/** * Return an <code>Action</code> instance that will be used to process the current request, * creating a new one if necessary. * * @param request The servlet request we are processing * @param response The servlet response we are creating * @param mapping The mapping we are using * @return An <code>Action</code> instance that will be used to process the current request. * @throws IOException if an input/output error occurs */ protected Action processActionCreate( HttpServletRequest request, HttpServletResponse response, ActionMapping mapping) throws IOException { // Acquire the Action instance we will be using (if there is one) String className = mapping.getType(); if (log.isDebugEnabled()) { log.debug(" Looking for Action instance for class " + className); } // If there were a mapping property indicating whether // an Action were a singleton or not ([true]), // could we just instantiate and return a new instance here? Action instance; synchronized (actions) { // Return any existing Action instance of this class instance = (Action) actions.get(className); if (instance != null) { if (log.isTraceEnabled()) { log.trace(" Returning existing Action instance"); } return (instance); } // Create and return a new Action instance if (log.isTraceEnabled()) { log.trace(" Creating new Action instance"); } try { instance = (Action) RequestUtils.applicationInstance(className); // Maybe we should propagate this exception // instead of returning null. } catch (Exception e) { log.error(getInternal().getMessage("actionCreate", mapping.getPath()), e); response.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, getInternal().getMessage("actionCreate", mapping.getPath())); return (null); } actions.put(className, instance); } if (instance.getServlet() == null) { instance.setServlet(this.servlet); } return (instance); }
/** * If this action is protected by security roles, make sure that the current user possesses at * least one of them. Return <code>true</code> to continue normal processing, or <code>false * </code> if an appropriate response has been created and processing should terminate. * * @param request The servlet request we are processing * @param response The servlet response we are creating * @param mapping The mapping we are using * @return <code>true</code> to continue normal processing; <code>false</code> if a response has * been created. * @throws IOException if an input/output error occurs * @throws ServletException if a servlet exception occurs */ protected boolean processRoles( HttpServletRequest request, HttpServletResponse response, ActionMapping mapping) throws IOException, ServletException { // Is this action protected by role requirements? String[] roles = mapping.getRoleNames(); if ((roles == null) || (roles.length < 1)) { return (true); } // Check the current user against the list of required roles for (int i = 0; i < roles.length; i++) { if (request.isUserInRole(roles[i])) { if (log.isDebugEnabled()) { log.debug( " User '" + request.getRemoteUser() + "' has role '" + roles[i] + "', granting access"); } return (true); } } // The current user is not authorized for this action if (log.isDebugEnabled()) { log.debug( " User '" + request.getRemoteUser() + "' does not have any required role, denying access"); } response.sendError( HttpServletResponse.SC_FORBIDDEN, getInternal().getMessage("notAuthorized", mapping.getPath())); return (false); }
/** * If this request was not cancelled, and the request's {@link ActionMapping} has not disabled * validation, call the <code>validate</code> method of the specified {@link ActionForm}, and * forward to the input path if there were any errors. Return <code>true</code> if we should * continue processing, or <code>false</code> if we have already forwarded control back to the * input form. * * @param request The servlet request we are processing * @param response The servlet response we are creating * @param form The ActionForm instance we are populating * @param mapping The ActionMapping we are using * @return <code>true</code> to continue normal processing; <code>false</code> if a response has * been created. * @throws IOException if an input/output error occurs * @throws ServletException if a servlet exception occurs * @throws InvalidCancelException if a cancellation is attempted without the proper action * configuration. */ protected boolean processValidate( HttpServletRequest request, HttpServletResponse response, ActionForm form, ActionMapping mapping) throws IOException, ServletException, InvalidCancelException { if (form == null) { return (true); } // Has validation been turned off for this mapping? if (!mapping.getValidate()) { return (true); } // Was this request cancelled? If it has been, the mapping also // needs to state whether the cancellation is permissable; otherwise // the cancellation is considered to be a symptom of a programmer // error or a spoof. if (request.getAttribute(Globals.CANCEL_KEY) != null) { if (mapping.getCancellable()) { if (log.isDebugEnabled()) { log.debug(" Cancelled transaction, skipping validation"); } return (true); } else { request.removeAttribute(Globals.CANCEL_KEY); throw new InvalidCancelException(); } } // Call the form bean's validation method if (log.isDebugEnabled()) { log.debug(" Validating input form properties"); } ActionMessages errors = form.validate(mapping, request); if ((errors == null) || errors.isEmpty()) { if (log.isTraceEnabled()) { log.trace(" No errors detected, accepting input"); } return (true); } // Special handling for multipart request if (form.getMultipartRequestHandler() != null) { if (log.isTraceEnabled()) { log.trace(" Rolling back multipart request"); } form.getMultipartRequestHandler().rollback(); } // Was an input path (or forward) specified for this mapping? String input = mapping.getInput(); if (input == null) { if (log.isTraceEnabled()) { log.trace(" Validation failed but no input form available"); } response.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, getInternal().getMessage("noInput", mapping.getPath())); return (false); } // Save our error messages and return to the input form if possible if (log.isDebugEnabled()) { log.debug(" Validation failed, returning to '" + input + "'"); } request.setAttribute(Globals.ERROR_KEY, errors); if (moduleConfig.getControllerConfig().getInputForward()) { ForwardConfig forward = mapping.findForward(input); processForwardConfig(request, response, forward); } else { internalModuleRelativeForward(input, request, response); } return (false); }