001/* ===========================================================
002 * JFreeChart : a free chart library for the Java(tm) platform
003 * ===========================================================
004 *
005 * (C) Copyright 2000-present, by David Gilbert and Contributors.
006 *
007 * Project Info:  http://www.jfree.org/jfreechart/index.html
008 *
009 * This library is free software; you can redistribute it and/or modify it
010 * under the terms of the GNU Lesser General Public License as published by
011 * the Free Software Foundation; either version 2.1 of the License, or
012 * (at your option) any later version.
013 *
014 * This library is distributed in the hope that it will be useful, but
015 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
016 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
017 * License for more details.
018 *
019 * You should have received a copy of the GNU Lesser General Public
020 * License along with this library; if not, write to the Free Software
021 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
022 * USA.
023 *
024 * [Oracle and Java are registered trademarks of Oracle and/or its affiliates. 
025 * Other names may be trademarks of their respective owners.]
026 *
027 * -----------------
028 * DisplayChart.java
029 * -----------------
030 * (C) Copyright 2002-present, by Richard Atkinson and Contributors.
031 *
032 * Original Author:  Richard Atkinson;
033 * Contributor(s):   David Gilbert;
034 * 
035 */
036
037package org.jfree.chart.servlet;
038
039import java.io.File;
040import java.io.IOException;
041
042import javax.servlet.ServletException;
043import javax.servlet.http.HttpServlet;
044import javax.servlet.http.HttpServletRequest;
045import javax.servlet.http.HttpServletResponse;
046import javax.servlet.http.HttpSession;
047
048/**
049 * Servlet used for streaming charts to the client browser from the temporary
050 * directory.  You need to add this servlet and mapping to your deployment
051 * descriptor (web.xml) in order to get it to work.  The syntax is as follows:
052 * 
053 * <xmp>
054 * <servlet>
055 *    <servlet-name>DisplayChart</servlet-name>
056 *    <servlet-class>org.jfree.chart.servlet.DisplayChart</servlet-class>
057 * </servlet>
058 * <servlet-mapping>
059 *     <servlet-name>DisplayChart</servlet-name>
060 *     <url-pattern>/servlet/DisplayChart</url-pattern>
061 * </servlet-mapping>
062 * </xmp>
063 */
064public class DisplayChart extends HttpServlet {
065
066    /**
067     * Default constructor.
068     */
069    public DisplayChart() {
070        super();
071    }
072
073    /**
074     * Init method.
075     *
076     * @throws ServletException never.
077     */
078    @Override
079    public void init() throws ServletException {
080        // nothing to do
081    }
082
083    /**
084     * Service method.
085     *
086     * @param request  the request.
087     * @param response  the response.
088     *
089     * @throws ServletException ??.
090     * @throws IOException ??.
091     */
092    @Override
093    public void service(HttpServletRequest request,
094                        HttpServletResponse response)
095            throws ServletException, IOException {
096
097        HttpSession session = request.getSession();
098        String filename = request.getParameter("filename");
099
100        if (filename == null) {
101            throw new ServletException("Parameter 'filename' must be supplied");
102        }
103
104        //  Replace ".." with ""
105        //  This is to prevent access to the rest of the file system
106        filename = ServletUtilities.searchReplace(filename, "..", "");
107
108        //  Check the file exists
109        File file = new File(System.getProperty("java.io.tmpdir"), filename);
110        if (!file.exists()) {
111            throw new ServletException(
112                    "Unable to display the chart with the filename '" 
113                    + filename + "'.");
114        }
115
116        //  Check that the graph being served was created by the current user
117        //  or that it begins with "public"
118        boolean isChartInUserList = false;
119        ChartDeleter chartDeleter = (ChartDeleter) session.getAttribute(
120                "JFreeChart_Deleter");
121        if (chartDeleter != null) {
122            isChartInUserList = chartDeleter.isChartAvailable(filename);
123        }
124
125        boolean isChartPublic = false;
126        if (filename.length() >= 6) {
127            if (filename.startsWith("public")) {
128                isChartPublic = true;
129            }
130        }
131
132        boolean isOneTimeChart = false;
133        if (filename.startsWith(ServletUtilities.getTempOneTimeFilePrefix())) {
134            isOneTimeChart = true;
135        }
136
137        if (isChartInUserList || isChartPublic || isOneTimeChart) {
138            //  Serve it up
139            ServletUtilities.sendTempFile(file, response);
140            if (isOneTimeChart) {
141                file.delete();
142            }
143        }
144        else {
145            throw new ServletException("Chart image not found");
146        }
147    }
148
149}