Commit 8311d114 authored by Matija Obreza's avatar Matija Obreza

Fix: Repository download cache header set to public/private

- If file is readable by ROLE_EVERYONE set header to public else to private
parent 264aa6ba
...@@ -25,6 +25,7 @@ import java.util.UUID; ...@@ -25,6 +25,7 @@ import java.util.UUID;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.filerepository.NoSuchRepositoryFileException; import org.genesys.filerepository.NoSuchRepositoryFileException;
import org.genesys.filerepository.model.RepositoryFile; import org.genesys.filerepository.model.RepositoryFile;
import org.genesys.filerepository.service.BytesStorageService; import org.genesys.filerepository.service.BytesStorageService;
...@@ -83,6 +84,14 @@ public class RepositoryDownloadController { ...@@ -83,6 +84,14 @@ public class RepositoryDownloadController {
response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime()); response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum()); response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum());
response.setContentType("image/png");
// Cache for 24hrs
if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) {
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
} else {
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform");
}
} catch (NoSuchRepositoryFileException e) { } catch (NoSuchRepositoryFileException e) {
throw new NotFoundElement("No file for thumb " + name); throw new NotFoundElement("No file for thumb " + name);
...@@ -93,10 +102,6 @@ public class RepositoryDownloadController { ...@@ -93,10 +102,6 @@ public class RepositoryDownloadController {
throw new NotFoundElement("No thumbnail at " + path.resolve(filename)); throw new NotFoundElement("No thumbnail at " + path.resolve(filename));
} }
response.setContentType("image/png");
// Cache for 24hrs
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
} else { } else {
// Regular repository file // Regular repository file
...@@ -114,7 +119,11 @@ public class RepositoryDownloadController { ...@@ -114,7 +119,11 @@ public class RepositoryDownloadController {
data = this.repositoryService.getFileBytes(repositoryFile); data = this.repositoryService.getFileBytes(repositoryFile);
// Cache for 24hrs // Cache for 24hrs
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform"); if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) {
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
} else {
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform");
}
response.setHeader(HttpHeaders.PRAGMA, ""); response.setHeader(HttpHeaders.PRAGMA, "");
response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime()); response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum()); response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum());
......
...@@ -25,6 +25,7 @@ import java.util.UUID; ...@@ -25,6 +25,7 @@ import java.util.UUID;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.filerepository.NoSuchRepositoryFileException; import org.genesys.filerepository.NoSuchRepositoryFileException;
import org.genesys.filerepository.model.RepositoryFile; import org.genesys.filerepository.model.RepositoryFile;
import org.genesys.filerepository.service.BytesStorageService; import org.genesys.filerepository.service.BytesStorageService;
...@@ -78,6 +79,14 @@ public class RepositoryDownloadController extends BaseController { ...@@ -78,6 +79,14 @@ public class RepositoryDownloadController extends BaseController {
response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime()); response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum()); response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum());
response.setContentType("image/png");
// Cache for 24hrs
if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) {
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
} else {
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform");
}
} catch (NoSuchRepositoryFileException e) { } catch (NoSuchRepositoryFileException e) {
throw new NotFoundElement("No file for thumb " + name); throw new NotFoundElement("No file for thumb " + name);
...@@ -88,11 +97,6 @@ public class RepositoryDownloadController extends BaseController { ...@@ -88,11 +97,6 @@ public class RepositoryDownloadController extends BaseController {
throw new NotFoundElement("No thumbnail at " + path.resolve(filename)); throw new NotFoundElement("No thumbnail at " + path.resolve(filename));
} }
response.setContentType("image/png");
// Cache for 24hrs
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
} else { } else {
// Regular repository file // Regular repository file
try { try {
...@@ -109,7 +113,11 @@ public class RepositoryDownloadController extends BaseController { ...@@ -109,7 +113,11 @@ public class RepositoryDownloadController extends BaseController {
data = this.repositoryService.getFileBytes(repositoryFile); data = this.repositoryService.getFileBytes(repositoryFile);
// Cache for 24hrs // Cache for 24hrs
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform"); if (SecurityContextUtil.anyoneHasPermission(repositoryFile, "READ")) {
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, public, no-transform");
} else {
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=86400, s-maxage=86400, private, no-transform");
}
response.setHeader(HttpHeaders.PRAGMA, ""); response.setHeader(HttpHeaders.PRAGMA, "");
response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime()); response.setDateHeader(HttpHeaders.LAST_MODIFIED, repositoryFile.getLastModifiedDate().getTime());
response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum()); response.setHeader(HttpHeaders.ETAG, repositoryFile.getSha1Sum());
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment