Source code

001/* ======================================================
002 * JFreeChart : a chart library for the Java(tm) platform
003 * ======================================================
004 *
005 * (C) Copyright 2000-present, by David Gilbert and Contributors.
006 *
007 * Project Info:  https://www.jfree.org/jfreechart/index.html
008 *
009 * This library is free software; you can redistribute it and/or modify it
010 * under the terms of the GNU Lesser General Public License as published by
011 * the Free Software Foundation; either version 2.1 of the License, or
012 * (at your option) any later version.
013 *
014 * This library is distributed in the hope that it will be useful, but
015 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
016 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
017 * License for more details.
018 *
019 * You should have received a copy of the GNU Lesser General Public
020 * License along with this library; if not, write to the Free Software
021 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
022 * USA.
023 *
024 * [Oracle and Java are registered trademarks of Oracle and/or its affiliates. 
025 * Other names may be trademarks of their respective owners.]
026 *
027 * -----------------
028 * DisplayChart.java
029 * -----------------
030 * (C) Copyright 2002-present, by Richard Atkinson and Contributors.
031 *
032 * Original Author:  Richard Atkinson;
033 * Contributor(s):   David Gilbert;
034 * 
035 */
036
037package org.jfree.chart.servlet;
038
039import java.io.File;
040import java.io.IOException;
041
042import javax.servlet.ServletException;
043import javax.servlet.http.HttpServlet;
044import javax.servlet.http.HttpServletRequest;
045import javax.servlet.http.HttpServletResponse;
046import javax.servlet.http.HttpSession;
047
048/**
049 * Servlet used for streaming charts to the client browser from the temporary
050 * directory.  You need to add this servlet and mapping to your deployment
051 * descriptor (web.xml) in order to get it to work.  The syntax is as follows:
052 * <p>
053 * &lt;xmp&gt;
054 * &lt;servlet&gt;
055 *    &lt;servlet-name&gt;DisplayChart&lt;/servlet-name&gt;
056 *    &lt;servlet-class&gt;org.jfree.chart.servlet.DisplayChart&lt;/servlet-class&gt;
057 * &lt;/servlet&gt;
058 * &lt;servlet-mapping&gt;
059 *     &lt;servlet-name&gt;DisplayChart&lt;/servlet-name&gt;
060 *     &lt;url-pattern&gt;/servlet/DisplayChart&lt;/url-pattern&gt;
061 * &lt;/servlet-mapping&gt;
062 * &lt;/xmp&gt;
063 *
064 * @deprecated To be removed in JFreeChart 2.0
065 */
066public class DisplayChart extends HttpServlet {
067
068    /**
069     * Default constructor.
070     */
071    public DisplayChart() {
072        super();
073    }
074
075    /**
076     * Init method.
077     *
078     * @throws ServletException never.
079     */
080    @Override
081    public void init() throws ServletException {
082        // nothing to do
083    }
084
085    /**
086     * Service method.
087     *
088     * @param request  the request.
089     * @param response  the response.
090     *
091     * @throws ServletException ??.
092     * @throws IOException ??.
093     */
094    @Override
095    public void service(HttpServletRequest request,
096                        HttpServletResponse response)
097            throws ServletException, IOException {
098
099        HttpSession session = request.getSession();
100        String filename = request.getParameter("filename");
101
102        if (filename == null) {
103            throw new ServletException("Parameter 'filename' must be supplied");
104        }
105
106        //  Replace ".." with ""
107        //  This is to prevent access to the rest of the file system
108        filename = ServletUtilities.searchReplace(filename, "..", "");
109
110        //  Check the file exists
111        File file = new File(System.getProperty("java.io.tmpdir"), filename);
112        if (!file.exists()) {
113            throw new ServletException(
114                    "Unable to display the chart with the filename '" 
115                    + filename + "'.");
116        }
117
118        //  Check that the graph being served was created by the current user
119        //  or that it begins with "public"
120        boolean isChartInUserList = false;
121        ChartDeleter chartDeleter = (ChartDeleter) session.getAttribute(
122                "JFreeChart_Deleter");
123        if (chartDeleter != null) {
124            isChartInUserList = chartDeleter.isChartAvailable(filename);
125        }
126
127        boolean isChartPublic = false;
128        if (filename.length() >= 6) {
129            if (filename.startsWith("public")) {
130                isChartPublic = true;
131            }
132        }
133
134        boolean isOneTimeChart = false;
135        if (filename.startsWith(ServletUtilities.getTempOneTimeFilePrefix())) {
136            isOneTimeChart = true;
137        }
138
139        if (isChartInUserList || isChartPublic || isOneTimeChart) {
140            //  Serve it up
141            ServletUtilities.sendTempFile(file, response);
142            if (isOneTimeChart) {
143                file.delete();
144            }
145        }
146        else {
147            throw new ServletException("Chart image not found");
148        }
149    }
150
151}