Esempio n. 1
0
 private void redirectToLogin(
     HttpServletRequest request, HttpServletResponse response, VDC currentVDC)
     throws IOException, ServletException {
   String vdcParam = "?redirect=true";
   PageDef loginPage = pageDefService.findByName(PageDefServiceLocal.LOGIN_PAGE);
   if (currentVDC != null) {
     vdcParam += "&vdcId=" + currentVDC.getId();
   }
   response.sendRedirect(request.getContextPath() + "/faces" + loginPage.getPath() + vdcParam);
 }
Esempio n. 2
0
  /**
   * @param request The servlet request we are processing
   * @param result The servlet response we are creating
   * @param chain The filter chain we are processing
   * @exception IOException if an input/output error occurs
   * @exception ServletException if a servlet error occurs
   */
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {

    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    String requestPath = httpRequest.getPathInfo();
    VDC currentVDC = vdcService.getVDCFromRequest(httpRequest);

    if (requestPath != null && requestPath.endsWith(".jsp")) {
      String redirectURL = httpRequest.getContextPath();
      if (currentVDC != null) {
        redirectURL += "/dv/" + currentVDC.getAlias();
      }
      httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
      return;
    }
    PageDef pageDef = pageDefService.findByPath(requestPath);

    // check for invalid study Id or study versionNumber
    // for right now, do this with a sendRedirect, though we should try to figure out a solution
    // with a forward isntead; that way the user can fix the issue in the URL and easily try again
    if (isViewStudyPage(pageDef) || isEditStudyPage(pageDef) || isVersionDiffPage(pageDef)) {
      Long studyId = determineStudyId(pageDef, httpRequest);

      if (isVersionDiffPage(pageDef)) {
        Long[] versionDiffNumbers = VDCRequestBean.parseVersionNumberList(httpRequest);
        if (versionDiffNumbers == null || studyId == null) {
          String redirectURL = httpRequest.getContextPath();
          if (currentVDC != null) {
            redirectURL += "/dv/" + currentVDC.getAlias();
          }
          httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
          return;
        } else {
          try {
            // Get the studyVersions to test that the versionNumbers exist for this study.
            // If they don't exist, an EJBException will be thrown.
            StudyVersion sv1 = studyService.getStudyVersion(studyId, versionDiffNumbers[0]);
            StudyVersion sv2 = studyService.getStudyVersion(studyId, versionDiffNumbers[1]);
          } catch (EJBException e) {
            if (e.getCause() instanceof IllegalArgumentException) {
              String redirectURL = httpRequest.getContextPath();
              if (currentVDC != null) {
                redirectURL += "/dv/" + currentVDC.getAlias();
              }
              httpResponse.sendRedirect(redirectURL + "/faces/IdDoesNotExistPage.xhtml");
              return;
            } else {
              throw e;
            }
          }
        }
      } else if (studyId != null) {
        try {
          String versionNumberParam = httpRequest.getParameter("versionNumber");

          if (versionNumberParam != null) {
            Long versionNumber = new Long(versionNumberParam);
            StudyVersion sv = studyService.getStudyVersion(studyId, versionNumber);

          } else {
            // Get the study to make sure that the studyId exists.
            // If it doesn't exist, and EJBException will be thrown.
            Study study = studyService.getStudy(studyId);
          }
        } catch (EJBException e) {
          if (e.getCause() instanceof IllegalArgumentException) {
            String redirectURL = httpRequest.getContextPath();
            if (currentVDC != null) {
              redirectURL += "/dv/" + currentVDC.getAlias();
            }
            httpResponse.sendRedirect(redirectURL + "/faces/IdDoesNotExistPage.xhtml");
            return;
          } else {
            throw e;
          }
        } catch (NumberFormatException e) {
          String redirectURL = httpRequest.getContextPath();
          if (currentVDC != null) {
            redirectURL += "/dv/" + currentVDC.getAlias();
          }
          httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
          return;
        }
      }
    }

    setOriginalUrl(httpRequest, httpResponse, currentVDC);

    LoginBean loginBean = getLoginBean(request);
    UserGroup ipUserGroup = null;
    if (loginBean == null) {
      ipUserGroup = getIpGroup(httpRequest);
    } else {
      HttpSession session = ((HttpServletRequest) request).getSession(false);
    }

    String loginURI = (String) httpRequest.getSession().getAttribute("LOGIN_REDIRECT");
    if (loginURI != null) {
      httpRequest.getSession().removeAttribute("LOGIN_REDIRECT");
      httpResponse.sendRedirect(loginURI);
    } else {
      boolean authorized = false;
      if (isRolePage(pageDef, httpRequest)) {
        if (isUserAuthorizedForRolePage(pageDef, httpRequest, loginBean)) {
          authorized = true;
        }

      } else if (isUserAuthorizedForNonRolePage(pageDef, httpRequest, loginBean, ipUserGroup)) {
        authorized = true;
      }

      if (!authorized) {
        if (loginBean == null) {
          redirectToLogin(httpRequest, httpResponse, currentVDC);
        } else {
          PageDef redirectPageDef =
              pageDefService.findByName(PageDefServiceLocal.UNAUTHORIZED_PAGE);
          httpResponse.sendRedirect(
              httpRequest.getContextPath() + "/faces" + redirectPageDef.getPath());
        }
      } else {
        if (isCheckLockPage(pageDef) && studyLockedMessage(pageDef, httpRequest) != null) {

          PageDef redirectPageDef = pageDefService.findByName(PageDefServiceLocal.STUDYLOCKED_PAGE);
          httpResponse.sendRedirect(
              httpRequest.getContextPath()
                  + "/faces"
                  + redirectPageDef.getPath()
                  + "?message="
                  + studyLockedMessage(pageDef, httpRequest));
        } else {

          try {
            chain.doFilter(request, response);
          } catch (Throwable t) {
            //
            // If an exception is thrown somewhere down the filter chain,
            // we still want to execute our after processing, and then
            // rethrow the problem after that.
            //

            t.printStackTrace();
          }
        }
      }
    }
  }