Пример #1
0
 /**
  * Returns the title of the <code>WebPage</code> corresponding to the <code>RequestContext</code>.
  * The page may need to be partially executed.
  *
  * @param ctx
  */
 public static String getTitle(WebPage page, RequestContext ctx) throws Exception {
   // Attach the request context to this thread
   RequestContext prevCtx = RequestContext.setCurrent(ctx);
   try {
     // Check authorization
     if (page.isAuthorized() == false) {
       throw new UnauthorizedException();
     }
     page.init();
     return page.getTitle();
   } finally {
     // Restore the request context for this thread
     RequestContext.setCurrent(prevCtx);
   }
 }
Пример #2
0
  /**
   * Executes the <code>WebPage</code> corresponding to the <code>RequestContext</code>.
   *
   * @param ctx
   */
  public static void execute(WebPage page, RequestContext ctx) throws Exception {
    // Attach the request context to this thread
    RequestContext prevCtx = RequestContext.setCurrent(ctx);

    try {
      // Check authorization
      if (page.isAuthorized() == false) {
        throw new UnauthorizedException();
      }

      // Redirect from HTTP to HTTPS and vice versa, as needed
      // But do not redirect POST requests from HTTPS to HTTP since they cause infinite redirection
      // loop
      boolean ssl = page.isSecureSocket() && Setup.isSSL();
      if (ssl != ctx.isSecureSocket()
          && Channel.isSupportsSecureSocket(ctx.getChannel())
          && (ctx.getMethod().equalsIgnoreCase("GET") || ssl == true)) {
        throw new SecureSocketException();
      }

      // Update last activity date of user once every 1/4 session
      Date now = new Date();
      User user = UserStore.getInstance().load(ctx.getUserID());
      if (user != null
          && (ctx.getMethod().equalsIgnoreCase("POST") || Channel.isPush(ctx.getChannel()) == false)
          && (user.getLastActive() == null
              || user.getLastActive().getTime() + Setup.getSessionLength() / 4L < now.getTime())) {
        user = (User) user.clone();
        user.setLastActive(now);
        UserStore.getInstance().save(user);
      }

      page.init();

      if (ctx.getMethod().equalsIgnoreCase("POST")) {
        // Counter XSS attacks by checking that form data includes the session ID
        String sessionParam = ctx.getParameter(RequestContext.PARAM_SESSION);
        boolean sessionParamMatch =
            sessionParam != null && sessionParam.equals(ctx.getSessionID().toString());
        if (page.isProtectXSS() && ctx.getSessionID() != null && !sessionParamMatch) {
          throw new BadRequestException();
        }

        // Validate and commit the form
        if (page.isActionable()) {
          try {
            page.validate();

            // Actions
            if (!Util.isEmpty(ctx.getParameter(RequestContext.PARAM_ACTION))) {
              // Log the event
              LogEntryStore.log(new ActionLogEntry());
            }

            page.setCommitted(true);
            page.commit(); // May throw RedirectException, PageNotFoundException, etc.
          } catch (WebFormException webFormExc) {
            page.setFormException(webFormExc);
          }
        } else {
          // Page does not support POST
          throw new PageNotFoundException();
        }
      }
      page.render();
    } finally {
      // Restore the request context for this thread
      RequestContext.setCurrent(prevCtx);
    }
  }