*/
package gr.ebs.gss.server.rest;
+import static gr.ebs.gss.server.configuration.GSSConfigurationFactory.getConfiguration;
import gr.ebs.gss.client.exceptions.DuplicateNameException;
import gr.ebs.gss.client.exceptions.GSSIOException;
import gr.ebs.gss.client.exceptions.InsufficientPermissionsException;
import gr.ebs.gss.client.exceptions.ObjectNotFoundException;
import gr.ebs.gss.client.exceptions.QuotaExceededException;
import gr.ebs.gss.client.exceptions.RpcException;
+import gr.ebs.gss.server.Login;
import gr.ebs.gss.server.domain.FileUploadStatus;
import gr.ebs.gss.server.domain.User;
import gr.ebs.gss.server.domain.dto.FileBodyDTO;
import gr.ebs.gss.server.domain.dto.GroupDTO;
import gr.ebs.gss.server.domain.dto.PermissionDTO;
import gr.ebs.gss.server.ejb.ExternalAPI;
+import gr.ebs.gss.server.ejb.TransactionHelper;
import gr.ebs.gss.server.webdav.Range;
+import gr.ebs.gss.server.webdav.RequestUtil;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.codec.binary.Base64;
import org.apache.commons.fileupload.FileItemIterator;
import org.apache.commons.fileupload.FileItemStream;
import org.apache.commons.fileupload.FileUploadException;
private ServletContext context;
/**
+ * The style sheet for displaying the directory listings.
+ */
+ private static final String GSS_CSS = "H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} " + "H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} " + "H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} " + "BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} " + "B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} " + "P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}" + "A {color : black;}" + "A.name {color : black;}" + "HR {color : #525D76;}";
+
+
+ /**
* @param servletContext
*/
public FilesHandler(ServletContext servletContext) {
context = servletContext;
}
+ private void updateAccounting(final User user, final Date date, final long bandwidthDiff) {
+ try {
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().updateAccounting(user, date, bandwidthDiff);
+ return null;
+ }
+ });
+ } catch (RuntimeException e) {
+ throw e;
+ } catch (Exception e) {
+ // updateAccounting() doesn't throw any checked exceptions
+ assert false;
+ }
+ }
+
/**
* Serve the specified resource, optionally including the data content.
*
}
String progress = req.getParameter(PROGRESS_PARAMETER);
- if (logger.isDebugEnabled())
+ if (logger.isDebugEnabled())
if (content)
logger.debug("Serving resource '" + path + "' headers and data");
else
User user = getUser(req);
User owner = getOwner(req);
- if (user == null) user = owner;
boolean exists = true;
Object resource = null;
FileHeaderDTO file = null;
return;
}
- if (!exists) {
- if (authDeferred) {
- // We do not want to leak information if the request
- // was not authenticated.
- resp.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
- }
- // A request for upload progress.
- if (progress != null && content) {
- serveProgress(req, resp, progress, user, null);
- return;
- }
-
- resp.sendError(HttpServletResponse.SC_NOT_FOUND, req.getRequestURI());
+ if (!exists && authDeferred) {
+ // We do not want to leak information if the request
+ // was not authenticated.
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
if (resource instanceof FolderDTO)
folder = (FolderDTO) resource;
else
- file = (FileHeaderDTO) resource;
+ file = (FileHeaderDTO) resource; // Note that file will be null, if (!exists).
// Now it's time to perform the deferred authentication check.
// Since regular signature checking was already performed,
// we need to check the read-all flag or the signature-in-parameters.
if (authDeferred)
if (file != null && !file.isReadForAll() && content) {
+ logger.debug("this case refers to a file with no public privileges");
// Check for GET with the signature in the request parameters.
String auth = req.getParameter(AUTHORIZATION_PARAMETER);
String dateParam = req.getParameter(DATE_PARAMETER);
if (auth == null || dateParam == null) {
- resp.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
- }
+ // Check for a valid authentication cookie.
+ if (req.getCookies() != null) {
+ boolean found = false;
+ for (Cookie cookie : req.getCookies())
+ if (Login.AUTH_COOKIE.equals(cookie.getName())) {
+ String cookieauth = cookie.getValue();
+ int sepIndex = cookieauth.indexOf(Login.COOKIE_SEPARATOR);
+ if (sepIndex == -1) {
+ handleAuthFailure(req, resp);
+ return;
+ }
+ String username = URLDecoder.decode(cookieauth.substring(0, sepIndex), "US-ASCII");
+ user = null;
+ try {
+ user = getService().findUser(username);
+ } catch (RpcException e) {
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path);
+ return;
+ }
+ if (user == null) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ req.setAttribute(USER_ATTRIBUTE, user);
+ String token = cookieauth.substring(sepIndex + 1);
+ if (user.getAuthToken() == null) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ if (!Arrays.equals(user.getAuthToken(), Base64.decodeBase64(token))) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ found = true;
+ break;
+ }
+ if (!found) {
+ handleAuthFailure(req, resp);
+ return;
+ }
+ } else {
+ handleAuthFailure(req, resp);
+ return;
+ }
+ } else {
+ long timestamp;
+ try {
+ timestamp = DateUtil.parseDate(dateParam).getTime();
+ } catch (DateParseException e) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
+ return;
+ }
+ if (!isTimeValid(timestamp)) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
- long timestamp;
- try {
- timestamp = DateUtil.parseDate(dateParam).getTime();
- } catch (DateParseException e) {
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
- return;
- }
- if (!isTimeValid(timestamp)) {
- resp.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
- }
-
- // Fetch the Authorization parameter and find the user specified in it.
- String[] authParts = auth.split(" ");
- if (authParts.length != 2) {
- resp.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
- }
- String username = authParts[0];
- String signature = authParts[1];
- user = null;
- try {
- user = getService().findUser(username);
- } catch (RpcException e) {
- resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path);
- return;
+ // Fetch the Authorization parameter and find the user specified in it.
+ String[] authParts = auth.split(" ");
+ if (authParts.length != 2) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ String username = authParts[0];
+ String signature = authParts[1];
+ user = null;
+ try {
+ user = getService().findUser(username);
+ } catch (RpcException e) {
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path);
+ return;
+ }
+ if (user == null) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ req.setAttribute(USER_ATTRIBUTE, user);
+
+ // Remove the servlet path from the request URI.
+ String p = req.getRequestURI();
+ String servletPath = req.getContextPath() + req.getServletPath();
+ p = p.substring(servletPath.length());
+ // Validate the signature in the Authorization parameter.
+ String data = req.getMethod() + dateParam + p;
+ if (!isSignatureValid(signature, user, data)) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
}
- if (user == null) {
- resp.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
- }
- req.setAttribute(USER_ATTRIBUTE, user);
-
- // Remove the servlet path from the request URI.
- String p = req.getRequestURI();
- String servletPath = req.getContextPath() + req.getServletPath();
- p = p.substring(servletPath.length());
- // Validate the signature in the Authorization parameter.
- String data = req.getMethod() + dateParam + p;
- if (!isSignatureValid(signature, user, data)) {
- resp.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
- }
- } else if (file != null && !file.isReadForAll() || file == null) {
- // Check for a read-for-all file request.
- resp.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
}
+ else if(folder != null && folder.isReadForAll() || file != null && file.isReadForAll()){
+ //This case refers to a folder or file with public privileges
+ //For a read-for-all folder request, pretend the owner is making it.
+ logger.debug("*********this case refers to a folder or file with public privileges");
+ user = owner;
+ req.setAttribute(USER_ATTRIBUTE, user);
+ }else if(folder != null && !folder.isReadForAll()){
+ //this case refers to a folder with no public privileges
+ logger.debug("*********this case refers to a folder with no public privileges");
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ else{
+ logger.debug("*********ANY other case");
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
// If the resource is not a collection, and the resource path
// ends with "/" or "\", return NOT FOUND.
// A request for upload progress.
if (progress != null && content) {
if (file == null) {
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
- return;
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, req.getRequestURI());
+ return;
}
serveProgress(req, resp, progress, user, file);
return;
// satisfied. Doing this for folders would require recursive checking
// for all of their children, which in turn would defy the purpose of
// the optimization.
- if (folder == null)
+ if (folder == null){
// Checking If headers.
if (!checkIfHeaders(req, resp, file, oldBody))
return;
+ }
+ else if(!checkIfModifiedSince(req, resp, folder))
+ return;
// Find content type.
String contentType = null;
+ boolean isContentHtml = false;
+ boolean expectJSON = false;
+
if (file != null) {
contentType = version>0 ? oldBody.getMimeType() : file.getMimeType();
if (contentType == null) {
contentType = context.getMimeType(file.getName());
file.setMimeType(contentType);
}
- } else
- contentType = "application/json;charset=UTF-8";
+ } else { // folder != null
+ String accept = req.getHeader("Accept");
+ // The order in this conditional pessimizes the common API case,
+ // but is important for backwards compatibility with existing
+ // clients who send no accept header and expect a JSON response.
+ if (accept != null && accept.contains("text/html")) {
+ contentType = "text/html;charset=UTF-8";
+ isContentHtml = true;
+ }else if (accept != null && accept.contains("text/html") && !authDeferred){
+ //this is the case when clients send the appropriate headers, the contentType is "text/html"
+ //and expect a JSON response. The above check applies to FireGSS client
+ contentType = "text/html;charset=UTF-8";
+ isContentHtml = true;
+ expectJSON = true;
+ }
+ else{
+ contentType = "application/json;charset=UTF-8";
+ expectJSON = true;
+ }
+ }
+
ArrayList ranges = null;
long contentLength = -1L;
else
throw e;
}
-
- if (folder != null
- || (ranges == null || ranges.isEmpty())
- && req.getHeader("Range") == null
- || ranges == FULL) {
+ if (folder != null || (ranges == null || ranges.isEmpty()) && req.getHeader("Range") == null || ranges == FULL) {
// Set the appropriate output headers
if (contentType != null) {
if (logger.isDebugEnabled())
logger.debug("contentLength=" + contentLength);
if (contentLength < Integer.MAX_VALUE)
resp.setContentLength((int) contentLength);
+
else
// Set the content-length as String to be able to use a long
resp.setHeader("content-length", "" + contentLength);
}
InputStream renderResult = null;
- if (folder != null)
- if (content)
- // Serve the directory browser
+ String relativePath = getRelativePath(req);
+ String contextPath = req.getContextPath();
+ String servletPath = req.getServletPath();
+ String contextServletPath = contextPath + servletPath;
+ if (folder != null && content)
+ // Serve the directory browser for a public folder
+ if (isContentHtml && !expectJSON)
+ renderResult = renderHtml(contextServletPath, relativePath, folder,user);
+ // Serve the directory for an ordinary folder or for fireGSS client
+ else
try {
- renderResult = renderJson(user, folder);
- } catch (InsufficientPermissionsException e) {
- resp.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
- return;
- }
+ renderResult = renderJson(user, folder);
+ } catch (InsufficientPermissionsException e) {
+ resp.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ return;
+ }
+
+
// Copy the input stream to our output stream (if requested)
if (content) {
try {
try {
if(file != null)
if (needsContentDisposition(req))
- resp.setHeader("Content-Disposition","attachment; filename*=UTF-8''"+URLEncoder.encode(file.getName(),"UTF-8"));
+ resp.setHeader("Content-Disposition","attachment; filename*=UTF-8''"+getDispositionFilename(file));
else
- resp.setHeader("Content-Disposition","inline; filename*=UTF-8''"+URLEncoder.encode(file.getName(),"UTF-8"));
+ resp.setHeader("Content-Disposition","inline; filename*=UTF-8''"+getDispositionFilename(file));
if (ostream != null)
copy(file, renderResult, ostream, req, oldBody);
else
copy(file, renderResult, writer, req, oldBody);
- if (file!=null) getService().updateAccounting(owner, new Date(), contentLength);
+ if (file!=null) updateAccounting(owner, new Date(), contentLength);
} catch (ObjectNotFoundException e) {
resp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
} catch (RpcException e) {
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
- }
+ }
}
} else {
if (ranges == null || ranges.isEmpty())
copy(file, ostream, range, req, oldBody);
else
copy(file, writer, range, req, oldBody);
- getService().updateAccounting(owner, new Date(), contentLength);
+ updateAccounting(owner, new Date(), contentLength);
} catch (ObjectNotFoundException e) {
resp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
copy(file, ostream, ranges.iterator(), contentType, req, oldBody);
else
copy(file, writer, ranges.iterator(), contentType, req, oldBody);
- getService().updateAccounting(owner, new Date(), contentLength);
+ updateAccounting(owner, new Date(), contentLength);
} catch (ObjectNotFoundException e) {
resp.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
/**
+ * Handles an authentication failure. If no Authorization or Date request
+ * parameters and no Authorization, Date or X-GSS-Date headers were present,
+ * this is a browser request, so redirect to login and then let the user get
+ * back to the file. Otherwise it's a bogus client request and Forbidden is
+ * returned.
+ */
+ private void handleAuthFailure(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ if (req.getParameter(AUTHORIZATION_PARAMETER) == null &&
+ req.getParameter(DATE_PARAMETER) == null &&
+ req.getHeader(AUTHORIZATION_HEADER) == null &&
+ req.getDateHeader(DATE_HEADER) == -1 &&
+ req.getDateHeader(GSS_DATE_HEADER) == -1)
+ resp.sendRedirect(getConfiguration().getString("loginUrl") +
+ "?next=" + req.getRequestURL().toString());
+ else
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+ }
+
+ /**
+ * Return the filename of the specified file properly formatted for
+ * including in the Content-Disposition header.
+ */
+ private String getDispositionFilename(FileHeaderDTO file) throws UnsupportedEncodingException {
+ return URLEncoder.encode(file.getName(),"UTF-8").replaceAll("\\+", "%20");
+ }
+
+ /**
* Determines whether the user agent needs the Content-Disposition
* header to be set, in order to properly download a file.
*
}
String newName = req.getParameter(NEW_FOLDER_PARAMETER);
+ if (!isValidResourceName(newName)) {
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return;
+ }
boolean hasUpdateParam = req.getParameterMap().containsKey(RESOURCE_UPDATE_PARAMETER);
boolean hasTrashParam = req.getParameterMap().containsKey(RESOURCE_TRASH_PARAMETER);
boolean hasRestoreParam = req.getParameterMap().containsKey(RESOURCE_RESTORE_PARAMETER);
* @throws IOException if an I/O error occurs
*/
private void restoreVersion(HttpServletRequest req, HttpServletResponse resp, String path, String version) throws IOException {
- User user = getUser(req);
+ final User user = getUser(req);
User owner = getOwner(req);
Object resource = null;
try {
}
try {
- FileHeaderDTO file = (FileHeaderDTO) resource;
- int oldVersion = Integer.parseInt(version);
- getService().restoreVersion(user.getId(), file.getId(), oldVersion);
+ final FileHeaderDTO file = (FileHeaderDTO) resource;
+ final int oldVersion = Integer.parseInt(version);
+
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().restoreVersion(user.getId(), file.getId(), oldVersion);
+ return null;
+ }
+ });
} catch (InsufficientPermissionsException e) {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} catch (ObjectNotFoundException e) {
resp.sendError(HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE, e.getMessage());
} catch (NumberFormatException e) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ } catch (Exception e) {
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
}
}
return;
}
- FolderDTO folder = null;
Object parent;
String parentPath = null;
try {
response.sendError(HttpServletResponse.SC_CONFLICT);
return;
}
- folder = (FolderDTO) parent;
- String fileName = getLastElement(path);
+ final FolderDTO folder = (FolderDTO) parent;
+ final String fileName = getLastElement(path);
FileItemIterator iter;
File uploadedFile = null;
progressListener.setUserId(user.getId());
progressListener.setFilename(fileName);
- String contentType = item.getContentType();
+ final String contentType = item.getContentType();
try {
uploadedFile = getService().uploadFile(stream, user.getId());
throw new GSSIOException(ex, false);
}
FileHeaderDTO fileDTO = null;
+ final File upf = uploadedFile;
+ final FileHeaderDTO f = file;
+ final User u = user;
if (file == null)
- fileDTO = getService().createFile(user.getId(), folder.getId(), fileName, contentType, uploadedFile.getCanonicalFile().length(), uploadedFile.getAbsolutePath());
+ fileDTO = new TransactionHelper<FileHeaderDTO>().tryExecute(new Callable<FileHeaderDTO>() {
+ @Override
+ public FileHeaderDTO call() throws Exception {
+ return getService().createFile(u.getId(), folder.getId(), fileName, contentType, upf.getCanonicalFile().length(), upf.getAbsolutePath());
+ }
+ });
else
- fileDTO = getService().updateFileContents(user.getId(), file.getId(), contentType, uploadedFile.getCanonicalFile().length(), uploadedFile.getAbsolutePath());
- getService().updateAccounting(owner, new Date(), fileDTO.getFileSize());
+ fileDTO = new TransactionHelper<FileHeaderDTO>().tryExecute(new Callable<FileHeaderDTO>() {
+ @Override
+ public FileHeaderDTO call() throws Exception {
+ return getService().updateFileContents(u.getId(), f.getId(), contentType, upf.getCanonicalFile().length(), upf.getAbsolutePath());
+ }
+ });
+ updateAccounting(owner, new Date(), fileDTO.getFileSize());
getService().removeFileUploadProgress(user.getId(), fileName);
}
}
String error = "An error occurred while communicating with the service";
logger.error(error, e);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, error);
+ } catch (Exception e) {
+ if (uploadedFile != null && uploadedFile.exists())
+ uploadedFile.delete();
+ String error = "An internal server error occurred";
+ logger.error(error, e);
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, error);
}
}
- private String getBackupFilename(FileHeaderDTO file, String filename){
- List<FileHeaderDTO> deletedFiles = new ArrayList<FileHeaderDTO>();
- try{
- deletedFiles = getService().getDeletedFiles(file.getOwner().getId());
- }
- catch(ObjectNotFoundException e){
-
- } catch (RpcException e) {
-
- }
- List<FileHeaderDTO> filesInSameFolder = new ArrayList<FileHeaderDTO>();
- for(FileHeaderDTO deleted : deletedFiles)
- if(deleted.getFolder().getId().equals(file.getFolder().getId()))
- filesInSameFolder.add(deleted);
- int i=1;
- String filenameToCheck = filename;
- for(FileHeaderDTO same : filesInSameFolder)
- if(same.getName().startsWith(filename)){
- String toCheck=same.getName().substring(filename.length(),same.getName().length());
- if(toCheck.startsWith(" ")){
- int test =-1;
- try{
- test = Integer.valueOf(toCheck.replace(" ",""));
- }
- catch(NumberFormatException e){
- //do nothing since string is not a number
- }
- if(test>=i)
- i = test+1;
- }
- }
-
- return filename+" "+i;
- }
-
/**
* Move the resource in the specified path to the specified destination.
*
* @throws IOException if an input/output error occurs
*/
private void moveResource(HttpServletRequest req, HttpServletResponse resp, String path, String moveTo) throws IOException {
- User user = getUser(req);
+ final User user = getUser(req);
User owner = getOwner(req);
Object resource = null;
try {
}
try {
+ final User dOwner = destOwner;
+ final String dest = destination;
if (resource instanceof FolderDTO) {
- FolderDTO folder = (FolderDTO) resource;
- getService().moveFolderToPath(user.getId(), destOwner.getId(), folder.getId(), destination);
+ final FolderDTO folder = (FolderDTO) resource;
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().moveFolderToPath(user.getId(), dOwner.getId(), folder.getId(), dest);
+ return null;
+ }
+ });
} else {
- FileHeaderDTO file = (FileHeaderDTO) resource;
- getService().moveFileToPath(user.getId(), destOwner.getId(), file.getId(), destination);
+ final FileHeaderDTO file = (FileHeaderDTO) resource;
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().moveFileToPath(user.getId(), dOwner.getId(), file.getId(), dest);
+ return null;
+ }
+ });
+
}
} catch (InsufficientPermissionsException e) {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
} catch (QuotaExceededException e) {
resp.sendError(HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE, e.getMessage());
+ } catch (Exception e) {
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, destination);
}
}
* @throws IOException if an input/output error occurs
*/
private void copyResource(HttpServletRequest req, HttpServletResponse resp, String path, String copyTo) throws IOException {
- User user = getUser(req);
+ final User user = getUser(req);
User owner = getOwner(req);
Object resource = null;
try {
}
try {
+ final User dOwner = destOwner;
+ final String dest = destination;
if (resource instanceof FolderDTO) {
- FolderDTO folder = (FolderDTO) resource;
- getService().copyFolderStructureToPath(user.getId(), destOwner.getId(), folder.getId(), destination);
+ final FolderDTO folder = (FolderDTO) resource;
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().copyFolderStructureToPath(user.getId(), dOwner.getId(), folder.getId(), dest);
+ return null;
+ }
+ });
} else {
- FileHeaderDTO file = (FileHeaderDTO) resource;
- getService().copyFileToPath(user.getId(), destOwner.getId(), file.getId(), destination);
+ final FileHeaderDTO file = (FileHeaderDTO) resource;
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().copyFileToPath(user.getId(), dOwner.getId(), file.getId(), dest);
+ return null;
+ }
+ });
}
} catch (InsufficientPermissionsException e) {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
} catch (QuotaExceededException e) {
resp.sendError(HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE, e.getMessage());
+ } catch (Exception e) {
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, destination);
}
}
* @throws IOException if an input/output error occurs
*/
private void trashResource(HttpServletRequest req, HttpServletResponse resp, String path) throws IOException {
- User user = getUser(req);
+ final User user = getUser(req);
User owner = getOwner(req);
Object resource = null;
try {
try {
if (resource instanceof FolderDTO) {
- FolderDTO folder = (FolderDTO) resource;
- getService().moveFolderToTrash(user.getId(), folder.getId());
+ final FolderDTO folder = (FolderDTO) resource;
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().moveFolderToTrash(user.getId(), folder.getId());
+ return null;
+ }
+ });
} else {
- FileHeaderDTO file = (FileHeaderDTO) resource;
- getService().moveFileToTrash(user.getId(), file.getId());
+ final FileHeaderDTO file = (FileHeaderDTO) resource;
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().moveFileToTrash(user.getId(), file.getId());
+ return null;
+ }
+ });
}
} catch (InsufficientPermissionsException e) {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
resp.sendError(HttpServletResponse.SC_NOT_FOUND, e.getMessage());
} catch (RpcException e) {
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path);
+ } catch (Exception e) {
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path);
}
}
* @throws IOException if an input/output error occurs
*/
private void restoreResource(HttpServletRequest req, HttpServletResponse resp, String path) throws IOException {
- User user = getUser(req);
+ final User user = getUser(req);
User owner = getOwner(req);
Object resource = null;
try {
try {
if (resource instanceof FolderDTO) {
- FolderDTO folder = (FolderDTO) resource;
- getService().removeFolderFromTrash(user.getId(), folder.getId());
+ final FolderDTO folder = (FolderDTO) resource;
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().removeFolderFromTrash(user.getId(), folder.getId());
+ return null;
+ }
+ });
} else {
- FileHeaderDTO file = (FileHeaderDTO) resource;
- getService().removeFileFromTrash(user.getId(), file.getId());
+ final FileHeaderDTO file = (FileHeaderDTO) resource;
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().removeFileFromTrash(user.getId(), file.getId());
+ return null;
+ }
+ });
}
} catch (InsufficientPermissionsException e) {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
resp.sendError(HttpServletResponse.SC_NOT_FOUND, e.getMessage());
} catch (RpcException e) {
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path);
+ } catch (Exception e) {
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path);
}
}
* @throws IOException if an input/output error occurs
*/
private void updateResource(HttpServletRequest req, HttpServletResponse resp, String path) throws IOException {
- User user = getUser(req);
+ final User user = getUser(req);
User owner = getOwner(req);
Object resource = null;
+
try {
resource = getService().getResourceAtPath(owner.getId(), path, false);
} catch (ObjectNotFoundException e) {
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path);
return;
}
- //use utf-8 encoding for reading request
- BufferedReader reader = new BufferedReader(new InputStreamReader(req.getInputStream(),"UTF-8"));
StringBuffer input = new StringBuffer();
- String line = null;
JSONObject json = null;
- while ((line = reader.readLine()) != null)
- input.append(line);
- reader.close();
+ if (req.getContentType() != null && req.getContentType().startsWith("application/x-www-form-urlencoded"))
+ input.append(req.getParameter(RESOURCE_UPDATE_PARAMETER));
+ else {
+ // Assume application/json
+ BufferedReader reader = new BufferedReader(new InputStreamReader(req.getInputStream(),"UTF-8"));
+ String line = null;
+ while ((line = reader.readLine()) != null)
+ input.append(line);
+ reader.close();
+ }
try {
json = new JSONObject(input.toString());
if (logger.isDebugEnabled())
logger.debug("JSON update: " + json);
if (resource instanceof FolderDTO) {
- FolderDTO folder = (FolderDTO) resource;
+ final FolderDTO folder = (FolderDTO) resource;
String name = json.optString("name");
- if (!name.isEmpty()){
- try {
- name = URLDecoder.decode(name, "UTF-8");
- } catch (IllegalArgumentException e) {
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
- return;
- }
- getService().modifyFolder(user.getId(), folder.getId(), name);
- FolderDTO folderUpdated = getService().getFolder(user.getId(), folder.getId());
- String parentUrl =URLDecoder.decode(getContextPath(req, true),"UTF-8");
- String fpath = URLDecoder.decode(req.getPathInfo(), "UTF-8");
- parentUrl = parentUrl.replaceAll(fpath, "");
- if(!parentUrl.endsWith("/"))
- parentUrl = parentUrl+"/";
- parentUrl = parentUrl+folderUpdated.getOwner().getUsername()+PATH_FILES+folderUpdated.getPath();
- resp.getWriter().println(parentUrl);
- }
-
JSONArray permissions = json.optJSONArray("permissions");
- if (permissions != null) {
- Set<PermissionDTO> perms = parsePermissions(user, permissions);
- getService().setFolderPermissions(user.getId(), folder.getId(), perms);
+ Set<PermissionDTO> perms = null;
+ if (permissions != null)
+ perms = parsePermissions(user, permissions);
+ Boolean readForAll = null;
+ if (json.opt("readForAll") != null)
+ readForAll = json.optBoolean("readForAll");
+ if (!name.isEmpty() || permissions != null || readForAll != null) {
+ final String fName = name.isEmpty()? null: name;
+ final Boolean freadForAll = readForAll;
+ final Set<PermissionDTO> fPerms = perms;
+ FolderDTO folderUpdated = new TransactionHelper<FolderDTO>().tryExecute(new Callable<FolderDTO>() {
+ @Override
+ public FolderDTO call() throws Exception {
+ return getService().updateFolder(user.getId(), folder.getId(), fName, freadForAll, fPerms);
+ }
+
+ });
+ resp.getWriter().println(getNewUrl(req, folderUpdated));
}
} else {
- FileHeaderDTO file = (FileHeaderDTO) resource;
+ final FileHeaderDTO file = (FileHeaderDTO) resource;
String name = null;
if (json.opt("name") != null)
name = json.optString("name");
+ Long modificationDate = null;
+ if (json.optLong("modificationDate") != 0)
+ modificationDate = json.optLong("modificationDate");
+ Boolean versioned = null;
+ if (json.opt("versioned") != null)
+ versioned = json.getBoolean("versioned");
JSONArray tagset = json.optJSONArray("tags");
String tags = null;
StringBuffer t = new StringBuffer();
t.append(tagset.getString(i) + ',');
tags = t.toString();
}
- if (name != null || tags != null)
- getService().updateFile(user.getId(), file.getId(), name, tags);
-
JSONArray permissions = json.optJSONArray("permissions");
Set<PermissionDTO> perms = null;
if (permissions != null)
Boolean readForAll = null;
if (json.opt("readForAll") != null)
readForAll = json.optBoolean("readForAll");
- if (perms != null || readForAll != null)
- getService().setFilePermissions(user.getId(), file.getId(), readForAll, perms);
-
- if (json.opt("versioned") != null) {
- boolean versioned = json.getBoolean("versioned");
- getService().toggleFileVersioning(user.getId(), file.getId(), versioned);
+ if (name != null || tags != null || modificationDate != null
+ || versioned != null || perms != null
+ || readForAll != null) {
+ final String fName = name;
+ final String fTags = tags;
+ final Date mDate = modificationDate != null? new Date(modificationDate): null;
+ final Boolean fVersioned = versioned;
+ final Boolean fReadForAll = readForAll;
+ final Set<PermissionDTO> fPerms = perms;
+ new TransactionHelper<Object>().tryExecute(new Callable<Object>() {
+ @Override
+ public Object call() throws Exception {
+ getService().updateFile(user.getId(), file.getId(),
+ fName, fTags, mDate, fVersioned,
+ fReadForAll, fPerms);
+ return null;
+ }
+
+ });
}
}
} catch (JSONException e) {
resp.sendError(HttpServletResponse.SC_CONFLICT, e.getMessage());
} catch (RpcException e) {
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path);
+ } catch (Exception e) {
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path);
+ return;
}
}
/**
+ * Returns the new URL of an updated folder.
+ */
+ private String getNewUrl(HttpServletRequest req, FolderDTO folder) throws UnsupportedEncodingException {
+ String parentUrl = URLDecoder.decode(getContextPath(req, true),"UTF-8");
+ String fpath = URLDecoder.decode(getRelativePath(req), "UTF-8");
+ if (parentUrl.indexOf(fpath) != -1)
+ parentUrl = parentUrl.substring(0, parentUrl.indexOf(fpath));
+ if(!parentUrl.endsWith("/"))
+ parentUrl = parentUrl+"/";
+ parentUrl = parentUrl+folder.getOwner().getUsername()+PATH_FILES+folder.getPath();
+ return parentUrl;
+ }
+
+ /**
* Helper method to convert a JSON array of permissions into a set of
* PermissionDTO objects.
*
* @throws JSONException if there was an error parsing the JSON object
* @throws RpcException if there was an error communicating with the EJB
* @throws ObjectNotFoundException if the user could not be found
+ * @throws UnsupportedEncodingException
*/
private Set<PermissionDTO> parsePermissions(User user, JSONArray permissions)
- throws JSONException, RpcException, ObjectNotFoundException {
+ throws JSONException, RpcException, ObjectNotFoundException, UnsupportedEncodingException {
if (permissions == null)
return null;
Set<PermissionDTO> perms = new HashSet<PermissionDTO>();
throw new ObjectNotFoundException("User " + permUser + " not found");
perm.setUser(u.getDTO());
}
+ // 31/8/2009: Add optional groupUri which takes priority if it exists
+ String permGroupUri = j.optString("groupUri");
String permGroup = j.optString("group");
- if (!permGroup.isEmpty()) {
+ if (!permGroupUri.isEmpty()) {
+ String[] names = permGroupUri.split("/");
+ String grp = URLDecoder.decode(names[names.length - 1], "UTF-8");
+ String usr = URLDecoder.decode(names[names.length - 3], "UTF-8");
+ User u = getService().findUser(usr);
+ if (u == null)
+ throw new ObjectNotFoundException("User " + permUser + " not found");
+ GroupDTO g = getService().getGroup(u.getId(), grp);
+ perm.setGroup(g);
+ }
+ else if (!permGroup.isEmpty()) {
GroupDTO g = getService().getGroup(user.getId(), permGroup);
perm.setGroup(g);
}
- if (permUser.isEmpty() && permGroup.isEmpty() ||
- permUser.isEmpty() && permGroup.isEmpty())
+ if (permUser.isEmpty() && permGroupUri.isEmpty() && permGroup.isEmpty())
throw new JSONException("A permission must correspond to either a user or a group");
perms.add(perm);
}
* @param folderName the name of the new folder
* @throws IOException if an input/output error occurs
*/
- private void createFolder(HttpServletRequest req, HttpServletResponse resp, String path, String folderName) throws IOException {
+ private void createFolder(HttpServletRequest req, HttpServletResponse resp, String path, final String folderName) throws IOException {
if (logger.isDebugEnabled())
logger.debug("Creating folder " + folderName + " in '" + path);
- User user = getUser(req);
+ final User user = getUser(req);
User owner = getOwner(req);
boolean exists = true;
try {
}
try {
if (parent instanceof FolderDTO) {
- FolderDTO folder = (FolderDTO) parent;
- getService().createFolder(user.getId(), folder.getId(), folderName);
- String newResource = getContextPath(req, true) + folderName;
+ final FolderDTO folder = (FolderDTO) parent;
+ FolderDTO newFolder = new TransactionHelper<FolderDTO>().tryExecute(new Callable<FolderDTO>() {
+ @Override
+ public FolderDTO call() throws Exception {
+ return getService().createFolder(user.getId(), folder.getId(), folderName);
+ }
+
+ });
+ String newResource = getApiRoot() + newFolder.getURI();
resp.setHeader("Location", newResource);
resp.setContentType("text/plain");
PrintWriter out = resp.getWriter();
} catch (RpcException e) {
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path + folderName);
return;
+ } catch (Exception e) {
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, path);
+ return;
}
resp.setStatus(HttpServletResponse.SC_CREATED);
}
throw new GSSIOException(ex, false);
}
FileHeaderDTO fileDTO = null;
+ final File uploadedf = uploadedFile;
+ final FolderDTO parentf = folder;
+ final FileHeaderDTO f = file;
if (exists)
- fileDTO = getService().updateFileContents(user.getId(), file.getId(), mimeType, uploadedFile.getCanonicalFile().length(), uploadedFile.getAbsolutePath());
- else {
- final File uploadedf = uploadedFile;
- final FolderDTO parentf = folder;
+ fileDTO = new TransactionHelper<FileHeaderDTO>().tryExecute(new Callable<FileHeaderDTO>() {
+ @Override
+ public FileHeaderDTO call() throws Exception {
+ return getService().updateFileContents(user.getId(), f.getId(), mimeType, uploadedf.getCanonicalFile().length(), uploadedf.getAbsolutePath());
+ }
+ });
+ else
fileDTO = new TransactionHelper<FileHeaderDTO>().tryExecute(new Callable<FileHeaderDTO>() {
@Override
public FileHeaderDTO call() throws Exception {
}
});
- }
- getService().updateAccounting(owner, new Date(), fileDTO.getFileSize());
+ updateAccounting(owner, new Date(), fileDTO.getFileSize());
getService().removeFileUploadProgress(user.getId(), fileDTO.getName());
} catch(ObjectNotFoundException e) {
result = false;
if (logger.isDebugEnabled())
logger.debug("Deleting resource '" + path);
path = URLDecoder.decode(path, "UTF-8");
- User user = getUser(req);
+ final User user = getUser(req);
User owner = getOwner(req);
boolean exists = true;
Object object = null;
if (file != null)
try {
- getService().deleteFile(user.getId(), file.getId());
+ final FileHeaderDTO f = file;
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().deleteFile(user.getId(), f.getId());
+ return null;
+ }
+ });
} catch (InsufficientPermissionsException e) {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return;
} catch (RpcException e) {
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
+ } catch (Exception e) {
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ return;
}
else if (folder != null)
try {
- getService().deleteFolder(user.getId(), folder.getId());
+ final FolderDTO fo = folder;
+ new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ getService().deleteFolder(user.getId(), fo.getId());
+ return null;
+ }
+ });
} catch (InsufficientPermissionsException e) {
resp.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return;
} catch (RpcException e) {
resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
+ } catch (Exception e) {
+ resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ return;
}
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
return;
put("owner", folder.getOwner().getUsername()).
put("createdBy", folder.getAuditInfo().getCreatedBy().getUsername()).
put("creationDate", folder.getAuditInfo().getCreationDate().getTime()).
- put("deleted", folder.isDeleted());
+ put("deleted", folder.isDeleted()).
+ put("readForAll", folder.isReadForAll());
+
if (folder.getAuditInfo().getModifiedBy() != null)
json.put("modifiedBy", folder.getAuditInfo().getModifiedBy().getUsername()).
put("modificationDate", folder.getAuditInfo().getModificationDate().getTime());
permission.put("read", p.hasRead()).put("write", p.hasWrite()).put("modifyACL", p.hasModifyACL());
if (p.getUser() != null)
permission.put("user", p.getUser().getUsername());
- if (p.getGroup() != null)
+ if (p.getGroup() != null) {
+ GroupDTO group = p.getGroup();
+ permission.put("groupUri", getApiRoot() + group.getOwner().getUsername() + PATH_GROUPS + "/" + URLEncoder.encode(group.getName(),"UTF-8"));
permission.put("group", URLEncoder.encode(p.getGroup().getName(),"UTF-8"));
+ }
perms.put(permission);
}
return perms;
private long fileSize = -100;
- private long tenKBRead = -1;
-
private Long userId;
private String filename;
filename = aFilename;
}
+ @Override
public void update(long bytesRead, long contentLength, int items) {
//monitoring per percent of bytes uploaded
bytesTransferred = bytesRead;
}
}
}
+ /**
+ * Return an InputStream to an HTML representation of the contents of this
+ * directory.
+ *
+ * @param contextPath Context path to which our internal paths are relative
+ * @param relativePath the requested relative path to the resource
+ * @param folder the specified directory
+ * @param req the HTTP request
+ * @return an input stream with the rendered contents
+ * @throws IOException
+ * @throws ServletException
+ */
+ private InputStream renderHtml(String contextPath, String relativePath, FolderDTO folder, User user) throws IOException, ServletException {
+ String name = folder.getName();
+ // Prepare a writer to a buffered area
+ ByteArrayOutputStream stream = new ByteArrayOutputStream();
+ OutputStreamWriter osWriter = new OutputStreamWriter(stream, "UTF8");
+ PrintWriter writer = new PrintWriter(osWriter);
+ StringBuffer sb = new StringBuffer();
+ // rewriteUrl(contextPath) is expensive. cache result for later reuse
+ String rewrittenContextPath = rewriteUrl(contextPath);
+ // Render the page header
+ sb.append("<html>\r\n");
+ sb.append("<head>\r\n");
+ sb.append("<title>");
+ sb.append("Index of " + name);
+ sb.append("</title>\r\n");
+ sb.append("<STYLE><!--");
+ sb.append(GSS_CSS);
+ sb.append("--></STYLE> ");
+ sb.append("</head>\r\n");
+ sb.append("<body>");
+ sb.append("<h1>");
+ sb.append("Index of " + name);
+
+ // Render the link to our parent (if required)
+ String folderPath = folder.getPath();
+ int indexFolderPath = relativePath.indexOf(folderPath);
+ String relativePathNoFolderName = null;
+ if(indexFolderPath != 0)
+ relativePathNoFolderName = relativePath.substring(0, indexFolderPath);
+ else
+ relativePathNoFolderName = relativePath;
+ String parentDirectory = folderPath;
+ //To-do: further search in encoding folder names with special characters
+ //String rewrittenParentDirectory = rewriteUrl(parentDirectory);
+ if (parentDirectory.endsWith("/"))
+ parentDirectory = parentDirectory.substring(0, parentDirectory.length() - 1);
+ int slash = parentDirectory.lastIndexOf('/');
+ parentDirectory = parentDirectory.substring(0,slash);
+ if (slash >= 0) {
+ sb.append(" - <a href=\"");
+ sb.append(rewrittenContextPath);
+ sb.append(relativePathNoFolderName);
+ sb.append(parentDirectory);
+ if (!parentDirectory.endsWith("/"))
+ sb.append("/");
+ sb.append("\">");
+ sb.append("<b>");
+ sb.append("Up To ");
+ if (parentDirectory.equals(""))
+ parentDirectory = "/";
+ sb.append(parentDirectory);
+ sb.append("</b>");
+ sb.append("</a>");
+ }
+
+ sb.append("</h1>");
+ sb.append("<HR size=\"1\" noshade=\"noshade\">");
+
+ sb.append("<table width=\"100%\" cellspacing=\"0\"" + " cellpadding=\"5\" align=\"center\">\r\n");
+
+ // Render the column headings
+ sb.append("<tr>\r\n");
+ sb.append("<td align=\"left\"><font size=\"+1\"><strong>");
+ sb.append("Name");
+ sb.append("</strong></font></td>\r\n");
+ sb.append("<td align=\"center\"><font size=\"+1\"><strong>");
+ sb.append("Size");
+ sb.append("</strong></font></td>\r\n");
+ sb.append("<td align=\"right\"><font size=\"+1\"><strong>");
+ sb.append("Last modified");
+ sb.append("</strong></font></td>\r\n");
+ sb.append("</tr>");
+ // Render the directory entries within this directory
+ boolean shade = false;
+ Iterator iter = folder.getSubfolders().iterator();
+ while (iter.hasNext()) {
+ FolderDTO subf = (FolderDTO) iter.next();
+ String resourceName = subf.getName();
+ if (resourceName.equalsIgnoreCase("WEB-INF") || resourceName.equalsIgnoreCase("META-INF"))
+ continue;
+
+ sb.append("<tr");
+ if (shade)
+ sb.append(" bgcolor=\"#eeeeee\"");
+ sb.append(">\r\n");
+ shade = !shade;
+
+ sb.append("<td align=\"left\"> \r\n");
+ sb.append("<a href=\"");
+ sb.append(rewrittenContextPath);
+ sb.append(relativePathNoFolderName);
+ sb.append(folderPath + resourceName);
+ sb.append("/");
+ sb.append("\"><tt>");
+ sb.append(RequestUtil.filter(resourceName));
+ sb.append("/");
+ sb.append("</tt></a></td>\r\n");
+
+ sb.append("<td align=\"right\"><tt>");
+ sb.append(" ");
+ sb.append("</tt></td>\r\n");
+
+ sb.append("<td align=\"right\"><tt>");
+ sb.append(getLastModifiedHttp(folder.getAuditInfo()));
+ sb.append("</tt></td>\r\n");
+
+ sb.append("</tr>\r\n");
+ }
+ List<FileHeaderDTO> files;
+ try {
+ files = getService().getFiles(user.getId(), folder.getId(), true);
+ } catch (ObjectNotFoundException e) {
+ throw new ServletException(e.getMessage());
+ } catch (InsufficientPermissionsException e) {
+ throw new ServletException(e.getMessage());
+ } catch (RpcException e) {
+ throw new ServletException(e.getMessage());
+ }
+ for (FileHeaderDTO file : files)
+ //Display only file resources that are marked as public
+ if(file.isReadForAll()){
+ String resourceName = file.getName();
+ if (resourceName.equalsIgnoreCase("WEB-INF") || resourceName.equalsIgnoreCase("META-INF"))
+ continue;
+
+ sb.append("<tr");
+ if (shade)
+ sb.append(" bgcolor=\"#eeeeee\"");
+ sb.append(">\r\n");
+ shade = !shade;
+
+ sb.append("<td align=\"left\"> \r\n");
+ sb.append("<a href=\"");
+ sb.append(rewrittenContextPath);
+ sb.append(relativePath);
+ if(!relativePath.endsWith("/"))
+ sb.append("/");
+ sb.append(rewriteUrl(resourceName));
+ sb.append("\"><tt>");
+ sb.append(RequestUtil.filter(resourceName));
+ sb.append("</tt></a></td>\r\n");
+
+ sb.append("<td align=\"right\"><tt>");
+ sb.append(renderSize(file.getFileSize()));
+ sb.append("</tt></td>\r\n");
+
+ sb.append("<td align=\"right\"><tt>");
+ sb.append(getLastModifiedHttp(file.getAuditInfo()));
+ sb.append("</tt></td>\r\n");
+
+ sb.append("</tr>\r\n");
+ }
+
+ // Render the page footer
+ sb.append("</table>\r\n");
+
+ sb.append("<HR size=\"1\" noshade=\"noshade\">");
+
+ //sb.append("<h3>").append(getServletContext().getServerInfo()).append("</h3>");
+ sb.append("</body>\r\n");
+ sb.append("</html>\r\n");
+
+ // Return an input stream to the underlying bytes
+ writer.write(sb.toString());
+ writer.flush();
+ return new ByteArrayInputStream(stream.toByteArray());
+
+ }
}