001 /* ===========================================================
002 * JFreeChart : a free chart library for the Java(tm) platform
003 * ===========================================================
004 *
005 * (C) Copyright 2000-2007, by Object Refinery Limited and Contributors.
006 *
007 * Project Info: http://www.jfree.org/jfreechart/index.html
008 *
009 * This library is free software; you can redistribute it and/or modify it
010 * under the terms of the GNU Lesser General Public License as published by
011 * the Free Software Foundation; either version 2.1 of the License, or
012 * (at your option) any later version.
013 *
014 * This library is distributed in the hope that it will be useful, but
015 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
016 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
017 * License for more details.
018 *
019 * You should have received a copy of the GNU Lesser General Public
020 * License along with this library; if not, write to the Free Software
021 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
022 * USA.
023 *
024 * [Java is a trademark or registered trademark of Sun Microsystems, Inc.
025 * in the United States and other countries.]
026 *
027 * -----------------
028 * DisplayChart.java
029 * -----------------
030 * (C) Copyright 2002-2007, by Richard Atkinson and Contributors.
031 *
032 * Original Author: Richard Atkinson;
033 * Contributor(s): David Gilbert (for Object Refinery Limited);
034 *
035 * $Id: DisplayChart.java,v 1.2.2.3 2007/02/02 15:03:19 mungady Exp $
036 *
037 * Changes
038 * -------
039 * 19-Aug-2002 : Version 1;
040 * 09-Mar-2005 : Added facility to serve up "one time" charts - see
041 * ServletUtilities.java (DG);
042 * ------------- JFREECHART 1.0.x ---------------------------------------------
043 * 02-Feb-2007 : Removed author tags all over JFreeChart sources (DG);
044 *
045 */
046
047 package org.jfree.chart.servlet;
048
049 import java.io.File;
050 import java.io.IOException;
051
052 import javax.servlet.ServletException;
053 import javax.servlet.http.HttpServlet;
054 import javax.servlet.http.HttpServletRequest;
055 import javax.servlet.http.HttpServletResponse;
056 import javax.servlet.http.HttpSession;
057
058 /**
059 * Servlet used for streaming charts to the client browser from the temporary
060 * directory. You need to add this servlet and mapping to your deployment
061 * descriptor (web.xml) in order to get it to work. The syntax is as follows:
062 * <xmp>
063 * <servlet>
064 * <servlet-name>DisplayChart</servlet-name>
065 * <servlet-class>org.jfree.chart.servlet.DisplayChart</servlet-class>
066 * </servlet>
067 * <servlet-mapping>
068 * <servlet-name>DisplayChart</servlet-name>
069 * <url-pattern>/servlet/DisplayChart</url-pattern>
070 * </servlet-mapping>
071 * </xmp>
072 */
073 public class DisplayChart extends HttpServlet {
074
075 /**
076 * Default constructor.
077 */
078 public DisplayChart() {
079 super();
080 }
081
082 /**
083 * Init method.
084 *
085 * @throws ServletException never.
086 */
087 public void init() throws ServletException {
088 return;
089 }
090
091 /**
092 * Service method.
093 *
094 * @param request the request.
095 * @param response the response.
096 *
097 * @throws ServletException ??.
098 * @throws IOException ??.
099 */
100 public void service(HttpServletRequest request,
101 HttpServletResponse response)
102 throws ServletException, IOException {
103
104 HttpSession session = request.getSession();
105 String filename = request.getParameter("filename");
106
107 if (filename == null) {
108 throw new ServletException("Parameter 'filename' must be supplied");
109 }
110
111 // Replace ".." with ""
112 // This is to prevent access to the rest of the file system
113 filename = ServletUtilities.searchReplace(filename, "..", "");
114
115 // Check the file exists
116 File file = new File(System.getProperty("java.io.tmpdir"), filename);
117 if (!file.exists()) {
118 throw new ServletException("File '" + file.getAbsolutePath()
119 + "' does not exist");
120 }
121
122 // Check that the graph being served was created by the current user
123 // or that it begins with "public"
124 boolean isChartInUserList = false;
125 ChartDeleter chartDeleter = (ChartDeleter) session.getAttribute(
126 "JFreeChart_Deleter");
127 if (chartDeleter != null) {
128 isChartInUserList = chartDeleter.isChartAvailable(filename);
129 }
130
131 boolean isChartPublic = false;
132 if (filename.length() >= 6) {
133 if (filename.substring(0, 6).equals("public")) {
134 isChartPublic = true;
135 }
136 }
137
138 boolean isOneTimeChart = false;
139 if (filename.startsWith(ServletUtilities.getTempOneTimeFilePrefix())) {
140 isOneTimeChart = true;
141 }
142
143 if (isChartInUserList || isChartPublic || isOneTimeChart) {
144 // Serve it up
145 ServletUtilities.sendTempFile(file, response);
146 if (isOneTimeChart) {
147 file.delete();
148 }
149 }
150 else {
151 throw new ServletException("Chart image not found");
152 }
153 return;
154 }
155
156 }