@Before(stages = LifecycleStage.EventHandling)
 public void checkAuthorization() {
   if (application == null
       || appLayer == null
       || !Authorizations.isLayerGeomWriteAuthorized(
           layer, context.getRequest(), Stripersist.getEntityManager())) {
     unauthorized = true;
   }
 }
  @DefaultHandler
  public Resolution view() throws JSONException, IOException {
    application = findApplication(name, version);

    if (application == null) {
      getContext()
          .getValidationErrors()
          .addGlobalError(
              new LocalizableError("app.notfound", name + (version != null ? " v" + version : "")));
      return new ForwardResolution("/WEB-INF/jsp/error.jsp");
    }

    RedirectResolution login =
        new RedirectResolution(LoginActionBean.class)
            .addParameter("name", name) // binded parameters not included ?
            .addParameter("version", version)
            .addParameter("debug", debug)
            .includeRequestParameters(true);

    loginUrl = login.getUrl(context.getLocale());

    String username = context.getRequest().getRemoteUser();
    if (application.isAuthenticatedRequired() && username == null) {
      return login;
    }

    if (username != null) {
      user = new JSONObject();
      user.put("name", username);
      JSONObject roles = new JSONObject();
      user.put("roles", roles);
      for (String role : Authorizations.getRoles(context.getRequest())) {
        roles.put(role, Boolean.TRUE);
      }
    }

    buildComponentSourceHTML();

    appConfigJSON = application.toJSON(context.getRequest(), false, false);
    this.viewerType = retrieveViewerType();

    // make hashmap for jsonobject.
    this.globalLayout = new HashMap<String, Object>();
    JSONObject layout = application.getGlobalLayout();
    Iterator<String> keys = layout.keys();
    while (keys.hasNext()) {
      String key = keys.next();
      this.globalLayout.put(key, layout.get(key));
    }
    return new ForwardResolution("/WEB-INF/jsp/app.jsp");
  }
  /**
   * Build a hash key to make the single component source for all components cacheable but
   * updateable when the roles of the user change. This is not meant to be a secure hash, the roles
   * of a user are not secret.
   */
  public static int getRolesCachekey(HttpServletRequest request) {
    Set<String> roles = Authorizations.getRoles(request);

    if (roles.isEmpty()) {
      return 0;
    }

    List<String> sorted = new ArrayList<String>(roles);
    Collections.sort(sorted);

    int hash = 0;
    for (String role : sorted) {
      hash = hash ^ role.hashCode();
    }
    return hash;
  }
  private void buildComponentSourceHTML() throws IOException {

    StringBuilder sb = new StringBuilder();

    // Sort components by classNames, so order is always the same for debugging
    List<ConfiguredComponent> comps =
        new ArrayList<ConfiguredComponent>(application.getComponents());
    Collections.sort(comps);

    if (isDebug()) {

      Set<String> classNamesDone = new HashSet<String>();
      for (ConfiguredComponent cc : comps) {

        if (!Authorizations.isConfiguredComponentAuthorized(cc, context.getRequest())) {
          continue;
        }

        if (!classNamesDone.contains(cc.getClassName())) {
          classNamesDone.add(cc.getClassName());

          if (cc.getViewerComponent() != null && cc.getViewerComponent().getSources() != null) {
            for (File f : cc.getViewerComponent().getSources()) {
              String url =
                  new ForwardResolution(ComponentActionBean.class, "source")
                      .addParameter("app", name)
                      .addParameter("version", version)
                      .addParameter("className", cc.getClassName())
                      .addParameter("file", f.getName())
                      .getUrl(context.getLocale());

              sb.append("        <script type=\"text/javascript\" src=\"");
              sb.append(HtmlUtil.encode(context.getServletContext().getContextPath() + url));
              sb.append("\"></script>\n");
            }
          }
        }
      }
    } else {
      // If not debugging, create a single script tag with all source
      // for all components for the application for a minimal number of HTTP requests

      // The ComponentActionBean supports conditional HTTP requests using
      // Last-Modified.
      // Create a hash value that will change when the classNames used
      // in the application change, so that a browser will not use a
      // previous version from cache with other contents.

      int hash = 0;
      Set<String> classNamesDone = new HashSet<String>();
      for (ConfiguredComponent cc : comps) {
        if (!Authorizations.isConfiguredComponentAuthorized(cc, context.getRequest())) {
          continue;
        }

        if (!classNamesDone.contains(cc.getClassName())) {
          hash = hash ^ cc.getClassName().hashCode();
        } else {
          classNamesDone.add(cc.getClassName());
        }
      }
      if (user != null) {
        // Update component sources when roles of user change
        hash = hash ^ getRolesCachekey(context.getRequest());

        // Update component sources when roles of configured components
        // may have changed
        hash = hash ^ (int) application.getAuthorizationsModified().getTime();
      }

      String url =
          new ForwardResolution(ComponentActionBean.class, "source")
              .addParameter("app", name)
              .addParameter("version", version)
              .addParameter("minified", true)
              .addParameter("hash", hash)
              .getUrl(context.getLocale());

      sb.append("        <script type=\"text/javascript\" src=\"");
      sb.append(HtmlUtil.encode(context.getServletContext().getContextPath() + url));
      sb.append("\"></script>\n");
    }

    componentSourceHTML = sb.toString();
  }