/** * @param request * @param tableCategoryId * @paqram includeAction if true, will load webactions also * @return elements are Table or WebAction */ public List getChildrenOfTableCategory( HttpServletRequest request, int tableCategoryId, boolean includeAction) { TableManager manager = TableManager.getInstance(); WebAction action; ArrayList cats = new ArrayList(); Connection conn = null; HashMap webActionEnv = null; Table table; UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); TableCategory tc = manager.getTableCategory(tableCategoryId); List children = tc.children(); ArrayList catschild = new ArrayList(); try { if (includeAction) { conn = QueryEngine.getInstance().getConnection(); webActionEnv = new HashMap(); webActionEnv.put("connection", conn); webActionEnv.put("httpservletrequest", request); webActionEnv.put("userweb", userWeb); } for (int j = 0; j < children.size(); j++) { if (children.get(j) instanceof Table) { table = (Table) children.get(j); if (!table.isMenuObject()) { continue; } try { WebUtils.checkTableQueryPermission(table.getName(), request); } catch (NDSSecurityException e) { continue; } // table is ok for current user to list catschild.add(table); } else if (children.get(j) instanceof WebAction) { if (includeAction) { action = (WebAction) children.get(j); if (action.canDisplay(webActionEnv)) catschild.add(action); } } else { throw new NDSRuntimeException( "Unsupported element in TableCategory children:" + children.get(j).getClass()); } } } catch (Throwable t) { logger.error("Fail to load subsystem tree", t); } finally { try { if (conn != null) conn.close(); } catch (Throwable e) { } } return catschild; }
private void handleSignupPost(Request request, HttpServletResponse httpServletResponse) throws Exception { String userId = request.getParameter(PARAM_USER_ID); String userName = request.getParameter(PARAM_USER_NAME); String email = request.getParameter(PARAM_EMAIL); String stringPassword = request.getParameter(PARAM_PASSWORD); String stringPasswordConfirm = request.getParameter(PARAM_PASSWORD_CONFIRM); if (!stringPassword.equals(stringPasswordConfirm)) { WebUtils.redirectToError( "Mismatch between password and password confirmation", request, httpServletResponse); return; } SecureRandom secureRandom = new SecureRandom(); String salt = "" + secureRandom.nextLong(); byte[] password = User.computeHashedPassword(stringPassword, salt); User user = userDb.get(userId); if (user != null) { WebUtils.redirectToError( "There already exists a user with the ID " + userId, request, httpServletResponse); return; } user = new User( userId, userName, password, salt, email, new ArrayList<String>(), Config.getConfig().activateAccountsAtCreation, false); // ttt2 add confirmation by email, captcha, ... List<String> fieldErrors = user.checkFields(); if (!fieldErrors.isEmpty()) { StringBuilder bld = new StringBuilder("Invalid values when trying to create user with ID ") .append(userId) .append("<br/>"); for (String s : fieldErrors) { bld.append(s).append("<br/>"); } WebUtils.redirectToError(bld.toString(), request, httpServletResponse); return; } // ttt2 2 clients can add the same userId simultaneously userDb.add(user); httpServletResponse.sendRedirect("/"); }
/** * MU_FAVORITE * * @throws Exception cyl * @param request * @return elements are Table or WebAction and menu list * @paqram includeAction if true?not now */ public List getSubSystemsOfmufavorite(HttpServletRequest request) throws Exception { ArrayList mufavorite = new ArrayList(); TableManager manager = TableManager.getInstance(); // Table table; try { UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); int userid = userWeb.getUserId(); List al = QueryEngine.getInstance() .doQueryList( "select t.ad_table_id,t.fa_menu,t.menu_re,t.IS_REPORT from MU_FAVORITE t where t.ownerid=" + String.valueOf(userid) + " group by t.ad_table_id,t.menu_no,t.fa_menu,t.menu_re,t.IS_REPORT,t.creationdate order by t.menu_no,t.creationdate asc"); logger.debug("MU_FAVORITE size is " + String.valueOf(al.size())); if (al.size() > 0) { for (int i = 0; i < al.size(); i++) { // ArrayList catschild= new ArrayList(); List als = (List) al.get(i); String fa_menu = (String) als.get(1); String menu_re = (String) als.get(2); String isreport = (String) als.get(3); int table_id = Tools.getInt(als.get(0), -1); Table table = manager.getTable(table_id); logger.debug(table.getName()); /* if(!table.isMenuObject()){ continue; //because many table is webaction not ismenuobject }*/ try { WebUtils.checkTableQueryPermission(table.getName(), request); } catch (NDSSecurityException e) { continue; } logger.debug("add_table ->" + table.getName()); ArrayList row = new ArrayList(); row.add(fa_menu); row.add(menu_re); row.add(isreport); row.add(table); mufavorite.add(row); } } } catch (Throwable t) { logger.error("Fail to load mufavorite", t); } return mufavorite; }
private void handleChangePasswordPost(Request request, HttpServletResponse httpServletResponse) throws Exception { LoginInfo loginInfo = userHelpers.getLoginInfo(request); if (loginInfo == null) { WebUtils.redirectToError("Couldn't determine the current user", request, httpServletResponse); return; } String userId = loginInfo.userId; String stringCrtPassword = request.getParameter(PARAM_CURRENT_PASSWORD); String stringNewPassword = request.getParameter(PARAM_PASSWORD); String stringNewPasswordConfirm = request.getParameter(PARAM_PASSWORD_CONFIRM); if (!stringNewPassword.equals(stringNewPasswordConfirm)) { showResult( "Mismatch between password and password confirmation", PATH_SETTINGS, request, httpServletResponse); return; } User user = userDb.get( userId); // ttt1 crashes for wrong ID; 2013.07.20 - no longer have an idea what this is // about if (user == null) { WebUtils.redirectToError("Couldn't find the current user", request, httpServletResponse); return; } if (!user.checkPassword(stringCrtPassword)) { showResult("Incorrect current password", PATH_SETTINGS, request, httpServletResponse); return; } SecureRandom secureRandom = new SecureRandom(); String salt = "" + secureRandom.nextLong(); byte[] password = User.computeHashedPassword(stringNewPassword, salt); user.salt = salt; user.password = password; // ttt3 2 clients can change the password simultaneously userDb.add(user); // httpServletResponse.sendRedirect(PATH_SETTINGS); showResult("Password changed", PATH_SETTINGS, request, httpServletResponse); }
/** * @param request * @param subSystemId * @return */ private boolean containsViewableActions(HttpServletRequest request, SubSystem ss) { List<WebAction> list = ss.getWebActions(); Connection conn = null; try { UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); conn = QueryEngine.getInstance().getConnection(); HashMap webActionEnv = new HashMap(); webActionEnv.put("connection", conn); webActionEnv.put("httpservletrequest", request); webActionEnv.put("userweb", userWeb); for (int i = 0; i < list.size(); i++) { WebAction wa = list.get(i); if (wa.canDisplay(webActionEnv)) { return true; } } } catch (Throwable t) { logger.error("Fail to load subsystem webaction", t); } finally { try { if (conn != null) conn.close(); } catch (Throwable te) { } } return false; }
private void handleChangeSettingsPost(Request request, HttpServletResponse httpServletResponse) throws Exception { LoginInfo loginInfo = userHelpers.getLoginInfo(request); if (loginInfo == null) { WebUtils.redirectToError("Couldn't determine the current user", request, httpServletResponse); return; } String stringItemsPerPage = request.getParameter(PARAM_ITEMS_PER_PAGE); try { loginInfo.itemsPerPage = Integer.parseInt(stringItemsPerPage); } catch (Exception e) { showResult( "Error trying to set the items per page. Expected integer value but got " + stringItemsPerPage, PATH_SETTINGS, request, httpServletResponse); return; } loginInfo.style = request.getParameter(PARAM_STYLE); loginInfo.feedDateFormat = request.getParameter(PARAM_FEED_DATE_FORMAT); // ttt2 validate, better in JSP loginInfoDb.add(loginInfo); // httpServletResponse.sendRedirect(PATH_SETTINGS); showResult("Settings changed", "/", request, httpServletResponse); }
private void handleOpenArticle( Request request, HttpServletResponse httpServletResponse, String target) throws Exception { try { int k1 = target.indexOf('/', 1); int k2 = target.indexOf('/', k1 + 1); String feedId = target.substring(k1 + 1, k2); String strSeq = target.substring(k2 + 1); int seq = Integer.parseInt(strSeq); Article article = articleDb.get(feedId, seq); LoginInfo loginInfo = userHelpers.getLoginInfo(request); // ttt2 using the link from a non-authenticated browser causes a NPE; maybe do something // better, e.g. sign up ReadArticlesColl readArticlesColl = readArticlesCollDb.get(loginInfo.userId, feedId); if (readArticlesColl == null) { readArticlesColl = new ReadArticlesColl(loginInfo.userId, feedId); } if (!readArticlesColl.isRead(seq)) { readArticlesColl.markRead(seq, Config.getConfig().maxSizeForReadArticles); readArticlesCollDb.add(readArticlesColl); } String s = URIUtil.encodePath(article.url) .replace("%3F", "?") .replace("%23", "#"); // ttt2 see how to do this right httpServletResponse.sendRedirect(s); } catch (Exception e) { WebUtils.showResult( String.format("Failed to get article for path %s. %s", target, e), "/", request, httpServletResponse); } }
/** * Get viewable subsystem list * * @param request * @return never null, elements are nds.schema.SubSystem */ public List getSubSystems(HttpServletRequest request) { UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); ArrayList subs = new ArrayList(); if (userWeb.getUserId() == userWeb.GUEST_ID) { return subs; } List al = (List) userWeb.getProperty("subsystems"); // elements are subystem.id TableManager manager = TableManager.getInstance(); if (al != null) { for (int i = 0; i < al.size(); i++) { int sid = ((Integer) al.get(i)).intValue(); SubSystem ss = manager.getSubSystem(sid); if (ss != null) subs.add(ss); } } else { // search all tablecategoris for subsystem // add users subsystems param al = new ArrayList(); String[] sub_list; try { String subsystems = (String) QueryEngine.getInstance() .doQueryOne("SELECT subsystems from users where id=" + userWeb.getUserId()); if (Validator.isNotNull(subsystems)) { sub_list = subsystems.split(","); for (int m = 0; m < sub_list.length; m++) { SubSystem usersub = manager.getSubSystem(sub_list[m].trim()); if (usersub != null) { if (usersub.getId() == 10) continue; al.add(new Integer(usersub.getId())); subs.add(usersub); } } userWeb.setProperty("subsystems", al); return subs; } } catch (QueryException e) { logger.error("Fail to load subsystems from users", e); } for (int i = 0; i < manager.getSubSystems().size(); i++) { SubSystem ss = (SubSystem) manager.getSubSystems().get(i); if (containsViewableChildren(request, ss)) { al.add(new Integer(ss.getId())); subs.add(ss); } } userWeb.setProperty("subsystems", al); } return subs; }
/** * Return table categories and table that user has view permission * * @param request * @param subSystemId * @return never null, elements are List, containing 2 elements: 1)when first element is * nds.schema.TableCategory, then second will be java.util.List (nds.schema.Table or * nds.schema.WebAction) 2) when first element is nds.schema.WebAction, then second is null */ public List getTableCategories( HttpServletRequest request, int subSystemId, boolean includeActions) { // Create categories and their tables in hashtable TableManager manager = TableManager.getInstance(); // Iterator tables = manager.getAllTables().iterator(); // Hashtable categories = new Hashtable(50,20); // key:Integer(category id), values :List of // table SubSystem ss; Integer tableCategoryId; Table table; WebAction action; ArrayList cats = new ArrayList(); Connection conn = null; HashMap webActionEnv = null; try { UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); if (includeActions) { conn = QueryEngine.getInstance().getConnection(); webActionEnv = new HashMap(); webActionEnv.put("connection", conn); webActionEnv.put("httpservletrequest", request); webActionEnv.put("userweb", userWeb); } List categories = manager.getSubSystem(subSystemId).children(); for (int i = 0; i < categories.size(); i++) { Object o = categories.get(i); // TableCategory or WebAction if (o instanceof TableCategory) { TableCategory tc = (TableCategory) o; List children = tc.children(); ArrayList catschild = new ArrayList(); for (int j = 0; j < children.size(); j++) { if (children.get(j) instanceof Table) { table = (Table) children.get(j); if (!table.isMenuObject()) { continue; } try { WebUtils.checkTableQueryPermission(table.getName(), request); } catch (NDSSecurityException e) { continue; } // table is ok for current user to list catschild.add(table); } else if (children.get(j) instanceof WebAction) { if (includeActions) { action = (WebAction) children.get(j); if (action.canDisplay(webActionEnv)) catschild.add(action); } } else { throw new NDSRuntimeException( "Unsupported element in TableCategory children:" + children.get(j).getClass()); } } if (catschild.size() > 0) { // show this category ArrayList row = new ArrayList(); row.add(tc); row.add(catschild); cats.add(row); } } else if (o instanceof WebAction) { if (includeActions && ((WebAction) o).canDisplay(webActionEnv)) { ArrayList row = new ArrayList(); row.add(o); row.add(Collections.EMPTY_LIST); cats.add(row); } } else { throw new NDSException( "Unexpected class in subsystem (id=" + subSystemId + "), class is " + o.getClass()); } } } catch (Throwable t) { logger.error("Fail to load subsystem tree", t); } finally { try { if (conn != null) conn.close(); } catch (Throwable e) { } } return cats; }
/** * menu action * * @throws Exception cyl * @param request * @param tableCategoryId desgin menu list * @paqram includeAction if true, will load webactions also * @return elements are Table or WebAction and menu list */ public List getChildrenOfTableCategorybymenu( HttpServletRequest request, int tableCategoryId, boolean includeAction) throws Exception { TableManager manager = TableManager.getInstance(); WebAction action; ArrayList cats = new ArrayList(); List children = new ArrayList(); Connection conn = null; HashMap webActionEnv = null; Table table; List al = QueryEngine.getInstance() .doQueryList( "select e.id,e.name from ad_table g,AD_ACCORDION e where g.AD_ACCORDION_id=e.id and g.ad_tablecategory_id=" + tableCategoryId + " group by e.id,e.name,e.orderno order by e.orderno asc"); UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); TableCategory tc = manager.getTableCategory(tableCategoryId); if (tc != null) children = tc.children(); // ArrayList prow= new ArrayList(); if (al.size() > 0) { for (int i = 0; i < al.size(); i++) { List als = (List) al.get(i); int ACCORDION = Tools.getInt(als.get(0), -1); logger.debug("ACCORDION~~~~~~~~~~" + String.valueOf(ACCORDION)); ArrayList catschild = new ArrayList(); String ACCORDION_name = (String) als.get(1); try { if (includeAction) { conn = QueryEngine.getInstance().getConnection(); webActionEnv = new HashMap(); webActionEnv.put("connection", conn); webActionEnv.put("httpservletrequest", request); webActionEnv.put("userweb", userWeb); } for (int j = 0; j < children.size(); j++) { if (children.get(j) instanceof Table) { table = (Table) children.get(j); // logger.debug("getAccordid~~~~~~~~~~"+String.valueOf(table.getAccordid())); if (!table.isMenuObject()) { continue; } else if (ACCORDION != table.getAccordid()) { // logger.debug(String.valueOf(ACCORDION)+"!="+String.valueOf(table.getAccordid())); continue; } try { WebUtils.checkTableQueryPermission(table.getName(), request); } catch (NDSSecurityException e) { continue; } // table is ok for current user to list logger.debug(String.valueOf(ACCORDION) + "&&" + String.valueOf(table.getAccordid())); catschild.add(table); } else if (children.get(j) instanceof WebAction) { if (includeAction) { action = (WebAction) children.get(j); if (action.canDisplay(webActionEnv) && (action.getAcordionId() == ACCORDION)) { logger.debug("add action" + String.valueOf(ACCORDION)); // System.out.print("add action"+String.valueOf(ACCORDION)); // System.out.print("action name"+String.valueOf(action.getName())); // System.out.print("ACCORDION name"+String.valueOf(ACCORDION)); // System.out.print("action // name"+String.valueOf(action.getAcordionId())); catschild.add(action); } } } else { throw new NDSRuntimeException( "Unsupported element in TableCategory children:" + children.get(j).getClass()); } } } catch (Throwable t) { logger.error("Fail to load subsystem tree", t); } finally { try { if (conn != null) conn.close(); } catch (Throwable e) { } } if (catschild.size() > 0) { // show this category ArrayList row = new ArrayList(); row.add(ACCORDION_name); row.add(catschild); cats.add(row); } } return cats; } else { ArrayList catschild1 = new ArrayList(); try { if (includeAction) { conn = QueryEngine.getInstance().getConnection(); webActionEnv = new HashMap(); webActionEnv.put("connection", conn); webActionEnv.put("httpservletrequest", request); webActionEnv.put("userweb", userWeb); } for (int j = 0; j < children.size(); j++) { if (children.get(j) instanceof Table) { table = (Table) children.get(j); if (!table.isMenuObject()) { continue; } try { WebUtils.checkTableQueryPermission(table.getName(), request); } catch (NDSSecurityException e) { continue; } // table is ok for current user to list catschild1.add(table); } else if (children.get(j) instanceof WebAction) { if (includeAction) { action = (WebAction) children.get(j); if (action.canDisplay(webActionEnv)) catschild1.add(action); } } else { throw new NDSRuntimeException( "Unsupported element in TableCategory children:" + children.get(j).getClass()); } } } catch (Throwable t) { logger.error("Fail to load subsystem tree", t); } finally { try { if (conn != null) conn.close(); } catch (Throwable e) { } } if (catschild1.size() > 0) { // show this category ArrayList row = new ArrayList(); row.add(tc.getName()); row.add(catschild1); cats.add(row); } } return cats; }
/** * @param request * @param permissionType PERMISSION_VIEWABLE, PERMISSION_NO_PERM or PERMISSION_NO_LICENSE * @return never null, elements are nds.schema.SubSystem */ public List<SubSystem> getSubSystems(HttpServletRequest request, int permissionType) throws Exception { if (permissionType == PERMISSION_VIEWABLE) return getSubSystems(request); UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); String subsystems = (String) QueryEngine.getInstance() .doQueryOne("SELECT subsystems from users where id=" + userWeb.getUserId()); if (Validator.isNotNull(subsystems)) { return Collections.EMPTY_LIST; } TableManager manager = TableManager.getInstance(); if (permissionType == PERMISSION_NO_PERM) { ArrayList subs = new ArrayList(); List al = (List) userWeb.getProperty("subsystems"); // elements are subystem.id if (al == null) { getSubSystems(request); al = (List) userWeb.getProperty("subsystems"); } // no perm List ss = manager.getSubSystems(); for (int i = 0; i < ss.size(); i++) { SubSystem sa = (SubSystem) ss.get(i); boolean found = false; for (int j = 0; j < al.size(); j++) { if (((Integer) al.get(j)).intValue() == sa.getId()) { found = true; break; } } if (!found) subs.add(sa); } return subs; } // else{ // no license if (subSystemNoLicense == null) { subSystemNoLicense = new ArrayList<SubSystem>(); List al = QueryEngine.getInstance() .doQueryList( "select id, name, orderno, iconurl,url from ad_subsystem s where exists(select 1 from ad_tablecategory c where c.ad_subsystem_id=s.id) order by orderno asc"); for (int i = 0; i < al.size(); i++) { List als = (List) al.get(i); if (manager.getSubSystem(Tools.getInt(als.get(0), -1)) == null) { SubSystem ss = new SubSystem(); ss.setId(Tools.getInt(als.get(0), -1)); ss.setName((String) als.get(1)); ss.setOrderno(Tools.getInt(als.get(2), -1)); ss.setIconURL((String) als.get(3)); ss.setPageURL((String) als.get(4)); subSystemNoLicense.add(ss); } } } return subSystemNoLicense; // } }
/** * 事实表和关联报表属于当前传入数组的交叉报表 * * @param request * @param tables elements are table.id * @return elements are ArrayList, first is cxtab id, second is cxtab name */ public List getCxtabs(HttpServletRequest request, List<Integer> tables) { TableManager manager = TableManager.getInstance(); UserWebImpl userWeb = ((UserWebImpl) WebUtils.getSessionContextManager(request.getSession()) .getActor(nds.util.WebKeys.USER)); StringBuffer sb = new StringBuffer(); for (int i = 0; i < tables.size(); i++) { // Table t= tables.get(i); if (i > 0) sb.append(","); sb.append(tables.get(i)); } String ts = sb.toString(); try { Table cxtabTable = manager.getTable("AD_CXTAB"); QueryRequestImpl queryData; // only pk,dk will be selected, order by ak asc queryData = QueryEngine.getInstance().createRequest(userWeb.getSession()); queryData.setMainTable(cxtabTable.getId()); queryData.addSelection(cxtabTable.getPrimaryKey().getId()); queryData.addSelection(cxtabTable.getDisplayKey().getId()); Column colOrderNo = cxtabTable.getColumn("orderno"); queryData.setOrderBy(new int[] {colOrderNo.getId()}, true); queryData.setRange(0, Integer.MAX_VALUE); Expression expr = new Expression( null, "(AD_CXTAB.AD_TABLE_ID in (" + ts + ") or exists (select 1 from ad_cxtab_reftable r where r.ad_cxtab_id=AD_CXTAB.id and r.ad_table_id in (" + ts + ")))", null); // set reporttype to "S" expr = expr.combine( new Expression(new ColumnLink("AD_CXTAB.REPORTTYPE"), "=S", null), SQLCombination.SQL_AND, null); expr = expr.combine( new Expression(new ColumnLink("AD_CXTAB.ISACTIVE"), "=Y", null), SQLCombination.SQL_AND, null); expr = expr.combine( new Expression(new ColumnLink("AD_CXTAB.ISPUBLIC"), "=Y", null), SQLCombination.SQL_AND, null); expr = expr.combine( userWeb.getSecurityFilter(cxtabTable.getName(), 1), SQLCombination.SQL_AND, null); queryData.addParam(expr); // read permission return QueryEngine.getInstance().doQueryList(queryData.toSQL()); } catch (Throwable t) { logger.error( "Fail to load reports for user " + userWeb.getUserId() + " with table ids: " + ts, t); } return Collections.EMPTY_LIST; }
private void handleLoginPost( Request request, HttpServletResponse httpServletResponse, boolean secured) throws Exception { String userId = request.getParameter(PARAM_USER_ID); String password = request.getParameter(PARAM_PASSWORD); String rememberAccountStr = request.getParameter(PARAM_REMEMBER_ACCOUNT); boolean rememberAccount = Boolean.parseBoolean(rememberAccountStr); LoginInfo.SessionInfo sessionInfo = UserHelpers.getSessionInfo(request); logOut(sessionInfo.browserId); User user = userDb.get(userId); if (user == null) { WebUtils.redirectToError("User " + userId + " not found", request, httpServletResponse); return; } if (!user.checkPassword(password)) { WebUtils.redirectToError("Invalid password", request, httpServletResponse); return; } if (!user.active) { WebUtils.redirectToError( "Account for User " + userId + " needs to be activated", request, httpServletResponse); return; } LOG.info("Logged in user " + userId); sessionInfo.sessionId = null; if (sessionInfo.browserId == null) { sessionInfo.browserId = getRandomId(); } else { for (LoginInfo loginInfo : loginInfoDb.getLoginsForBrowser(sessionInfo.browserId)) { if (userId.equals(loginInfo.userId)) { sessionInfo.sessionId = loginInfo.sessionId; break; } } } long expireOn = System.currentTimeMillis() + Config.getConfig().loginExpireInterval; if (sessionInfo.sessionId == null) { sessionInfo.sessionId = getRandomId(); Config config = Config.getConfig(); loginInfoDb.add( new LoginInfo( sessionInfo.browserId, sessionInfo.sessionId, userId, expireOn, rememberAccount, config.defaultStyle, config.defaultItemsPerPage, config.defaultFeedDateFormat)); LOG.info(String.format("Logging in in a new session. User: %s", user)); } else { loginInfoDb.updateExpireTime(sessionInfo.browserId, sessionInfo.sessionId, expireOn); LOG.info(String.format("Logging in in an existing session. User: %s", user)); } WebUtils.saveCookies( httpServletResponse, secured, sessionInfo.browserId, sessionInfo.sessionId); httpServletResponse.sendRedirect("/"); }
/** * Normally sets the path and a few attributes that the JSPs are likely to need. Also verifies the * login information. If necessary, just redirects to the login page. * * @param target * @param request * @param httpServletResponse * @param secured * @return true if the request is already handled so the .jsp shouldn't get called * @throws Exception */ private boolean prepareForJspGet( String target, Request request, HttpServletResponse httpServletResponse, boolean secured) throws Exception { LoginInfo.SessionInfo sessionInfo = UserHelpers.getSessionInfo(request); LOG.info( String.format( "hndl - %s ; %s; %s ; %s", target, request.getPathInfo(), request.getMethod(), secured ? "secured" : "not secured")); String path = request.getUri().getDecodedPath(); boolean redirectToLogin = path.equals(PATH_LOGOUT); LoginInfo loginInfo = null; if (sessionInfo.isNull()) { redirectToLogin = true; LOG.info("Null session info. Logging in again."); } else { loginInfo = loginInfoDb.get( sessionInfo.browserId, sessionInfo.sessionId); // ttt2 use a cache, to avoid going to DB if (loginInfo == null || loginInfo.expiresOn < System.currentTimeMillis()) { LOG.info("Session has expired. Logging in again. Info: " + loginInfo); redirectToLogin = true; } } if (!path.equals(PATH_LOGIN) && !path.equals(PATH_SIGNUP) && !path.equals(PATH_ERROR)) { if (redirectToLogin) { // ttt2 perhaps store URI, to return to it after login logOut(sessionInfo.browserId); addLoginParams(request, loginInfo); httpServletResponse.sendRedirect(PATH_LOGIN); return true; } User user = userDb.get(loginInfo.userId); if (user == null) { WebUtils.redirectToError("Unknown user", request, httpServletResponse); return true; } if (!user.active) { WebUtils.redirectToError("Account is not active", request, httpServletResponse); return true; } request.setAttribute(VAR_FEED_DB, feedDb); request.setAttribute(VAR_USER_DB, userDb); request.setAttribute(VAR_ARTICLE_DB, articleDb); request.setAttribute(VAR_READ_ARTICLES_COLL_DB, readArticlesCollDb); request.setAttribute(VAR_USER, user); request.setAttribute(VAR_LOGIN_INFO, loginInfo); MultiMap<String> params = new MultiMap<>(); params.put(PARAM_PATH, path); request.setParameters(params); } if (path.equals(PATH_LOGIN)) { addLoginParams(request, loginInfo); } return false; }