solr/core/src/java/org/apache/solr/servlet/LoadAdminUiServlet.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.solr.servlet;

import org.apache.commons.io.IOUtils;
import org.apache.commons.io.output.CloseShieldOutputStream;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.apache.solr.common.params.CommonParams;
import org.apache.solr.core.CoreContainer;
import org.apache.solr.core.SolrCore;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.nio.charset.StandardCharsets;

/**
 * A simple servlet to load the Solr Admin UI
 * 
 * @since solr 4.0
 */
public final class LoadAdminUiServlet extends BaseSolrServlet {

  @Override
  public void doGet(HttpServletRequest _request,
                    HttpServletResponse _response)
      throws IOException {
    HttpServletRequest request = SolrDispatchFilter.closeShield(_request, false);
    HttpServletResponse response = SolrDispatchFilter.closeShield(_response, false);
    
    response.addHeader("X-Frame-Options", "DENY"); // security: SOLR-7966 - avoid clickjacking for admin interface

    // This attribute is set by the SolrDispatchFilter
    String admin = request.getRequestURI().substring(request.getContextPath().length());
    CoreContainer cores = (CoreContainer) request.getAttribute("org.apache.solr.CoreContainer");
    InputStream in = getServletContext().getResourceAsStream(admin);
    Writer out = null;
    if(in != null && cores != null) {
      try {
        response.setCharacterEncoding("UTF-8");
        response.setContentType("text/html");

        // We have to close this to flush OutputStreamWriter buffer
        out = new OutputStreamWriter(new CloseShieldOutputStream(response.getOutputStream()), StandardCharsets.UTF_8);

        String html = IOUtils.toString(in, "UTF-8");
        Package pack = SolrCore.class.getPackage();

        String[] search = new String[] { 
            "${contextPath}", 
            "${adminPath}",
            "${version}" 
        };
        String[] replace = new String[] {
            StringEscapeUtils.escapeEcmaScript(request.getContextPath()),
            StringEscapeUtils.escapeEcmaScript(CommonParams.CORES_HANDLER_PATH),
            StringEscapeUtils.escapeEcmaScript(pack.getSpecificationVersion())
        };
        
        out.write( StringUtils.replaceEach(html, search, replace) );
      } finally {
        IOUtils.closeQuietly(in);
        IOUtils.closeQuietly(out);
      }
    } else {
      response.sendError(404);
    }
  }

}