plugins/solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java - ofbiz - Git at Google

 /*******************************************************************************
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  *******************************************************************************/
 package org.apache.ofbiz.solr.webapp;

 import java.io.IOException;
 import java.io.OutputStream;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.HashMap;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Properties;

 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;

 import org.apache.solr.common.SolrException;
 import org.apache.solr.core.CoreContainer;
 import org.apache.solr.core.NodeConfig;
 import org.apache.solr.servlet.SolrDispatchFilter;
 import org.apache.ofbiz.base.conversion.ConversionException;
 import org.apache.ofbiz.base.conversion.JSONConverters.MapToJSON;
 import org.apache.ofbiz.base.lang.JSON;
 import org.apache.ofbiz.base.util.Debug;
 import org.apache.ofbiz.base.util.UtilHttp;
 import org.apache.ofbiz.base.util.UtilMisc;
 import org.apache.ofbiz.base.util.UtilProperties;
 import org.apache.ofbiz.base.util.UtilTimer;
 import org.apache.ofbiz.base.util.UtilValidate;
 import org.apache.ofbiz.entity.GenericValue;
 import org.apache.ofbiz.webapp.control.LoginWorker;

 /**
  * OFBizSolrContextFilter - Restricts access to solr urls.
  */
 public class OFBizSolrContextFilter extends SolrDispatchFilter {

     public static final String module = OFBizSolrContextFilter.class.getName();

     private static final String resource = "SolrUiLabels";

     /**
      * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
      */
     public void init(FilterConfig config) throws ServletException {
         super.init(config);
     }

     /**
      * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
      */
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
         HttpServletRequest httpRequest = (HttpServletRequest) request;
         HttpServletResponse httpResponse = (HttpServletResponse) response;
         Locale locale = UtilHttp.getLocale(httpRequest);

         // check if the request is from an authorized user
         String servletPath = httpRequest.getServletPath();
         if (UtilValidate.isNotEmpty(servletPath) && (servletPath.startsWith("/admin/") || servletPath.endsWith("/update")
                 || servletPath.endsWith("/update/json") || servletPath.endsWith("/update/csv") || servletPath.endsWith("/update/extract")
                 || servletPath.endsWith("/replication") || servletPath.endsWith("/file") || servletPath.endsWith("/file/"))) {
             HttpSession session = httpRequest.getSession();
             GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
             if (servletPath.startsWith("/admin/") && (UtilValidate.isEmpty(userLogin) || !LoginWorker.hasBasePermission(userLogin, httpRequest))) {
                 response.setContentType("application/json");
                 MapToJSON mapToJson = new MapToJSON();
                 JSON json;
                 OutputStream os = null;
                 try {
                     json = mapToJson.convert(UtilMisc.toMap("ofbizLogin", (Object) "true"));
                     os = response.getOutputStream();
                     os.write(json.toString().getBytes());
                     os.flush();
                     String message = "";
                     if (UtilValidate.isEmpty(userLogin)) {
                         message = UtilProperties.getMessage(resource, "SolrErrorManageLoginFirst", locale);
                     } else {
                         message = UtilProperties.getMessage(resource, "SolrErrorNoManagePermission", locale);
                     }
                     Debug.logInfo("[" + httpRequest.getRequestURI().substring(1) + "(Domain:" + request.getScheme() + "://" + request.getServerName() + ")] Request error: " + message, module);
                 } catch (ConversionException e) {
                     Debug.logError("Error while converting Solr ofbizLogin map to JSON.", module);
                 } finally {
                     if (os != null) {
                         os.close();
                     }
                 }
                 return;
             } else if (servletPath.endsWith("/update") || servletPath.endsWith("/update/json") || servletPath.endsWith("/update/csv") || servletPath.endsWith("/update/extract")) {
                 // NOTE: the update requests are defined in an index's solrconfig.xml
                 // get the Solr index name from the request
                 if (UtilValidate.isEmpty(userLogin) || !LoginWorker.hasBasePermission(userLogin, httpRequest)) {
                 	sendJsonHeaderMessage(httpRequest, httpResponse, userLogin, "SolrErrorUpdateLoginFirst", "SolrErrorNoUpdatePermission", locale);
                     return;
                 }
             } else if (servletPath.endsWith("/replication")) {
                 // get the Solr index name from the request
                 if (UtilValidate.isEmpty(userLogin) || !LoginWorker.hasBasePermission(userLogin, httpRequest)) {
                 	sendJsonHeaderMessage(httpRequest, httpResponse, userLogin, "SolrErrorReplicateLoginFirst", "SolrErrorNoReplicatePermission", locale);
                     return;
                 }
             } else if (servletPath.endsWith("/file") || servletPath.endsWith("/file/")) {
                 // get the Solr index name from the request
                 if (UtilValidate.isEmpty(userLogin) || !LoginWorker.hasBasePermission(userLogin, httpRequest)) {
                 	sendJsonHeaderMessage(httpRequest, httpResponse, userLogin, "SolrErrorViewFileLoginFirst", "SolrErrorNoViewFilePermission", locale);
                     return;
                 }
             }
         }

         String charset = request.getCharacterEncoding();
         String rname = null;
         if (httpRequest.getRequestURI() != null) {
             rname = httpRequest.getRequestURI().substring(1);
         }
         if (rname != null && (rname.endsWith(".css") || rname.endsWith(".js") || rname.endsWith(".ico") || rname.endsWith(".html") || rname.endsWith(".png") || rname.endsWith(".jpg") || rname.endsWith(".gif"))) {
             rname = null;
         }
         UtilTimer timer = null;
         if (Debug.timingOn() && rname != null) {
             timer = new UtilTimer();
             timer.setLog(true);
             timer.timerString("[" + rname + "(Domain:" + request.getScheme() + "://" + request.getServerName() + ")] Request Begun, encoding=[" + charset + "]", module);
         }
         // NOTE: there's a chain.doFilter in SolrDispatchFilter's doFilter
         super.doFilter(request, response, chain);
         if (Debug.timingOn() && rname != null) timer.timerString("[" + rname + "(Domain:" + request.getScheme() + "://" + request.getServerName() + ")] Request Done", module);
     }

     /**
      * @see javax.servlet.Filter#destroy()
      */
     public void destroy() {
         super.destroy();
     }

     /**
      * Override this to change CoreContainer initialization
      * @return a CoreContainer to hold this server's cores
      */
     protected CoreContainer createCoreContainer(Path solrHome, Properties extraProperties) {
         NodeConfig nodeConfig = null;
         try {
             nodeConfig = loadNodeConfig(solrHome, extraProperties);
         } catch (SolrException e) {
 //            nodeConfig = loadNodeConfig("plugins/solr/home", extraProperties);
             Path path = Paths.get("plugins/solr/home");
 			nodeConfig = loadNodeConfig(path, extraProperties);
         }
         cores = new CoreContainer(nodeConfig, extraProperties, true);
         cores.load();
         return cores;
     }

     private void sendJsonHeaderMessage(HttpServletRequest httpRequest, HttpServletResponse httpResponse, GenericValue userLogin, String notLoginMessage, String noPermissionMessage, Locale locale) throws IOException {
         httpResponse.setContentType("application/json");
         MapToJSON mapToJson = new MapToJSON();
         Map<String, Object> responseHeader = new HashMap<String, Object>();
         JSON json;
         String message = "";
         OutputStream os = null;

         try {
             os = httpResponse.getOutputStream();
             if (UtilValidate.isEmpty(userLogin)) {
                 httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                 responseHeader.put("status", HttpServletResponse.SC_UNAUTHORIZED);
                 message = UtilProperties.getMessage(resource, notLoginMessage, locale);
                 responseHeader.put("message", message);
             } else {
                 httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
                 responseHeader.put("status", HttpServletResponse.SC_FORBIDDEN);
                 message = UtilProperties.getMessage(resource, noPermissionMessage, locale);
                 responseHeader.put("message", message);
             }
             json = mapToJson.convert(UtilMisc.toMap("responseHeader", (Object) responseHeader));
             os.write(json.toString().getBytes());
             os.flush();
             Debug.logInfo("[" + httpRequest.getRequestURI().substring(1) + "(Domain:" + httpRequest.getScheme() + "://" + httpRequest.getServerName() + ")] Request error: " + message, module);
         } catch (ConversionException e) {
             Debug.logError("Error while converting responseHeader map to JSON.", module);
         } finally {
             if (os != null) {
                 os.close();
             }
         }
     }
 }
	/*******************************************************************************
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*******************************************************************************/
	package org.apache.ofbiz.solr.webapp;

	import java.io.IOException;
	import java.io.OutputStream;
	import java.nio.file.Path;
	import java.nio.file.Paths;
	import java.util.HashMap;
	import java.util.Locale;
	import java.util.Map;
	import java.util.Properties;

	import javax.servlet.FilterChain;
	import javax.servlet.FilterConfig;
	import javax.servlet.ServletException;
	import javax.servlet.ServletRequest;
	import javax.servlet.ServletResponse;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import javax.servlet.http.HttpSession;

	import org.apache.solr.common.SolrException;
	import org.apache.solr.core.CoreContainer;
	import org.apache.solr.core.NodeConfig;
	import org.apache.solr.servlet.SolrDispatchFilter;
	import org.apache.ofbiz.base.conversion.ConversionException;
	import org.apache.ofbiz.base.conversion.JSONConverters.MapToJSON;
	import org.apache.ofbiz.base.lang.JSON;
	import org.apache.ofbiz.base.util.Debug;
	import org.apache.ofbiz.base.util.UtilHttp;
	import org.apache.ofbiz.base.util.UtilMisc;
	import org.apache.ofbiz.base.util.UtilProperties;
	import org.apache.ofbiz.base.util.UtilTimer;
	import org.apache.ofbiz.base.util.UtilValidate;
	import org.apache.ofbiz.entity.GenericValue;
	import org.apache.ofbiz.webapp.control.LoginWorker;

	/**
	* OFBizSolrContextFilter - Restricts access to solr urls.
	*/
	public class OFBizSolrContextFilter extends SolrDispatchFilter {

	public static final String module = OFBizSolrContextFilter.class.getName();

	private static final String resource = "SolrUiLabels";

	/**
	* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
	*/
	public void init(FilterConfig config) throws ServletException {
	super.init(config);
	}

	/**
	* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
	*/
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
	HttpServletRequest httpRequest = (HttpServletRequest) request;
	HttpServletResponse httpResponse = (HttpServletResponse) response;
	Locale locale = UtilHttp.getLocale(httpRequest);

	// check if the request is from an authorized user
	String servletPath = httpRequest.getServletPath();
	if (UtilValidate.isNotEmpty(servletPath) && (servletPath.startsWith("/admin/") \|\| servletPath.endsWith("/update")
	\|\| servletPath.endsWith("/update/json") \|\| servletPath.endsWith("/update/csv") \|\| servletPath.endsWith("/update/extract")
	\|\| servletPath.endsWith("/replication") \|\| servletPath.endsWith("/file") \|\| servletPath.endsWith("/file/"))) {
	HttpSession session = httpRequest.getSession();
	GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
	if (servletPath.startsWith("/admin/") && (UtilValidate.isEmpty(userLogin) \|\| !LoginWorker.hasBasePermission(userLogin, httpRequest))) {
	response.setContentType("application/json");
	MapToJSON mapToJson = new MapToJSON();
	JSON json;
	OutputStream os = null;
	try {
	json = mapToJson.convert(UtilMisc.toMap("ofbizLogin", (Object) "true"));
	os = response.getOutputStream();
	os.write(json.toString().getBytes());
	os.flush();
	String message = "";
	if (UtilValidate.isEmpty(userLogin)) {
	message = UtilProperties.getMessage(resource, "SolrErrorManageLoginFirst", locale);
	} else {
	message = UtilProperties.getMessage(resource, "SolrErrorNoManagePermission", locale);
	}
	Debug.logInfo("[" + httpRequest.getRequestURI().substring(1) + "(Domain:" + request.getScheme() + "://" + request.getServerName() + ")] Request error: " + message, module);
	} catch (ConversionException e) {
	Debug.logError("Error while converting Solr ofbizLogin map to JSON.", module);
	} finally {
	if (os != null) {
	os.close();
	}
	}
	return;
	} else if (servletPath.endsWith("/update") \|\| servletPath.endsWith("/update/json") \|\| servletPath.endsWith("/update/csv") \|\| servletPath.endsWith("/update/extract")) {
	// NOTE: the update requests are defined in an index's solrconfig.xml
	// get the Solr index name from the request
	if (UtilValidate.isEmpty(userLogin) \|\| !LoginWorker.hasBasePermission(userLogin, httpRequest)) {
	sendJsonHeaderMessage(httpRequest, httpResponse, userLogin, "SolrErrorUpdateLoginFirst", "SolrErrorNoUpdatePermission", locale);
	return;
	}
	} else if (servletPath.endsWith("/replication")) {
	// get the Solr index name from the request
	if (UtilValidate.isEmpty(userLogin) \|\| !LoginWorker.hasBasePermission(userLogin, httpRequest)) {
	sendJsonHeaderMessage(httpRequest, httpResponse, userLogin, "SolrErrorReplicateLoginFirst", "SolrErrorNoReplicatePermission", locale);
	return;
	}
	} else if (servletPath.endsWith("/file") \|\| servletPath.endsWith("/file/")) {
	// get the Solr index name from the request
	if (UtilValidate.isEmpty(userLogin) \|\| !LoginWorker.hasBasePermission(userLogin, httpRequest)) {
	sendJsonHeaderMessage(httpRequest, httpResponse, userLogin, "SolrErrorViewFileLoginFirst", "SolrErrorNoViewFilePermission", locale);
	return;
	}
	}
	}

	String charset = request.getCharacterEncoding();
	String rname = null;
	if (httpRequest.getRequestURI() != null) {
	rname = httpRequest.getRequestURI().substring(1);
	}
	if (rname != null && (rname.endsWith(".css") \|\| rname.endsWith(".js") \|\| rname.endsWith(".ico") \|\| rname.endsWith(".html") \|\| rname.endsWith(".png") \|\| rname.endsWith(".jpg") \|\| rname.endsWith(".gif"))) {
	rname = null;
	}
	UtilTimer timer = null;
	if (Debug.timingOn() && rname != null) {
	timer = new UtilTimer();
	timer.setLog(true);
	timer.timerString("[" + rname + "(Domain:" + request.getScheme() + "://" + request.getServerName() + ")] Request Begun, encoding=[" + charset + "]", module);
	}
	// NOTE: there's a chain.doFilter in SolrDispatchFilter's doFilter
	super.doFilter(request, response, chain);
	if (Debug.timingOn() && rname != null) timer.timerString("[" + rname + "(Domain:" + request.getScheme() + "://" + request.getServerName() + ")] Request Done", module);
	}

	/**
	* @see javax.servlet.Filter#destroy()
	*/
	public void destroy() {
	super.destroy();
	}

	/**
	* Override this to change CoreContainer initialization
	* @return a CoreContainer to hold this server's cores
	*/
	protected CoreContainer createCoreContainer(Path solrHome, Properties extraProperties) {
	NodeConfig nodeConfig = null;
	try {
	nodeConfig = loadNodeConfig(solrHome, extraProperties);
	} catch (SolrException e) {
	// nodeConfig = loadNodeConfig("plugins/solr/home", extraProperties);
	Path path = Paths.get("plugins/solr/home");
	nodeConfig = loadNodeConfig(path, extraProperties);
	}
	cores = new CoreContainer(nodeConfig, extraProperties, true);
	cores.load();
	return cores;
	}

	private void sendJsonHeaderMessage(HttpServletRequest httpRequest, HttpServletResponse httpResponse, GenericValue userLogin, String notLoginMessage, String noPermissionMessage, Locale locale) throws IOException {
	httpResponse.setContentType("application/json");
	MapToJSON mapToJson = new MapToJSON();
	Map<String, Object> responseHeader = new HashMap<String, Object>();
	JSON json;
	String message = "";
	OutputStream os = null;

	try {
	os = httpResponse.getOutputStream();
	if (UtilValidate.isEmpty(userLogin)) {
	httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
	responseHeader.put("status", HttpServletResponse.SC_UNAUTHORIZED);
	message = UtilProperties.getMessage(resource, notLoginMessage, locale);
	responseHeader.put("message", message);
	} else {
	httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
	responseHeader.put("status", HttpServletResponse.SC_FORBIDDEN);
	message = UtilProperties.getMessage(resource, noPermissionMessage, locale);
	responseHeader.put("message", message);
	}
	json = mapToJson.convert(UtilMisc.toMap("responseHeader", (Object) responseHeader));
	os.write(json.toString().getBytes());
	os.flush();
	Debug.logInfo("[" + httpRequest.getRequestURI().substring(1) + "(Domain:" + httpRequest.getScheme() + "://" + httpRequest.getServerName() + ")] Request error: " + message, module);
	} catch (ConversionException e) {
	Debug.logError("Error while converting responseHeader map to JSON.", module);
	} finally {
	if (os != null) {
	os.close();
	}
	}
	}
	}