Coverage Report - org.kuali.rice.kew.notes.web.AttachmentServlet
 
Classes in this File Line Coverage Branch Coverage Complexity
AttachmentServlet
0%
0/56
0%
0/22
10
 
 1   
 /**
 2   
  * Copyright 2005-2011 The Kuali Foundation
 3   
  *
 4   
  * Licensed under the Educational Community License, Version 2.0 (the "License");
 5   
  * you may not use this file except in compliance with the License.
 6   
  * You may obtain a copy of the License at
 7   
  *
 8   
  * http://www.opensource.org/licenses/ecl2.php
 9   
  *
 10   
  * Unless required by applicable law or agreed to in writing, software
 11   
  * distributed under the License is distributed on an "AS IS" BASIS,
 12   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13   
  * See the License for the specific language governing permissions and
 14   
  * limitations under the License.
 15   
  */
 16   
 package org.kuali.rice.kew.notes.web;
 17   
 
 18   
 import org.apache.log4j.Logger;
 19   
 import org.kuali.rice.core.framework.services.CoreFrameworkServiceLocator;
 20   
 import org.kuali.rice.kew.api.WorkflowRuntimeException;
 21   
 import org.kuali.rice.kew.doctype.SecuritySession;
 22   
 import org.kuali.rice.kew.notes.Attachment;
 23   
 import org.kuali.rice.kew.notes.service.NoteService;
 24   
 import org.kuali.rice.kew.routeheader.DocumentRouteHeaderValue;
 25   
 import org.kuali.rice.kew.service.KEWServiceLocator;
 26   
 import org.kuali.rice.kew.api.KewApiConstants;
 27   
 import org.kuali.rice.krad.UserSession;
 28   
 import org.kuali.rice.krad.util.KRADConstants;
 29   
 
 30   
 import javax.servlet.ServletException;
 31   
 import javax.servlet.http.HttpServlet;
 32   
 import javax.servlet.http.HttpServletRequest;
 33   
 import javax.servlet.http.HttpServletResponse;
 34   
 import java.io.BufferedInputStream;
 35   
 import java.io.BufferedOutputStream;
 36   
 import java.io.File;
 37   
 import java.io.FileInputStream;
 38   
 import java.io.IOException;
 39   
 import java.io.OutputStream;
 40   
 
 41   
 
 42   
 
 43   
 
 44   
 /**
 45   
  * A servlet which can be used to retrieve attachments from Notes.
 46   
  *
 47   
  * @author Kuali Rice Team (rice.collab@kuali.org)
 48   
  */
 49  0 
 public class AttachmentServlet extends HttpServlet {
 50   
 
 51   
         private static final long serialVersionUID = -1918858512573502697L;
 52   
         public static final String ATTACHMENT_ID_KEY = "attachmentId";
 53   
 
 54   
         // TODO This should probably be put into KewApiConstants when contributed back
 55   
         // to Rice 1.0.3
 56  0 
         private static final Logger LOG = Logger.getLogger(AttachmentServlet.class);
 57   
 
 58   
         @Override
 59   
         protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 60  0 
                 String attachmentId = request.getParameter(ATTACHMENT_ID_KEY);
 61  0 
                 if (attachmentId == null) {
 62  0 
                         throw new ServletException("No 'attachmentId' was specified.");
 63   
                 }
 64   
 
 65  0 
                 boolean secureChecks = false;
 66  0 
                 String secureAttachmentsParam = null;
 67   
                 try {
 68  0 
                         secureAttachmentsParam = CoreFrameworkServiceLocator.getParameterService().getParameterValueAsString(KewApiConstants.KEW_NAMESPACE, "All", KewApiConstants.SECURE_ATTACHMENTS_PARAM);
 69  0 
                 } catch (Exception e) {
 70  0 
                         LOG.info("Attempted to retrieve parameter value, but could not. Defaulting to unsecured attachment retrieval. " + e.getMessage());
 71  0 
                 }
 72  0 
                 if (secureAttachmentsParam != null && secureAttachmentsParam.equals("Y")) {
 73  0 
                         secureChecks = true;
 74   
                 }
 75   
                 try {
 76  0 
                         UserSession userSession = (UserSession) request.getSession().getAttribute(KRADConstants.USER_SESSION_KEY);
 77  0 
                         if (userSession != null) {// If we can get a valid userSession object off the Http request...
 78   
 
 79  0 
                                 NoteService noteService = KEWServiceLocator.getNoteService();
 80  0 
                                 Attachment attachment = noteService.findAttachment(attachmentId);
 81  0 
                                 File file = noteService.findAttachmentFile(attachment);
 82   
 
 83  0 
                                 DocumentRouteHeaderValue routeHeader = KEWServiceLocator.getRouteHeaderService().getRouteHeader(noteService.getNoteByNoteId(attachment.getNoteId()).getDocumentId());
 84   
 
 85  0 
                                 if(!secureChecks || routeHeader != null){// If we can get a valid routeHeader based on the requested attachment ID
 86  0 
                                         boolean authorized = KEWServiceLocator.getDocumentSecurityService().routeLogAuthorized(userSession.getPrincipalId(), routeHeader, new SecuritySession(userSession.getPrincipalId()));
 87  0 
                     boolean customAttributeAuthorized = false;
 88  0 
                     if(routeHeader.getCustomNoteAttribute() != null){
 89  0 
                         routeHeader.getCustomNoteAttribute().setUserSession(userSession);
 90  0 
                         customAttributeAuthorized = routeHeader.getCustomNoteAttribute().isAuthorizedToRetrieveAttachments();
 91   
                     }
 92  0 
                     if(!secureChecks || (authorized && customAttributeAuthorized)){//If this user can see this document, they can get the attachment(s)
 93  0 
                             response.setContentLength((int)file.length());
 94  0 
                                                 response.setContentType(attachment.getMimeType());
 95  0 
                                                 response.setHeader("Content-disposition", "attachment; filename="+attachment.getFileName());
 96  0 
                                                 FileInputStream attachmentFile = new FileInputStream(file);
 97  0 
                                                 BufferedInputStream inputStream = new BufferedInputStream(attachmentFile);
 98  0 
                                                 OutputStream outputStream = new BufferedOutputStream(response.getOutputStream());
 99   
 
 100   
                                                 try {
 101   
                                                         int c;
 102  0 
                                                         while ((c = inputStream.read()) != -1) {
 103  0 
                                                                 outputStream.write(c);
 104   
                                                         }
 105   
                                                 } finally {
 106  0 
                                                         inputStream.close();
 107  0 
                                                 }
 108  0 
                                                 outputStream.close();
 109  0 
                                         } else {// Throw a forbidden page back, they were not approved by DocumentSecurityService
 110  0 
                                                 LOG.error("Attempt to access attachmentId:"+ attachmentId + " from documentId:" + routeHeader.getDocumentId() + " from unauthorized user: " + userSession.getPrincipalId());
 111  0 
                                                 response.sendError(HttpServletResponse.SC_FORBIDDEN);
 112  0 
                                                 return;
 113   
                                         }
 114  0 
                                 } else {// Throw a not found, couldn't get a valid routeHeader
 115  0 
                                         LOG.error("Caught Null Pointer trying to determine routeHeader for requested attachmentId:" + attachmentId);
 116  0 
                                         response.sendError(HttpServletResponse.SC_NOT_FOUND);
 117  0 
                                         return;
 118   
                                 }
 119  0 
                         } else {// Throw a bad request, we couldn't find a valid user session
 120  0 
                                 LOG.error("Attempt to access attachmentId:" + attachmentId + " with invalid UserSession");
 121  0 
                                 response.sendError(HttpServletResponse.SC_BAD_REQUEST);
 122  0 
                                 return;
 123   
                         }
 124  0 
                 } catch (Exception e) {// Catch any error, log it. Send a not found, and throw up the exception.
 125  0 
                         LOG.error("Problem retrieving requested attachmentId:" + attachmentId, e);
 126  0 
                         throw new WorkflowRuntimeException(e);
 127  0 
                 }
 128  0 
         }
 129   
         @Override
 130   
         protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 131  0 
                 doPost(request, response);
 132  0 
         }
 133   
 
 134   
 }
Report generated by Cobertura 1.9.4.1 on 11/9/11 10:56 PM.