PostAvatarServlet.java
/*
* Copyright (c) 2002-2016, Mairie de Paris
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright notice
* and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice
* and the following disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* License 1.0
*/
package fr.paris.lutece.plugins.avatarserver.web;
import fr.paris.lutece.plugins.avatarserver.business.Avatar;
import fr.paris.lutece.plugins.avatarserver.business.AvatarHome;
import fr.paris.lutece.plugins.avatarserver.service.AvatarService;
import fr.paris.lutece.plugins.avatarserver.service.HashService;
import fr.paris.lutece.plugins.avatarserver.service.HttpUtils;
import fr.paris.lutece.portal.service.security.LuteceUser;
import fr.paris.lutece.portal.service.security.SecurityService;
import fr.paris.lutece.portal.service.security.UserNotSignedException;
import fr.paris.lutece.portal.service.util.AppLogService;
import fr.paris.lutece.portal.service.util.AppPropertiesService;
import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
import fr.paris.lutece.util.http.MultipartUtil;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringUtils;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* PostAvatar Servlet.
* This servlet let upload an avatar for the current connected user
*/
public class PostAvatarServlet extends HttpServlet
{
private static final String PARAMETER_IMAGE = "image";
private static final String PARAMETER_RETURN_URL = "return_url";
private static final String PROPERTY_AUTHORIZED_DOMAINS = "avatarserver.post_servlet.authorized_domains";
private static final String PROPERTY_ACCESS_CONTROL_METHODS = "avatarserver.post_servlet.access_control.methods";
private static final String PROPERTY_ACCESS_CONTROL_CREDENTIALS = "avatarserver.post_servlet.access_control.credentials";
private static final String PROPERTY_SIZE_MAX = "avatarserver.post_servlet.size.max";
private static final String PROPERTY_SIZE_THRESHOLD = "avatarserver.post_servlet.size.threshold";
private static final String ACCESS_CONTROL_METHODS = AppPropertiesService.getProperty( PROPERTY_ACCESS_CONTROL_METHODS );
private static final String ACCESS_CONTROL_CREDENTIALS = AppPropertiesService.getProperty( PROPERTY_ACCESS_CONTROL_CREDENTIALS );
private static int _nRequestSizeMax = AppPropertiesService.getPropertyInt( PROPERTY_SIZE_MAX, -1 );
private static int _nSizeThreshold = AppPropertiesService.getPropertyInt( PROPERTY_SIZE_THRESHOLD, -1 );
private static final long serialVersionUID = 1L;
/**
* {@inheritDoc }
*/
@Override
protected void doGet( HttpServletRequest req, HttpServletResponse resp ) throws ServletException, IOException
{
ServletOutputStream out = resp.getOutputStream( );
out.println( "Only POST is allowed" );
out.flush( );
out.close( );
}
/**
* {@inheritDoc }
*/
@Override
protected void doPost( HttpServletRequest request, HttpServletResponse response ) throws ServletException, IOException
{
ServletOutputStream out = response.getOutputStream( );
try
{
MultipartHttpServletRequest multiPartRequest = MultipartUtil.convert( _nSizeThreshold, _nRequestSizeMax, true, request );
FileItem imageSource = multiPartRequest.getFile( PARAMETER_IMAGE );
String strReturnUrl = multiPartRequest.getParameter( PARAMETER_RETURN_URL );
LuteceUser user = null;
if ( SecurityService.isAuthenticationEnable() ) {
user = SecurityService.getInstance( ).getRemoteUser( request );
}
if ( user != null )
{
String strEmail = user.getEmail( );
String strHash = HashService.getHash( strEmail );
Avatar avatar = AvatarHome.findByHash( strHash );
boolean bCreate = false;
String strAuthorizedDomains = AppPropertiesService.getProperty( PROPERTY_AUTHORIZED_DOMAINS );
String strOriginDomain = HttpUtils.getHeaderOrigin( request );
if( StringUtils.isNotEmpty( strOriginDomain ) ) {
HttpUtils.setAccessControlHeaders( response , ACCESS_CONTROL_METHODS , strOriginDomain , ACCESS_CONTROL_CREDENTIALS );
}
if( StringUtils.isEmpty( strOriginDomain ) || HttpUtils.isValidDomain( strOriginDomain, strAuthorizedDomains ))
{
if ( avatar == null )
{
avatar = new Avatar( );
bCreate = true;
}
avatar.setEmail( strEmail );
avatar.setHash( strHash );
avatar.setValue( imageSource.get( ) );
avatar.setMimeType( imageSource.getContentType( ) );
if ( bCreate )
{
AvatarService.create( avatar );
}
else
{
AvatarService.update( avatar );
}
out.println( "Avatar successfully posted!" );
if( strReturnUrl != null )
{
response.sendRedirect( strReturnUrl );
}
}
else
{
out.println( "Request sent from an unauthorized domain : " + strOriginDomain );
AppLogService.info( "AvatarServer : request sent from an unauthorized domain : " + strOriginDomain );
response.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
}
}
else
{
out.println( "User not signed!" );
response.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
}
}
catch( FileUploadException ex )
{
out.println( "Error uploading avatar : " + ex.getMessage( ) );
AppLogService.error( "AvatarServer : Error uploading avatar : " + ex.getMessage( ), ex );
response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
}
catch( UserNotSignedException ex )
{
out.println( "Error uploading avatar : User not signed" );
response.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
}
finally
{
out.flush( );
out.close( );
}
}
}