public String getValue(String fieldName) {
if (fieldName.equals("alertmessages")) {
if (m_appMsg != null && m_appMsg.getMsg() != null) {
return m_appMsg.getMsg().replace('\"', '\'');
} else {
return BLANK;
}
} else if (fieldName.equals("userid")) {
return m_securityUser.m_userId;
}
return super.getValue(fieldName);
}
private Vector<AppMsg> getAllAlertMessages(Connection hrfeConn) {
try {
StringBuffer sql = new StringBuffer();
sql.append("SELECT * FROM " + AppMsg.TABLENAME);
sql.append(" WHERE ")
.append(AppMsg.SYSTEM_NAME)
.append("='")
.append(m_systemName)
.append("'");
sql.append(" ORDER BY ")
.append(AppMsg.EFF_DT)
.append(" DESC, ")
.append(AppMsg.EXP_DT)
.append(" DESC ");
return AppMsg.select(hrfeConn, sql.toString());
} catch (Exception exp) {
exp.printStackTrace();
logError("Exception: " + exp);
return new Vector();
}
}
public ActionRouter perform(
HttpServlet servlet, HttpServletRequest request, HttpServletResponse response)
throws java.io.IOException, javax.servlet.ServletException {
// CSRF refer checking to address AppScan issue.
if (CHECK_FOR_VULNERABILITIES) {
if (hasInvalidReferer(request)) {
// Return 403 Forbidden
response.sendError(403, "Invalid program state.");
return new ActionRouter();
}
}
if (!validateLoginAndPermissions(request, response)) {
return new ActionRouter();
} else if (!hasPermission()) {
response.getWriter().print("You do not have permission to this page.");
return new ActionRouter();
}
// validate request ticket
if (!validateTicket(request)) {
try {
Translator_ErrorHandler errorHandler = Translator_ErrorHandler.getInstance(request);
errorHandler.logError(INVALID_TICKET);
} catch (EnterpriseConfigurationObjectException e) {
e.printStackTrace();
} catch (InstantiationException e) {
e.printStackTrace();
}
return newActionRouter(request, "errorPage", null);
}
logger.debug("[" + APP_NAME + "] " + " ===== Translator_AlertMessages:perform - entering");
dumpRequest(request);
saveState(request);
Connection conn = null;
try {
if (parseString(request, "Edit").length() > 0) {
m_appMsg = new AppMsg();
m_appMsg.setMsg(getState(MSG));
m_appMsg.setEffDt(m_formatter.parse(getState(EFF_DT)));
m_appMsg.setExpDt(m_formatter.parse(getState(EXP_DT)));
m_appMsg.setCreateDt(m_formatter.parse(getState(CREATE_DT)));
m_appMsg.setCreateId(getState(CREATE_ID));
m_appMsg.setSystemName(m_systemName);
} else if (parseString(request, "Cancel").length() > 0) {
m_appMsg = new AppMsg();
m_appMsg.setSystemName(m_systemName);
clearInputFields();
} else if (parseString(request, "View").length() > 0) {
m_appMsg = new AppMsg();
m_appMsg.setMsg(getState(MSG));
m_appMsg.setSystemName(m_systemName);
clearInputFields();
} else if (validateState()) {
conn = getDatabaseConnection();
if (parseString(request, "Delete").length() > 0) {
if (!getState("CREATE_ID").equals(m_securityUser.m_userId)) {
logError("Selected alert message cannot deleted, as it was created by other user");
} else {
StringBuffer sql = new StringBuffer();
sql.append("DELETE FROM ").append(AppMsg.TABLENAME).append(" WHERE ");
sql.append(AppMsg.MSG).append("=? AND ");
sql.append("TO_CHAR(" + AppMsg.EFF_DT + ", 'mm/dd/yyyy')")
.append("='")
.append(getState(EFF_DT))
.append("' AND ");
sql.append("TO_CHAR(" + AppMsg.EXP_DT + ", 'mm/dd/yyyy')")
.append("='")
.append(getState(EXP_DT))
.append("' AND ");
sql.append("TO_CHAR(" + AppMsg.CREATE_DT + ", 'mm/dd/yyyy')")
.append("='")
.append(getState(CREATE_DT))
.append("' AND ");
sql.append(AppMsg.CREATE_ID).append("=? AND ");
sql.append(AppMsg.SYSTEM_NAME).append("=? ");
PreparedStatement pstmt = conn.prepareStatement(sql.toString());
int ind = 1;
pstmt.setString(ind++, getState("MSG"));
pstmt.setString(ind++, getState("CREATE_ID"));
pstmt.setString(ind++, m_systemName);
pstmt.executeUpdate();
}
m_appMsg = new AppMsg();
m_appMsg.setSystemName(m_systemName);
AlertMessages.getAlertMessages(conn, 0);
clearInputFields();
} else if (parseString(request, "Save").length() > 0) {
m_appMsg = new AppMsg();
m_appMsg.setSystemName(m_systemName);
AppMsg appMsgNew = new AppMsg();
Day effDtDay = new Day(m_formatter.parse(getState(EFF_DT)));
Day expDtDay = new Day(m_formatter.parse(getState(EXP_DT)));
if (effDtDay.isAfter(expDtDay)) {
logError("EXPIRY DATE should be greater than EFFECTIVE DATE");
} else if (getState(MSG).trim().equals(BLANK)) {
logError("MESSAGE cannot be empty");
} else if (getState(MSG).trim().indexOf("'") != -1
|| getState(MSG).trim().indexOf("â") != -1
|| getState(MSG).trim().indexOf("€") != -1
|| getState(MSG).trim().indexOf("™") != -1) {
logError("MESSAGE has invalid character");
} else if (AppMsg.doesExist(
conn,
getState(MSG),
m_formatter.parse(getState(EFF_DT)),
m_formatter.parse(getState(EXP_DT)),
new Date(),
m_securityUser.m_userId,
m_systemName)) {
logError("The given data already exists in database.");
} else {
appMsgNew.setMsg(getState(MSG));
appMsgNew.setEffDt(m_formatter.parse(getState(EFF_DT)));
appMsgNew.setExpDt(m_formatter.parse(getState(EXP_DT)));
appMsgNew.setCreateDt(new Date());
appMsgNew.setCreateId(m_securityUser.m_userId);
appMsgNew.setSystemName(m_systemName);
handleDBWrapperError(appMsgNew, appMsgNew.create(conn));
if (getErrors().size() == 0) {
AlertMessages.getAlertMessages(conn, 0);
clearInputFields();
}
}
} else if (parseString(request, "Update").length() > 0) {
Day effDtDay = new Day(m_formatter.parse(getState(EFF_DT)));
Day expDtDay = new Day(m_formatter.parse(getState(EXP_DT)));
if (effDtDay.isAfter(expDtDay)) {
logError("EXPIRY DATE should be greater than EFFECTIVE DATE");
} else if (m_appMsg.getMsg() != null
&& m_appMsg.getEffDt() != null
&& m_appMsg.getExpDt() != null
&& m_appMsg.getCreateDt() != null
&& m_appMsg.getCreateId() != null) {
if (getState(MSG).trim().equals(BLANK)) {
logError("MESSAGE cannot be empty");
} else if (getState(MSG).trim().indexOf("'") != -1
|| getState(MSG).trim().indexOf("â") != -1
|| getState(MSG).trim().indexOf("€") != -1
|| getState(MSG).trim().indexOf("™") != -1) {
logError("MESSAGE has invalid character");
} else if (getState(MSG).equals(m_appMsg.getMsg())
&& m_formatter.parse(getState(EFF_DT)).equals(m_appMsg.getEffDt())
&& m_formatter.parse(getState(EXP_DT)).equals(m_appMsg.getExpDt())
&& m_formatter.parse(getState(CREATE_DT)).equals(m_appMsg.getCreateDt())
&& m_securityUser.m_userId.equals(m_appMsg.getCreateId())) {
m_appMsg = new AppMsg();
clearInputFields();
} else if (AppMsg.doesExist(
conn,
getState(MSG),
m_formatter.parse(getState(EFF_DT)),
m_formatter.parse(getState(EXP_DT)),
new Date(),
m_securityUser.m_userId,
m_systemName)) {
logError("The given data already exists in database.");
} else {
StringBuffer sql = new StringBuffer();
sql.append("UPDATE ").append(AppMsg.TABLENAME);
sql.append(" SET ").append(AppMsg.MSG).append("=?, ");
sql.append(AppMsg.EFF_DT).append("=?, ");
sql.append(AppMsg.EXP_DT).append("=?, ");
sql.append(AppMsg.CREATE_DT).append("=?, ");
sql.append(AppMsg.CREATE_ID).append("=? ");
sql.append(" WHERE ");
sql.append(AppMsg.MSG).append("=? AND ");
sql.append("TO_CHAR(" + AppMsg.EFF_DT + ", 'mm/dd/yyyy')")
.append("='")
.append(m_formatter.format(m_appMsg.getEffDt()))
.append("' AND ");
sql.append("TO_CHAR(" + AppMsg.EXP_DT + ", 'mm/dd/yyyy')")
.append("='")
.append(m_formatter.format(m_appMsg.getExpDt()))
.append("' AND ");
sql.append("TO_CHAR(" + AppMsg.CREATE_DT + ", 'mm/dd/yyyy')")
.append("='")
.append(m_formatter.format(m_appMsg.getCreateDt()))
.append("' AND ");
sql.append(AppMsg.CREATE_ID).append("=? AND ");
sql.append(AppMsg.SYSTEM_NAME).append("=? ");
PreparedStatement pstmt = conn.prepareStatement(sql.toString());
int ind = 1;
pstmt.setString(ind++, getState(MSG));
pstmt.setDate(
ind++, new java.sql.Date(m_formatter.parse(getState(EFF_DT)).getTime()));
pstmt.setDate(
ind++, new java.sql.Date(m_formatter.parse(getState(EXP_DT)).getTime()));
pstmt.setDate(ind++, new java.sql.Date(new Date().getTime()));
pstmt.setString(ind++, m_securityUser.m_userId);
pstmt.setString(ind++, m_appMsg.getMsg());
pstmt.setString(ind++, m_appMsg.getCreateId());
pstmt.setString(ind++, m_systemName);
pstmt.executeUpdate();
if (getErrors().size() == 0) {
m_appMsg = new AppMsg();
m_appMsg.setSystemName(m_systemName);
AlertMessages.getAlertMessages(conn, 0);
clearInputFields();
}
}
}
}
}
} catch (RuntimeException exp) {
exp.printStackTrace();
logError("Exception: " + exp);
} catch (SQLException exp) {
exp.printStackTrace();
logger.warn("The database operation was not successful.");
logError("Exception: " + exp);
} catch (Exception exp) {
exp.printStackTrace();
logError("Exception: " + exp);
} finally {
releaseDatabaseConnection(conn);
}
return new ActionRouter(ALERTS_PAGE);
}
