Пример #1
0
 public String getValue(String fieldName) {
   if (fieldName.equals("alertmessages")) {
     if (m_appMsg != null && m_appMsg.getMsg() != null) {
       return m_appMsg.getMsg().replace('\"', '\'');
     } else {
       return BLANK;
     }
   } else if (fieldName.equals("userid")) {
     return m_securityUser.m_userId;
   }
   return super.getValue(fieldName);
 }
Пример #2
0
  public ActionRouter perform(
      HttpServlet servlet, HttpServletRequest request, HttpServletResponse response)
      throws java.io.IOException, javax.servlet.ServletException {
    // CSRF refer checking to address AppScan issue.
    if (CHECK_FOR_VULNERABILITIES) {
      if (hasInvalidReferer(request)) {
        // Return 403 Forbidden
        response.sendError(403, "Invalid program state.");
        return new ActionRouter();
      }
    }

    if (!validateLoginAndPermissions(request, response)) {
      return new ActionRouter();
    } else if (!hasPermission()) {
      response.getWriter().print("You do not have permission to this page.");
      return new ActionRouter();
    }
    // validate request ticket
    if (!validateTicket(request)) {
      try {
        Translator_ErrorHandler errorHandler = Translator_ErrorHandler.getInstance(request);
        errorHandler.logError(INVALID_TICKET);
      } catch (EnterpriseConfigurationObjectException e) {
        e.printStackTrace();
      } catch (InstantiationException e) {
        e.printStackTrace();
      }
      return newActionRouter(request, "errorPage", null);
    }
    logger.debug("[" + APP_NAME + "] " + " ===== Translator_AlertMessages:perform - entering");
    dumpRequest(request);
    saveState(request);
    Connection conn = null;
    try {
      if (parseString(request, "Edit").length() > 0) {
        m_appMsg = new AppMsg();
        m_appMsg.setMsg(getState(MSG));
        m_appMsg.setEffDt(m_formatter.parse(getState(EFF_DT)));
        m_appMsg.setExpDt(m_formatter.parse(getState(EXP_DT)));
        m_appMsg.setCreateDt(m_formatter.parse(getState(CREATE_DT)));
        m_appMsg.setCreateId(getState(CREATE_ID));
        m_appMsg.setSystemName(m_systemName);
      } else if (parseString(request, "Cancel").length() > 0) {
        m_appMsg = new AppMsg();
        m_appMsg.setSystemName(m_systemName);
        clearInputFields();
      } else if (parseString(request, "View").length() > 0) {
        m_appMsg = new AppMsg();
        m_appMsg.setMsg(getState(MSG));
        m_appMsg.setSystemName(m_systemName);
        clearInputFields();
      } else if (validateState()) {
        conn = getDatabaseConnection();
        if (parseString(request, "Delete").length() > 0) {
          if (!getState("CREATE_ID").equals(m_securityUser.m_userId)) {
            logError("Selected alert message cannot deleted, as it was created by other user");
          } else {
            StringBuffer sql = new StringBuffer();
            sql.append("DELETE FROM ").append(AppMsg.TABLENAME).append(" WHERE ");
            sql.append(AppMsg.MSG).append("=? AND ");
            sql.append("TO_CHAR(" + AppMsg.EFF_DT + ", 'mm/dd/yyyy')")
                .append("='")
                .append(getState(EFF_DT))
                .append("' AND ");
            sql.append("TO_CHAR(" + AppMsg.EXP_DT + ", 'mm/dd/yyyy')")
                .append("='")
                .append(getState(EXP_DT))
                .append("' AND ");
            sql.append("TO_CHAR(" + AppMsg.CREATE_DT + ", 'mm/dd/yyyy')")
                .append("='")
                .append(getState(CREATE_DT))
                .append("' AND ");
            sql.append(AppMsg.CREATE_ID).append("=? AND ");
            sql.append(AppMsg.SYSTEM_NAME).append("=? ");
            PreparedStatement pstmt = conn.prepareStatement(sql.toString());
            int ind = 1;
            pstmt.setString(ind++, getState("MSG"));
            pstmt.setString(ind++, getState("CREATE_ID"));
            pstmt.setString(ind++, m_systemName);
            pstmt.executeUpdate();
          }
          m_appMsg = new AppMsg();
          m_appMsg.setSystemName(m_systemName);
          AlertMessages.getAlertMessages(conn, 0);
          clearInputFields();
        } else if (parseString(request, "Save").length() > 0) {
          m_appMsg = new AppMsg();
          m_appMsg.setSystemName(m_systemName);
          AppMsg appMsgNew = new AppMsg();
          Day effDtDay = new Day(m_formatter.parse(getState(EFF_DT)));
          Day expDtDay = new Day(m_formatter.parse(getState(EXP_DT)));
          if (effDtDay.isAfter(expDtDay)) {
            logError("EXPIRY DATE should be greater than EFFECTIVE DATE");
          } else if (getState(MSG).trim().equals(BLANK)) {
            logError("MESSAGE cannot be empty");
          } else if (getState(MSG).trim().indexOf("'") != -1
              || getState(MSG).trim().indexOf("â") != -1
              || getState(MSG).trim().indexOf("€") != -1
              || getState(MSG).trim().indexOf("™") != -1) {
            logError("MESSAGE has invalid character");
          } else if (AppMsg.doesExist(
              conn,
              getState(MSG),
              m_formatter.parse(getState(EFF_DT)),
              m_formatter.parse(getState(EXP_DT)),
              new Date(),
              m_securityUser.m_userId,
              m_systemName)) {
            logError("The given data already exists in database.");
          } else {
            appMsgNew.setMsg(getState(MSG));
            appMsgNew.setEffDt(m_formatter.parse(getState(EFF_DT)));
            appMsgNew.setExpDt(m_formatter.parse(getState(EXP_DT)));
            appMsgNew.setCreateDt(new Date());
            appMsgNew.setCreateId(m_securityUser.m_userId);
            appMsgNew.setSystemName(m_systemName);
            handleDBWrapperError(appMsgNew, appMsgNew.create(conn));
            if (getErrors().size() == 0) {
              AlertMessages.getAlertMessages(conn, 0);
              clearInputFields();
            }
          }
        } else if (parseString(request, "Update").length() > 0) {
          Day effDtDay = new Day(m_formatter.parse(getState(EFF_DT)));
          Day expDtDay = new Day(m_formatter.parse(getState(EXP_DT)));
          if (effDtDay.isAfter(expDtDay)) {
            logError("EXPIRY DATE should be greater than EFFECTIVE DATE");
          } else if (m_appMsg.getMsg() != null
              && m_appMsg.getEffDt() != null
              && m_appMsg.getExpDt() != null
              && m_appMsg.getCreateDt() != null
              && m_appMsg.getCreateId() != null) {
            if (getState(MSG).trim().equals(BLANK)) {
              logError("MESSAGE cannot be empty");
            } else if (getState(MSG).trim().indexOf("'") != -1
                || getState(MSG).trim().indexOf("â") != -1
                || getState(MSG).trim().indexOf("€") != -1
                || getState(MSG).trim().indexOf("™") != -1) {
              logError("MESSAGE has invalid character");
            } else if (getState(MSG).equals(m_appMsg.getMsg())
                && m_formatter.parse(getState(EFF_DT)).equals(m_appMsg.getEffDt())
                && m_formatter.parse(getState(EXP_DT)).equals(m_appMsg.getExpDt())
                && m_formatter.parse(getState(CREATE_DT)).equals(m_appMsg.getCreateDt())
                && m_securityUser.m_userId.equals(m_appMsg.getCreateId())) {
              m_appMsg = new AppMsg();
              clearInputFields();
            } else if (AppMsg.doesExist(
                conn,
                getState(MSG),
                m_formatter.parse(getState(EFF_DT)),
                m_formatter.parse(getState(EXP_DT)),
                new Date(),
                m_securityUser.m_userId,
                m_systemName)) {
              logError("The given data already exists in database.");
            } else {
              StringBuffer sql = new StringBuffer();
              sql.append("UPDATE ").append(AppMsg.TABLENAME);
              sql.append(" SET ").append(AppMsg.MSG).append("=?, ");
              sql.append(AppMsg.EFF_DT).append("=?, ");
              sql.append(AppMsg.EXP_DT).append("=?, ");
              sql.append(AppMsg.CREATE_DT).append("=?, ");
              sql.append(AppMsg.CREATE_ID).append("=? ");
              sql.append(" WHERE ");
              sql.append(AppMsg.MSG).append("=? AND ");
              sql.append("TO_CHAR(" + AppMsg.EFF_DT + ", 'mm/dd/yyyy')")
                  .append("='")
                  .append(m_formatter.format(m_appMsg.getEffDt()))
                  .append("' AND ");
              sql.append("TO_CHAR(" + AppMsg.EXP_DT + ", 'mm/dd/yyyy')")
                  .append("='")
                  .append(m_formatter.format(m_appMsg.getExpDt()))
                  .append("' AND ");
              sql.append("TO_CHAR(" + AppMsg.CREATE_DT + ", 'mm/dd/yyyy')")
                  .append("='")
                  .append(m_formatter.format(m_appMsg.getCreateDt()))
                  .append("' AND ");
              sql.append(AppMsg.CREATE_ID).append("=? AND ");
              sql.append(AppMsg.SYSTEM_NAME).append("=? ");
              PreparedStatement pstmt = conn.prepareStatement(sql.toString());
              int ind = 1;
              pstmt.setString(ind++, getState(MSG));
              pstmt.setDate(
                  ind++, new java.sql.Date(m_formatter.parse(getState(EFF_DT)).getTime()));
              pstmt.setDate(
                  ind++, new java.sql.Date(m_formatter.parse(getState(EXP_DT)).getTime()));
              pstmt.setDate(ind++, new java.sql.Date(new Date().getTime()));
              pstmt.setString(ind++, m_securityUser.m_userId);
              pstmt.setString(ind++, m_appMsg.getMsg());
              pstmt.setString(ind++, m_appMsg.getCreateId());
              pstmt.setString(ind++, m_systemName);
              pstmt.executeUpdate();
              if (getErrors().size() == 0) {
                m_appMsg = new AppMsg();
                m_appMsg.setSystemName(m_systemName);
                AlertMessages.getAlertMessages(conn, 0);
                clearInputFields();
              }
            }
          }
        }
      }
    } catch (RuntimeException exp) {
      exp.printStackTrace();
      logError("Exception: " + exp);
    } catch (SQLException exp) {
      exp.printStackTrace();
      logger.warn("The database operation was not successful.");
      logError("Exception: " + exp);
    } catch (Exception exp) {
      exp.printStackTrace();
      logError("Exception: " + exp);
    } finally {
      releaseDatabaseConnection(conn);
    }
    return new ActionRouter(ALERTS_PAGE);
  }