/**
* Returns the title of the <code>WebPage</code> corresponding to the <code>RequestContext</code>.
* The page may need to be partially executed.
*
* @param ctx
*/
public static String getTitle(WebPage page, RequestContext ctx) throws Exception {
// Attach the request context to this thread
RequestContext prevCtx = RequestContext.setCurrent(ctx);
try {
// Check authorization
if (page.isAuthorized() == false) {
throw new UnauthorizedException();
}
page.init();
return page.getTitle();
} finally {
// Restore the request context for this thread
RequestContext.setCurrent(prevCtx);
}
}
/**
* Executes the <code>WebPage</code> corresponding to the <code>RequestContext</code>.
*
* @param ctx
*/
public static void execute(WebPage page, RequestContext ctx) throws Exception {
// Attach the request context to this thread
RequestContext prevCtx = RequestContext.setCurrent(ctx);
try {
// Check authorization
if (page.isAuthorized() == false) {
throw new UnauthorizedException();
}
// Redirect from HTTP to HTTPS and vice versa, as needed
// But do not redirect POST requests from HTTPS to HTTP since they cause infinite redirection
// loop
boolean ssl = page.isSecureSocket() && Setup.isSSL();
if (ssl != ctx.isSecureSocket()
&& Channel.isSupportsSecureSocket(ctx.getChannel())
&& (ctx.getMethod().equalsIgnoreCase("GET") || ssl == true)) {
throw new SecureSocketException();
}
// Update last activity date of user once every 1/4 session
Date now = new Date();
User user = UserStore.getInstance().load(ctx.getUserID());
if (user != null
&& (ctx.getMethod().equalsIgnoreCase("POST") || Channel.isPush(ctx.getChannel()) == false)
&& (user.getLastActive() == null
|| user.getLastActive().getTime() + Setup.getSessionLength() / 4L < now.getTime())) {
user = (User) user.clone();
user.setLastActive(now);
UserStore.getInstance().save(user);
}
page.init();
if (ctx.getMethod().equalsIgnoreCase("POST")) {
// Counter XSS attacks by checking that form data includes the session ID
String sessionParam = ctx.getParameter(RequestContext.PARAM_SESSION);
boolean sessionParamMatch =
sessionParam != null && sessionParam.equals(ctx.getSessionID().toString());
if (page.isProtectXSS() && ctx.getSessionID() != null && !sessionParamMatch) {
throw new BadRequestException();
}
// Validate and commit the form
if (page.isActionable()) {
try {
page.validate();
// Actions
if (!Util.isEmpty(ctx.getParameter(RequestContext.PARAM_ACTION))) {
// Log the event
LogEntryStore.log(new ActionLogEntry());
}
page.setCommitted(true);
page.commit(); // May throw RedirectException, PageNotFoundException, etc.
} catch (WebFormException webFormExc) {
page.setFormException(webFormExc);
}
} else {
// Page does not support POST
throw new PageNotFoundException();
}
}
page.render();
} finally {
// Restore the request context for this thread
RequestContext.setCurrent(prevCtx);
}
}