com.adobe.forms.common.servlet.TempStorageProviderServlet Maven / Gradle / Ivy
/*************************************************************************
*
* ADOBE CONFIDENTIAL
* __________________
*
* Copyright 2014 Adobe Systems Incorporated
* All Rights Reserved.
*
* NOTICE: All information contained herein is, and remains
* the property of Adobe Systems Incorporated and its suppliers,
* if any. The intellectual and technical concepts contained
* herein are proprietary to Adobe Systems Incorporated and its
* suppliers and may be covered by U.S. and Foreign Patents,
* patents in process, and are protected by trade secret or copyright law.
* Dissemination of this information or reproduction of this material
* is strictly forbidden unless prior written permission is obtained
* from Adobe Systems Incorporated.
**************************************************************************/
package com.adobe.forms.common.servlet;
import com.adobe.forms.common.service.FormsCommonConfigurationService;
import com.adobe.forms.common.service.FormsException;
import com.adobe.forms.common.utils.FormsConstants;
import com.adobe.forms.common.utils.TempStorageUtils;
import com.day.cq.commons.jcr.JcrUtil;
import org.apache.felix.scr.annotations.*;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.jcr.resource.JcrResourceConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.jcr.Node;
import javax.jcr.Session;
import javax.jcr.security.Privilege;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import java.io.IOException;
import java.net.URI;
@Component
@Service(Servlet.class)
@Properties({
@Property(name = "sling.servlet.resourceTypes", value = {"fd/af/components/guideContainer", "xfaforms/profile"}),
@Property(name = "sling.servlet.methods", value = "POST"),
@Property(name = "service.description", value = "Adaptive Form UUID ACL Creator"),
@Property(name = "sling.servlet.selectors", value = "fd.tempstorageprovider")
})
public class TempStorageProviderServlet extends SlingAllMethodsServlet {
private Logger logger = LoggerFactory.getLogger(TempStorageProviderServlet.class);
@Reference
private SlingRepository repository;
@Reference
private ResourceResolverFactory resourceResolverFactory;
@Reference
private FormsCommonConfigurationService formsCommonConfigurationService;
protected void doPost(SlingHttpServletRequest request,
final SlingHttpServletResponse response)
throws ServletException, IOException {
String uuidPath = request.getParameter("uuidPath");
if(uuidPath != null && uuidPath.length() > 0) {
try {
URI uuidURI = new URI(uuidPath);
//Normalize the path to prevent directory creation at any URL.
String uuidNormalizedPath = uuidURI.normalize().getPath();
Session userSession = request.getResourceResolver().adaptTo(Session.class);
final Session serviceSession = repository.loginService(null, null);
// TODO: form an util function in forms-foundation and refer it everywhere
boolean isAnonymous = request.getAuthType() == null;
// allow creation of directories inside /tmp/fd/af or /tmp/fd/xfaforms only
if(!TempStorageUtils.isPreviewDisabled(formsCommonConfigurationService.getTempStorageConfig(), isAnonymous)){
for (int i = 0; i< FormsConstants.FD_TEMP_PATHS.length; i++) {
if(uuidNormalizedPath.startsWith(FormsConstants.FD_TEMP_PATHS[i])) {
try {
String userFolder = uuidNormalizedPath.substring(uuidNormalizedPath.lastIndexOf('/')+1);
Node userCreationTempNode = serviceSession.getNode(FormsConstants.FD_TEMP_PATHS[i]);
final Node node = JcrUtil.createUniqueNode(userCreationTempNode,userFolder, JcrResourceConstants.NT_SLING_FOLDER, serviceSession);
// set the tmpNode property to true on uuid
node.setProperty("tmpNode", true);
if(isAnonymous) {
node.setProperty(FormsConstants.GUIDE_COMPONENT_TYPE, FormsConstants.ANONYMOUS_TEMP_STORAGE);
}
serviceSession.save();
// get access to usermanager using service session to set the access rules on the uuid folder created
final UserManager userManager = AccessControlUtil.getUserManager(userSession);
/*
* add an entry for current user principal for both read and write. The ACLS are required to enable
* addition of child nodes in case of preview of attached files for Save As Attachment feature
*/
final Authorizable authorizable = userManager.getAuthorizable (userSession.getUserID());
if(authorizable != null){
AccessControlUtil.replaceAccessControlEntry(serviceSession, uuidNormalizedPath, authorizable.getPrincipal(),
new String[]{Privilege.JCR_READ, Privilege.JCR_MODIFY_PROPERTIES, Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_NODE_TYPE_MANAGEMENT},
new String[]{}, new String[]{}, null);
}
} catch (Exception e) {
String errorMsg = "There was an error in uploading attachments";
logger.error(errorMsg, e);
response.setStatus(500);
response.getWriter().write(errorMsg);
throw new FormsException(errorMsg, e);
} finally {
if (serviceSession != null) {
if (serviceSession.hasPendingChanges()) {
serviceSession.save();
}
serviceSession.logout();
}
}
}
}
}
} catch (Exception e) {
String errorMsg = "There was an error in uploading attachments";
logger.error(errorMsg + e.getMessage(), e);
response.setStatus(500);
response.getWriter().write(errorMsg);
throw new FormsException(e);
}
} else {
logger.debug("UUID path is null or its length is 0");
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy