/**
* Verifica che l'utente in sessione sia abilitato all'accesso alla pagina richiesta. Se è
* autorizzato il metodo termina con CONTINUE, altrimenti con REDIRECT impostando prima i
* parametri di redirezione alla pagina di login.
*
* @param reqCtx Il contesto di richiesta
* @param status Lo stato di uscita del servizio precedente
* @return Lo stato di uscita
*/
@Override
public int service(RequestContext reqCtx, int status) {
if (_log.isLoggable(Level.FINEST)) {
_log.finest("Invoked: " + this.getClass().getName());
}
int retStatus = ControllerManager.INVALID_STATUS;
if (status == ControllerManager.ERROR) {
return status;
}
try {
HttpServletRequest req = reqCtx.getRequest();
HttpSession session = req.getSession();
IPage currentPage = (IPage) reqCtx.getExtraParam(SystemConstants.EXTRAPAR_CURRENT_PAGE);
UserDetails currentUser =
(UserDetails) session.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
if (null == currentUser) {
throw new ApsSystemException("no user on session");
}
boolean authorized = this.getAuthManager().isAuth(currentUser, currentPage);
if (authorized) {
retStatus = ControllerManager.CONTINUE;
} else {
retStatus = this.redirect(this.getLoginPageCode(), reqCtx);
}
} catch (Throwable t) {
ApsSystemUtils.logThrowable(t, this, "service", "Error while processing the request");
retStatus = ControllerManager.SYS_ERROR;
reqCtx.setHTTPError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
return retStatus;
}
public void testServiceFailure() throws ApsSystemException {
RequestContext reqCtx = this.getRequestContext();
Role role = new Role();
role.setName("testRole");
User user = new User();
user.addAutority(role);
reqCtx.getRequest().getSession().setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
Page page = new Page();
page.setCode("login");
page.setGroup("free");
page.setModel(new PageModel());
reqCtx.addExtraParam(SystemConstants.EXTRAPAR_CURRENT_PAGE, page);
Lang lang = new Lang();
lang.setCode("it");
reqCtx.addExtraParam(SystemConstants.EXTRAPAR_CURRENT_LANG, lang);
MockHttpServletRequest request = (MockHttpServletRequest) reqCtx.getRequest();
request.setRemoteAddr("255.255.255.255");
request.addHeader("Referer", "homeTest");
request.addHeader("User-Agent", "Mio Test Browser");
request.addHeader("accept-language", "sardo");
int status = _statMonitor.service(reqCtx, ControllerManager.CONTINUE);
assertEquals(status, ControllerManager.CONTINUE);
this.deleteStatsRecord();
}
/**
* Imposta i parametri di una redirezione.
*
* @param redirDestPage Il codice della pagina su cui si vuole redirezionare.
* @param reqCtx Il contesto di richiesta.
* @return L'indicativo del tipo di redirezione in uscita del controlService. Può essere una delle
* costanti definite in ControllerManager.
*/
protected int redirect(String redirDestPage, RequestContext reqCtx) {
int retStatus;
try {
String redirPar = this.getParameter(RequestContext.PAR_REDIRECT_FLAG, reqCtx);
if (redirPar == null || "".equals(redirPar)) {
PageURL url = this.getUrlManager().createURL(reqCtx);
url.setPageCode(redirDestPage);
url.addParam(RequestContext.PAR_REDIRECT_FLAG, "1");
String redirUrl = url.getURL();
if (_log.isLoggable(Level.FINEST)) {
_log.finest("Redirecting to " + redirUrl);
}
reqCtx.clearError();
reqCtx.addExtraParam(RequestContext.EXTRAPAR_REDIRECT_URL, redirUrl);
retStatus = ControllerManager.REDIRECT;
} else {
reqCtx.setHTTPError(HttpServletResponse.SC_BAD_REQUEST);
retStatus = ControllerManager.ERROR;
}
} catch (Throwable t) {
retStatus = ControllerManager.SYS_ERROR;
reqCtx.setHTTPError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
ApsSystemUtils.logThrowable(
t, this, "redirect", "Error on creation redirect to page " + redirDestPage);
}
return retStatus;
}
public void testServiceFailure_2() throws ApsSystemException {
RequestContext reqCtx = this.getRequestContext();
((MockHttpServletRequest) reqCtx.getRequest()).setServletPath("/wrongpath.wp"); // wrong path
int status = _requestValidator.service(reqCtx, ControllerManager.CONTINUE);
assertEquals(ControllerManager.REDIRECT, status);
String redirectUrl = (String) reqCtx.getExtraParam(RequestContext.EXTRAPAR_REDIRECT_URL);
assertEquals("/Entando/it/errorpage.page?redirectflag=1", redirectUrl);
}
public void testServiceFailure_2() throws Throwable {
RequestContext reqCtx = this.getRequestContext();
reqCtx.getRequest().getSession().removeAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
IPage root = this._pageManager.getRoot();
reqCtx.addExtraParam(SystemConstants.EXTRAPAR_CURRENT_PAGE, root);
int status = _authorizator.service(reqCtx, ControllerManager.CONTINUE);
assertEquals(status, ControllerManager.SYS_ERROR);
}
@Override
public int service(RequestContext reqCtx, int status) {
if (_log.isLoggable(Level.FINEST)) {
_log.finest("Invoked " + this.getClass().getName());
}
int retStatus = ControllerManager.INVALID_STATUS;
if (status == ControllerManager.ERROR) {
return status;
}
try {
String isActive =
this.getConfigManager()
.getParam(CasClientPluginSystemCostants.JPCASCLIENT_EXTENDED_ISACTIVE);
if (!isActive.equals("true")) {
// if cas client is disactivate normal Authorization on request
return super.service(reqCtx, retStatus);
} else {
HttpServletRequest req = reqCtx.getRequest();
HttpSession session = req.getSession();
IPage currentPage = (IPage) reqCtx.getExtraParam(SystemConstants.EXTRAPAR_CURRENT_PAGE);
UserDetails currentUser =
(UserDetails) session.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
boolean authorized = this.getAuthManager().isAuth(currentUser, currentPage);
if (authorized) {
retStatus = ControllerManager.CONTINUE;
} else if (SystemConstants.GUEST_USER_NAME.equals(currentUser.getUsername())) {
_log.info("CAS - user not authorized and guest");
CasClientUtils casClientUtils = new CasClientUtils();
String loginBaseUrl =
this.getConfigManager().getParam(CasClientPluginSystemCostants.JPCASCLIENT_LOGIN_URL);
StringBuffer loginUrl = new StringBuffer(loginBaseUrl);
loginUrl.append("?service=");
PageURL pageUrl = this.getUrlManager().createURL(reqCtx);
String serviceUrl = casClientUtils.getURLStringWithoutTicketParam(pageUrl, reqCtx);
loginUrl.append(serviceUrl);
reqCtx.addExtraParam(RequestContext.EXTRAPAR_REDIRECT_URL, loginUrl.toString());
retStatus = ControllerManager.REDIRECT;
} else {
_log.info("CAS - user authenticated but not authorized");
Lang currentLang = (Lang) reqCtx.getExtraParam(SystemConstants.EXTRAPAR_CURRENT_LANG);
String notAuthPageCode =
this.getConfigManager()
.getParam(CasClientPluginSystemCostants.JPCASCLIENT_NO_AUTH_PAGE);
IPage page = this.getPageManager().getPage(notAuthPageCode);
String url =
this.getUrlManager().createUrl(page, currentLang, new HashMap<String, String>());
reqCtx.addExtraParam(RequestContext.EXTRAPAR_REDIRECT_URL, url);
retStatus = ControllerManager.REDIRECT;
}
}
} catch (Throwable t) {
ApsSystemUtils.logThrowable(t, this, "service", "Error in processing the request");
retStatus = ControllerManager.ERROR;
}
return retStatus;
}
public void testServiceFailure_1() throws Throwable {
RequestContext reqCtx = this.getRequestContext();
this.setUserOnSession(SystemConstants.GUEST_USER_NAME);
IPage requiredPage = this._pageManager.getPage("customers_page");
reqCtx.addExtraParam(SystemConstants.EXTRAPAR_CURRENT_PAGE, requiredPage);
int status = _authorizator.service(reqCtx, ControllerManager.CONTINUE);
assertEquals(status, ControllerManager.REDIRECT);
String redirectUrl = (String) reqCtx.getExtraParam(RequestContext.EXTRAPAR_REDIRECT_URL);
assertEquals("/japs/it/login.page?redirectflag=1", redirectUrl);
}
public void testService_2() throws Throwable {
RequestContext reqCtx = this.getRequestContext();
this.setUserOnSession("admin");
IPage root = this._pageManager.getRoot();
reqCtx.addExtraParam(SystemConstants.EXTRAPAR_CURRENT_PAGE, root);
int status = this._authorizator.service(reqCtx, ControllerManager.CONTINUE);
assertEquals(status, ControllerManager.CONTINUE);
String redirectUrl = (String) reqCtx.getExtraParam(RequestContext.EXTRAPAR_REDIRECT_URL);
assertNull(redirectUrl);
}
/**
* Crea e restituisce una lista di oggetti NavigatorTarget, che wrappano pagine del portale e
* possono essere utilizzati dai sub-tag.
*
* @param spec L'espressione usata la specificazione delle pagine da selezionare; possono essere
* assolute o relative o miste.
* @param reqCtx Il contesto della richiesta corrente.
* @return La lista di oggetti NavigatorTarget.
*/
@Override
public List<NavigatorTarget> parseSpec(String spec, RequestContext reqCtx) {
IPage currentPage = (IPage) reqCtx.getExtraParam(SystemConstants.EXTRAPAR_CURRENT_PAGE);
UserDetails currentUser =
(UserDetails)
reqCtx
.getRequest()
.getSession()
.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
return this.parseSpec(spec, currentPage, currentUser);
}
@Override
public String intercept(ActionInvocation invocation) throws Exception {
HttpServletRequest request = ServletActionContext.getRequest();
RequestContext reqCtx = (RequestContext) request.getAttribute(RequestContext.REQCTX);
if (null != reqCtx) {
Lang currentLang = (Lang) reqCtx.getExtraParam(SystemConstants.EXTRAPAR_CURRENT_LANG);
Locale locale = new Locale(currentLang.getCode(), "");
invocation.getInvocationContext().setLocale(locale);
}
return invocation.invoke();
}
public void testService() throws ApsSystemException {
RequestContext reqCtx = this.getRequestContext();
((MockHttpServletRequest) reqCtx.getRequest()).setServletPath("/it/homepage.wp");
int status = this._requestValidator.service(reqCtx, ControllerManager.CONTINUE);
assertEquals(ControllerManager.CONTINUE, status);
Lang lang = (Lang) reqCtx.getExtraParam(SystemConstants.EXTRAPAR_CURRENT_LANG);
IPage page = (IPage) reqCtx.getExtraParam(SystemConstants.EXTRAPAR_CURRENT_PAGE);
assertNotNull(page);
assertNotNull(lang);
assertEquals("it", lang.getCode());
assertEquals("homepage", page.getCode());
}
private String extractTitle(Widget widget) {
ServletRequest request = this.pageContext.getRequest();
RequestContext reqCtx = (RequestContext) request.getAttribute(RequestContext.REQCTX);
Lang currentLang = (Lang) reqCtx.getExtraParam(SystemConstants.EXTRAPAR_CURRENT_LANG);
WidgetType type = widget.getType();
String value = type.getTitles().getProperty(currentLang.getCode());
if (null == value || value.trim().length() == 0) {
ILangManager langManager =
(ILangManager)
ApsWebApplicationUtils.getBean(SystemConstants.LANGUAGE_MANAGER, this.pageContext);
Lang defaultLang = langManager.getDefaultLang();
value = type.getTitles().getProperty(defaultLang.getCode());
}
return value;
}
private Widget extractShowlet() {
ServletRequest req = this.pageContext.getRequest();
RequestContext reqCtx = (RequestContext) req.getAttribute(RequestContext.REQCTX);
Widget widget = null;
if (this.getFrame() < 0) {
widget = (Widget) reqCtx.getExtraParam((SystemConstants.EXTRAPAR_CURRENT_WIDGET));
} else {
IPage currentPage = (IPage) reqCtx.getExtraParam((SystemConstants.EXTRAPAR_CURRENT_PAGE));
Widget[] showlets = currentPage.getWidgets();
if (showlets.length > this.getFrame()) {
widget = showlets[this.getFrame()];
}
}
return widget;
}
/**
* Questo controller si incarica di caricare in sessione, quando possibile, la configurazione
* personalizzata dell'utente correntemente loggato. NOTA: la sessione viene esplicitamente
* ripulita da qualsiasi configurazione personalizzata non allineata all'utente corrente
*/
@Override
public int service(RequestContext reqCtx, int status) {
if (_log.isLoggable(Level.FINEST)) {
_log.finest("Invocata " + this.getClass().getName());
}
int retStatus = ControllerManager.INVALID_STATUS;
if (status == ControllerManager.ERROR) {
return status;
}
try {
HttpServletRequest req = reqCtx.getRequest();
HttpSession session = req.getSession();
UserDetails currentUser =
(UserDetails) session.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
if (null == currentUser) {
throw new ApsSystemException("no user on session");
}
PageModelUserConfigBean userConfigBean =
(PageModelUserConfigBean)
session.getAttribute(
JpmyportalSystemConstants.SESSIONPARAM_CURRENT_USER_PAGE_MODEL_CONFIG);
if (!currentUser.getUsername().equals(SystemConstants.GUEST_USER_NAME)
&& !currentUser.getUsername().equals(SystemConstants.ADMIN_USER_NAME)) {
if ((null == userConfigBean
|| !currentUser.getUsername().equals(userConfigBean.getUsername()))) {
userConfigBean =
this.getPageModelUserConfigManager().getUserConfig(currentUser.getUsername());
if (null != userConfigBean) {
session.setAttribute(
JpmyportalSystemConstants.SESSIONPARAM_CURRENT_USER_PAGE_MODEL_CONFIG,
userConfigBean);
} else {
session.removeAttribute(
JpmyportalSystemConstants.SESSIONPARAM_CURRENT_USER_PAGE_MODEL_CONFIG);
}
}
} else {
session.removeAttribute(
JpmyportalSystemConstants.SESSIONPARAM_CURRENT_USER_PAGE_MODEL_CONFIG);
}
retStatus = ControllerManager.CONTINUE;
} catch (Throwable t) {
ApsSystemUtils.logThrowable(t, this, "service", "Error while processing the request");
retStatus = ControllerManager.SYS_ERROR;
reqCtx.setHTTPError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
return retStatus;
}
@Override
public int doStartTag() throws JspException {
ServletRequest request = this.pageContext.getRequest();
try {
RequestContext reqCtx = (RequestContext) request.getAttribute(RequestContext.REQCTX);
Object value = reqCtx.getExtraParam(this.getParam());
if (null != value) {
String var = this.getVar();
if (null == var || "".equals(var)) {
this.pageContext.getOut().print(value);
} else {
this.pageContext.setAttribute(this.getVar(), value);
}
}
} catch (Throwable t) {
_logger.error("error in doStartTag", t);
throw new JspException("error in doStartTag", t);
}
return super.doStartTag();
}
protected boolean isPageAllowed(RequestContext reqCtx, String pageCode) {
UserDetails user = null;
if (null != reqCtx) {
user =
(UserDetails)
reqCtx
.getRequest()
.getSession()
.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
}
return this.isPageAllowed(user, pageCode);
}
/**
* Recupera un parametro della richiesta.
*
* @param name Il nome del parametro.
* @param reqCtx Il contesto di richiesta.
* @return Il valore del parametro
*/
protected String getParameter(String name, RequestContext reqCtx) {
String param = reqCtx.getRequest().getParameter(name);
return param;
}
