml"); 409 } 410 411 /** 412 * Destroy method for this filter 413 */ 414 public void destroy() { 415 // NoOp 416 } 417 418 419 }