예제 #1
0
  /**
   * Return an <code>Action</code> instance that will be used to process the current request,
   * creating a new one if necessary.
   *
   * @param request The servlet request we are processing
   * @param response The servlet response we are creating
   * @param mapping The mapping we are using
   * @return An <code>Action</code> instance that will be used to process the current request.
   * @throws IOException if an input/output error occurs
   */
  protected Action processActionCreate(
      HttpServletRequest request, HttpServletResponse response, ActionMapping mapping)
      throws IOException {
    // Acquire the Action instance we will be using (if there is one)
    String className = mapping.getType();

    if (log.isDebugEnabled()) {
      log.debug(" Looking for Action instance for class " + className);
    }

    // If there were a mapping property indicating whether
    // an Action were a singleton or not ([true]),
    // could we just instantiate and return a new instance here?
    Action instance;

    synchronized (actions) {
      // Return any existing Action instance of this class
      instance = (Action) actions.get(className);

      if (instance != null) {
        if (log.isTraceEnabled()) {
          log.trace("  Returning existing Action instance");
        }

        return (instance);
      }

      // Create and return a new Action instance
      if (log.isTraceEnabled()) {
        log.trace("  Creating new Action instance");
      }

      try {
        instance = (Action) RequestUtils.applicationInstance(className);

        // Maybe we should propagate this exception
        // instead of returning null.
      } catch (Exception e) {
        log.error(getInternal().getMessage("actionCreate", mapping.getPath()), e);

        response.sendError(
            HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
            getInternal().getMessage("actionCreate", mapping.getPath()));

        return (null);
      }

      actions.put(className, instance);
    }

    if (instance.getServlet() == null) {
      instance.setServlet(this.servlet);
    }

    return (instance);
  }
예제 #2
0
  /**
   * If this action is protected by security roles, make sure that the current user possesses at
   * least one of them. Return <code>true</code> to continue normal processing, or <code>false
   * </code> if an appropriate response has been created and processing should terminate.
   *
   * @param request The servlet request we are processing
   * @param response The servlet response we are creating
   * @param mapping The mapping we are using
   * @return <code>true</code> to continue normal processing; <code>false</code> if a response has
   *     been created.
   * @throws IOException if an input/output error occurs
   * @throws ServletException if a servlet exception occurs
   */
  protected boolean processRoles(
      HttpServletRequest request, HttpServletResponse response, ActionMapping mapping)
      throws IOException, ServletException {
    // Is this action protected by role requirements?
    String[] roles = mapping.getRoleNames();

    if ((roles == null) || (roles.length < 1)) {
      return (true);
    }

    // Check the current user against the list of required roles
    for (int i = 0; i < roles.length; i++) {
      if (request.isUserInRole(roles[i])) {
        if (log.isDebugEnabled()) {
          log.debug(
              " User '"
                  + request.getRemoteUser()
                  + "' has role '"
                  + roles[i]
                  + "', granting access");
        }

        return (true);
      }
    }

    // The current user is not authorized for this action
    if (log.isDebugEnabled()) {
      log.debug(
          " User '"
              + request.getRemoteUser()
              + "' does not have any required role, denying access");
    }

    response.sendError(
        HttpServletResponse.SC_FORBIDDEN,
        getInternal().getMessage("notAuthorized", mapping.getPath()));

    return (false);
  }
예제 #3
0
  /**
   * If this request was not cancelled, and the request's {@link ActionMapping} has not disabled
   * validation, call the <code>validate</code> method of the specified {@link ActionForm}, and
   * forward to the input path if there were any errors. Return <code>true</code> if we should
   * continue processing, or <code>false</code> if we have already forwarded control back to the
   * input form.
   *
   * @param request The servlet request we are processing
   * @param response The servlet response we are creating
   * @param form The ActionForm instance we are populating
   * @param mapping The ActionMapping we are using
   * @return <code>true</code> to continue normal processing; <code>false</code> if a response has
   *     been created.
   * @throws IOException if an input/output error occurs
   * @throws ServletException if a servlet exception occurs
   * @throws InvalidCancelException if a cancellation is attempted without the proper action
   *     configuration.
   */
  protected boolean processValidate(
      HttpServletRequest request,
      HttpServletResponse response,
      ActionForm form,
      ActionMapping mapping)
      throws IOException, ServletException, InvalidCancelException {
    if (form == null) {
      return (true);
    }

    // Has validation been turned off for this mapping?
    if (!mapping.getValidate()) {
      return (true);
    }

    // Was this request cancelled? If it has been, the mapping also
    // needs to state whether the cancellation is permissable; otherwise
    // the cancellation is considered to be a symptom of a programmer
    // error or a spoof.
    if (request.getAttribute(Globals.CANCEL_KEY) != null) {
      if (mapping.getCancellable()) {
        if (log.isDebugEnabled()) {
          log.debug(" Cancelled transaction, skipping validation");
        }
        return (true);
      } else {
        request.removeAttribute(Globals.CANCEL_KEY);
        throw new InvalidCancelException();
      }
    }

    // Call the form bean's validation method
    if (log.isDebugEnabled()) {
      log.debug(" Validating input form properties");
    }

    ActionMessages errors = form.validate(mapping, request);

    if ((errors == null) || errors.isEmpty()) {
      if (log.isTraceEnabled()) {
        log.trace("  No errors detected, accepting input");
      }

      return (true);
    }

    // Special handling for multipart request
    if (form.getMultipartRequestHandler() != null) {
      if (log.isTraceEnabled()) {
        log.trace("  Rolling back multipart request");
      }

      form.getMultipartRequestHandler().rollback();
    }

    // Was an input path (or forward) specified for this mapping?
    String input = mapping.getInput();

    if (input == null) {
      if (log.isTraceEnabled()) {
        log.trace("  Validation failed but no input form available");
      }

      response.sendError(
          HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
          getInternal().getMessage("noInput", mapping.getPath()));

      return (false);
    }

    // Save our error messages and return to the input form if possible
    if (log.isDebugEnabled()) {
      log.debug(" Validation failed, returning to '" + input + "'");
    }

    request.setAttribute(Globals.ERROR_KEY, errors);

    if (moduleConfig.getControllerConfig().getInputForward()) {
      ForwardConfig forward = mapping.findForward(input);

      processForwardConfig(request, response, forward);
    } else {
      internalModuleRelativeForward(input, request, response);
    }

    return (false);
  }