Beispiel #1
0
  public FormRequest create(
      RequestDetails requestDetails,
      Process process,
      ProcessInstance processInstance,
      Task task,
      ActionType actionType,
      FormValidation validation)
      throws StatusCodeError {
    Activity activity = activity(process, processInstance, task);

    // Don't allow anyone to issue a create request for a task that's not open
    if (actionType == ActionType.CREATE
        && task != null
        && task.getTaskStatus() != null
        && !task.getTaskStatus().equals(Constants.TaskStatuses.OPEN)) actionType = ActionType.VIEW;

    FormRequest.Builder formRequestBuilder =
        new FormRequest.Builder()
            .processDefinitionKey(process.getProcessDefinitionKey())
            .instance(processInstance)
            .task(task)
            .activity(activity)
            .action(actionType);

    if (requestDetails != null) {
      String contentType =
          requestDetails.getContentType() != null
              ? requestDetails.getContentType().toString()
              : null;

      formRequestBuilder
          .remoteAddr(requestDetails.getRemoteAddr())
          .remoteHost(requestDetails.getRemoteHost())
          .remotePort(requestDetails.getRemotePort())
          .remoteUser(requestDetails.getRemoteUser())
          .actAsUser(requestDetails.getActAsUser())
          .certificateIssuer(requestDetails.getCertificateIssuer())
          .certificateSubject(requestDetails.getCertificateSubject())
          .contentType(contentType)
          .referrer(requestDetails.getReferrer())
          .userAgent(requestDetails.getUserAgent());

      List<MediaType> acceptableMediaTypes = requestDetails.getAcceptableMediaTypes();
      if (acceptableMediaTypes != null) {
        for (MediaType acceptableMediaType : acceptableMediaTypes) {
          formRequestBuilder.acceptableMediaType(acceptableMediaType.toString());
        }
      }
    }

    if (validation != null) {
      formRequestBuilder.messages(validation.getResults());
    }

    return requestRepository.save(formRequestBuilder.build());
  }
Beispiel #2
0
  public FormRequest handle(RequestDetails request, String requestId) throws StatusCodeError {
    FormRequest formRequest = requestRepository.findOne(requestId);

    if (formRequest == null) {
      return null;
    }

    if (request != null) {
      if (request.getRemoteUser() != null
          && formRequest.getRemoteUser() != null
          && !request.getRemoteUser().equals(formRequest.getRemoteUser())) {
        LOG.error(
            "Wrong user viewing or submitting form: "
                + request.getRemoteUser()
                + " not "
                + formRequest.getRemoteUser());
        throw new ForbiddenError(Constants.ExceptionCodes.user_does_not_match);
      }

      if (request.getRemoteHost() != null
          && formRequest.getRemoteHost() != null
          && !request.getRemoteHost().equals(formRequest.getRemoteHost()))
        LOG.warn(
            "This should not happen -- submission remote host ("
                + request.getRemoteHost()
                + ") does not match request ("
                + formRequest.getRemoteHost()
                + ")");

      if (request.getRemoteAddr() != null
          && formRequest.getRemoteAddr() != null
          && !request.getRemoteAddr().equals(formRequest.getRemoteAddr()))
        LOG.warn(
            "This should not happen -- submission remote address ("
                + request.getRemoteAddr()
                + ") does not match request ("
                + formRequest.getRemoteAddr()
                + ")");

      if (formRequest.getCertificateIssuer() != null
          && formRequest.getCertificateSubject() != null) {
        String certificateIssuer = request.getCertificateIssuer();
        String certificateSubject = request.getCertificateSubject();

        if (StringUtils.isEmpty(certificateIssuer)
            || StringUtils.isEmpty(certificateSubject)
            || !certificateIssuer.equals(formRequest.getCertificateIssuer())
            || !certificateSubject.equals(formRequest.getCertificateSubject())) {
          LOG.error(
              "Wrong certificate submitting form: "
                  + certificateIssuer
                  + ":"
                  + certificateSubject
                  + " not "
                  + formRequest.getCertificateIssuer()
                  + ":"
                  + formRequest.getCertificateSubject());
          throw new ForbiddenError(Constants.ExceptionCodes.certificate_does_not_match);
        }
      }

      if (formRequest.getRequestDate() != null) {
        Hours hours =
            Hours.hoursBetween(new DateTime(formRequest.getRequestDate()), new DateTime());
        int h = hours.getHours();
        if (h > 1) {
          throw new ForbiddenError(Constants.ExceptionCodes.request_expired);
        }
      }
    }

    ProcessInstance instance = formRequest.getInstance();

    if (instance == null
        && StringUtils.isNotEmpty(formRequest.getProcessDefinitionKey())
        && StringUtils.isNotEmpty(formRequest.getProcessInstanceId()))
      instance =
          processInstanceService.read(
              formRequest.getProcessDefinitionKey(), formRequest.getProcessInstanceId(), false);

    FormRequest.Builder builder =
        new FormRequest.Builder(formRequest)
            .instance(instance)
            .task(taskService.read(instance, formRequest.getTaskId()));

    return builder.build();
  }