• Home
• org.mycore
• mycore-base
• 2020.08
• source code
• MCRExportServlet.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.mycore.frontend.export.MCRExportServlet Maven / Gradle / Ivy

/*
 * This file is part of ***  M y C o R e  ***
 * See http://www.mycore.de/ for details.
 *
 * MyCoRe is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * MyCoRe is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with MyCoRe.  If not, see .
 */

package org.mycore.frontend.export;

import javax.servlet.http.HttpServletRequest;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.mycore.common.content.MCRContent;
import org.mycore.common.content.transformer.MCRContentTransformer;
import org.mycore.frontend.basket.MCRBasket;
import org.mycore.frontend.basket.MCRBasketManager;
import org.mycore.frontend.servlets.MCRServlet;
import org.mycore.frontend.servlets.MCRServletJob;

/**
 * Provides functionality to export content. 
 * The content to export can be selected by specifying one or more 
 * URIs to read from, or by giving the ID of a basket to export. 
 * The selected content is collected as MCRExportCollection thats
 * root element name can be specified. 
 * The content is then transformed using an MCRContentTransformer instance
 * and forwarded to the requesting client.
 * 
 * Request Parameters:
 *   uri=... 
 *     can be repeated to include content from one or more URIs to read XML from
 *   basket=...
 *     the ID of a basket to read XML from  
 *   root=...
 *     optional, name of the root element that wraps the selected content
 *   ns=...
 *     optional, URI of the namespace of the root element
 *   transformer=...
 *     the ID of the transformer to use to export the selected content.
 *          
 * @see MCRExportCollection
 * @see MCRContentTransformer
 * 
 * @author Frank L\u00FCtzenkirchen
 */
public class MCRExportServlet extends MCRServlet {

    private static final Logger LOGGER = LogManager.getLogger(MCRExportServlet.class);

    /** URIs beginning with these prefixes are forbidden for security reasons */
    private static final String[] FORBIDDEN_URIS = { "file", "webapp", "resource" };

    @Override
    public void doGetPost(MCRServletJob job) throws Exception {
        MCRExportCollection collection = createCollection(job.getRequest());
        fillCollection(job.getRequest(), collection);
        MCRContent content2export = collection.getContent();

        String filename = getProperty(job.getRequest(), "filename");
        if (filename == null) {
            filename = "export-" + System.currentTimeMillis();
        }
        job.getResponse().setHeader("Content-Disposition", "inline;filename=\"" + filename + "\"");

        String transformerID = job.getRequest().getParameter("transformer");
        job.getRequest().setAttribute("XSL.Transformer", transformerID);
        getLayoutService().doLayout(job.getRequest(), job.getResponse(), content2export);
    }

    /**
     * Fills the collection with the XML data requested by URIs or basket ID.
     */
    private void fillCollection(HttpServletRequest req, MCRExportCollection collection) throws Exception {
        String basketID = req.getParameter("basket");
        if (basketID != null) {
            MCRBasket basket = MCRBasketManager.getOrCreateBasketInSession(basketID);
            collection.add(basket);
            LOGGER.info("exporting basket {} via {}", basketID, req.getParameter("transformer"));
        }

        if (req.getParameter("uri") != null) {
            for (String uri : req.getParameterValues("uri")) {
                if (isAllowed(uri)) {
                    collection.add(uri);
                    LOGGER.info("exporting {} via {}", uri, req.getParameter("transformer"));
                }
            }
        }
    }

    private boolean isAllowed(String uri) {
        for (String prefix : FORBIDDEN_URIS) {
            if (uri.startsWith(prefix)) {
                LOGGER.warn("URI {} is not allowed for security reasons", uri);
                return false;
            }
        }
        return true;
    }

    /**
     * Creates a new, empty MCRExportCollection, optionally with the requested root element name and namespace.
     */
    private MCRExportCollection createCollection(HttpServletRequest req) {
        MCRExportCollection collection = new MCRExportCollection();
        String root = req.getParameter("root");
        String ns = req.getParameter("ns");
        if (!((root == null) || root.isEmpty())) {
            collection.setRootElement(root, ns);
        }
        return collection;
    }
}