List of usage examples for javax.servlet.http HttpServletResponse encodeRedirectUrl
@Deprecated
public String encodeRedirectUrl(String url);
From source file:org.muse.mneme.tool.QuestionEditView.java
/** * {@inheritDoc}/* w w w . j a v a 2 s .co m*/ */ public void post(HttpServletRequest req, HttpServletResponse res, Context context, String[] params) throws IOException { // [2] pool_sort / [3] pool_id / [4] question_sort / [5] question_page / [6] question_id if ((params.length != 7)) throw new IllegalArgumentException(); String questionId = params[6]; // get the question to work on Question question = this.questionService.getQuestion(questionId); if (question == null) throw new IllegalArgumentException(); // put the question in the context context.put("question", question); // read form String destination = this.uiService.decode(req, context); // consolidate the question destination = question.getTypeSpecificQuestion().consolidate(destination); // save try { this.questionService.saveQuestion(question); } catch (AssessmentPermissionException e) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.unauthorized))); return; } // if destination became null, or is the stay here if ((destination == null) || ("STAY".equals(destination))) { destination = context.getDestination(); } // redirect res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, destination))); }
From source file:com.epam.cme.storefront.interceptors.beforecontroller.SecurityUserCheckBeforeControllerHandler.java
@Override public boolean beforeController(final HttpServletRequest request, final HttpServletResponse response) throws IOException { // Skip this security check when run from within the WCMS Cockpit if (isPreviewDataModelValid(request)) { return true; }//w w w. ja va2s. c om final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication != null) { final Object principal = authentication.getPrincipal(); if (principal instanceof String) { final String springSecurityUserId = (String) principal; final String hybrisUserId = userService.getCurrentUser().getUid(); if (!springSecurityUserId.equals(hybrisUserId)) { LOG.error("User miss-match springSecurityUserId [" + springSecurityUserId + "] hybris session user [" + hybrisUserId + "]. Invalidating session."); // Invalidate session and redirect to the root page request.getSession().invalidate(); final String encodedRedirectUrl = response.encodeRedirectURL(request.getContextPath() + "/"); response.sendRedirect(encodedRedirectUrl); return false; } } } return true; }
From source file:org.etudes.mneme.tool.PartManageView.java
/** * {@inheritDoc}/* www. j ava2s.com*/ */ public void get(HttpServletRequest req, HttpServletResponse res, Context context, String[] params) throws IOException { // aid, return if (params.length < 3) { throw new IllegalArgumentException(); } String assessmentId = params[2]; String destination = null; if (params.length > 3) { destination = "/" + StringUtil.unsplit(params, 3, params.length - 3, "/"); } // if not specified, go to the main assessment_edit view else { destination = "/assessment_edit/" + assessmentId; } context.put("return", destination); final Assessment assessment = assessmentService.getAssessment(assessmentId); if (assessment == null) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.invalid))); return; } // security check if (!assessmentService.allowEditAssessment(assessment)) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.unauthorized))); return; } // // clear the assessment of any empty parts (if not mint, which would end up causing it to become a stale mint and vanish!) // if (!assessment.getMint()) // { // try // { // assessment.getParts().removeEmptyParts(); // this.assessmentService.saveAssessment(assessment); // } // catch (AssessmentPermissionException e) // { // // redirect to error // res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.unauthorized))); // return; // } // catch (AssessmentPolicyException e) // { // // redirect to error // res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.policy))); // return; // } // } context.put("parts", assessment.getParts().getParts()); // collect information: the selected assessment context.put("assessment", assessment); // value holders for the selection check boxes Values values = this.uiService.newValues(); context.put("ids", values); // render uiService.render(ui, context); }
From source file:org.muse.mneme.tool.PartEditView.java
/** * {@inheritDoc}//from ww w.jav a 2s . c o m */ public void get(HttpServletRequest req, HttpServletResponse res, Context context, String[] params) throws IOException { // [2]sort for /assessments, [3]aid |[4] pid |optional->| [5]our sort if (params.length < 5 || params.length > 6) { throw new IllegalArgumentException(); } // sort for the assessments view context.put("assessmentSort", params[2]); // sort parameter (default for dpart is pool ascending) String sortCode = "0A"; if (params.length > 5) sortCode = params[5]; String assessmentId = params[3]; Assessment assessment = assessmentService.getAssessment(assessmentId); if (assessment == null) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.invalid))); return; } context.put("assessment", assessment); String partId = params[4]; Part part = assessment.getParts().getPart(partId); if (part == null) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.invalid))); return; } context.put("part", part); // security check if (!assessmentService.allowEditAssessment(assessment)) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.unauthorized))); return; } // based on the part type... if (part instanceof DrawPart) { getDraw(assessment, (DrawPart) part, sortCode, context); } else { getManual(assessment, (ManualPart) part, req, res, context, params); } }
From source file:org.etudes.mneme.tool.DrawQuestionsView.java
/** * {@inheritDoc}//from w w w. ja v a 2 s .c o m */ public void get(HttpServletRequest req, HttpServletResponse res, Context context, String[] params) throws IOException { // [2] assessment id, [3] part id, [4] sort, return address in the rest if (params.length < 5) throw new IllegalArgumentException(); String destination = null; if (params.length > 5) { destination = "/" + StringUtil.unsplit(params, 5, params.length - 5, "/"); } // if not specified, go to the main list page else { destination = "/assessments"; } context.put("return", destination); String assessmentId = params[2]; Assessment assessment = assessmentService.getAssessment(assessmentId); if (assessment == null) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.invalid))); return; } context.put("assessment", assessment); String partId = params[3]; Part part = assessment.getParts().getPart(partId); if (part == null) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.invalid))); return; } context.put("part", part); // security check if (!assessmentService.allowEditAssessment(assessment)) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.unauthorized))); return; } // sort String sortCode = params[4]; if ((sortCode == null) || (sortCode.length() != 2)) { throw new IllegalArgumentException(); } context.put("sort_column", sortCode.charAt(0)); context.put("sort_direction", sortCode.charAt(1)); PoolService.FindPoolsSort sort = findSortCode(sortCode); // pre-read question counts per pool this.questionService.preCountContextQuestions(toolManager.getCurrentPlacement().getContext()); // get the pool draw list // - all the pools for the user (select, sort, page) crossed with the assessment's actual draws // - these are virtual draws, not part of the Part details List<PoolDraw> draws = getDraws(assessment, sort); context.put("draws", draws); // for the selected "for" part Value value = this.uiService.newValue(); value.setValue(part.getId()); context.put("partId", value); // render uiService.render(ui, context); }
From source file:com.acc.storefront.interceptors.beforecontroller.SecurityUserCheckBeforeControllerHandler.java
@Override public boolean beforeController(final HttpServletRequest request, final HttpServletResponse response, final HandlerMethod handler) throws IOException { // Skip this security check when run from within the WCMS Cockpit if (isPreviewDataModelValid(request)) { return true; }//from w ww. j a va 2 s. c om final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication != null) { final Object principal = authentication.getPrincipal(); if (principal instanceof String) { final String springSecurityUserId = (String) principal; final String hybrisUserId = userService.getCurrentUser().getUid(); if (!springSecurityUserId.equals(hybrisUserId)) { LOG.error("User miss-match springSecurityUserId [" + springSecurityUserId + "] hybris session user [" + hybrisUserId + "]. Invalidating session."); // Invalidate session and redirect to the root page request.getSession().invalidate(); final String encodedRedirectUrl = response.encodeRedirectURL(request.getContextPath() + "/"); response.sendRedirect(encodedRedirectUrl); return false; } } } return true; }
From source file:org.springframework.security.ui.ntlm.NtlmAuthenticationFilterEntryPoint.java
/** * Sends an NTLM challenge to the browser requiring authentication. The * WWW-Authenticate header is populated with the appropriate information * during the negotiation lifecycle by calling the getMessage() method * from an NTLM-specific subclass of {@link NtlmBaseException}: * <p>/*from w ww . j a v a2 s. c o m*/ * <ul> * <li>{@link NtlmBeginHandshakeException}: NTLM * <li>{@link NtlmType2MessageException}: NTLM <base64-encoded type-2-message> * </ul> * * If the {@link AuthenticationException} is not a subclass of * {@link NtlmBaseException}, then redirect the user to the authentication * failure URL. * * @param request The {@link HttpServletRequest} object. * @param response Then {@link HttpServletResponse} object. * @param authException Either {@link NtlmBeginHandshakeException}, * {@link NtlmType2MessageException}, or * {@link AuthenticationException} */ public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException { final HttpServletResponse resp = response; if (authException instanceof NtlmBaseException) { if (authException instanceof NtlmType2MessageException) { ((NtlmType2MessageException) authException).preserveAuthentication(); } resp.setHeader("WWW-Authenticate", authException.getMessage()); resp.setHeader("Connection", "Keep-Alive"); resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED); resp.setContentLength(0); resp.flushBuffer(); LOGGER.debug("NTLM auth exception: ", authException); return; } if (authenticationFailureUrl == null) { if (!response.isCommitted()) { (response).sendError(HttpServletResponse.SC_FORBIDDEN, authException.getMessage()); } } else { String url = authenticationFailureUrl; if (!url.startsWith("http://") && !url.startsWith("https://")) { url = (request).getContextPath() + url; } resp.sendRedirect(resp.encodeRedirectURL(url)); } }
From source file:com.mitre.storefront.interceptors.beforecontroller.SecurityUserCheckBeforeControllerHandler.java
@Override public boolean beforeController(final HttpServletRequest request, final HttpServletResponse response, final HandlerMethod handler) throws IOException { // Skip this security check when run from within the WCMS Cockpit if (isPreviewDataModelValid(request)) { return true; }//from w w w .j a v a2s . co m final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication != null) { final Object principal = authentication.getPrincipal(); if (principal instanceof String) { final String springSecurityUserId = (String) principal; final String hybrisUserId = userService.getCurrentUser().getUid(); if (!springSecurityUserId.equals(hybrisUserId)) { LOG.error("User miss-match springSecurityUserId [" + springSecurityUserId + "] hybris session user [" + hybrisUserId + "]. Invalidating session."); // Invalidate session and redirect to the root page request.getSession().invalidate(); final String encodedRedirectUrl = response.encodeRedirectURL(request.getContextPath() + "/"); final String ajaxHeader = request.getHeader(ajaxRequestHeaderKey); if (ajaxRequestHeaderValue.equals(ajaxHeader)) { response.addHeader("redirectUrl", encodedRedirectUrl); response.sendError(Integer.parseInt(ajaxRedirectErrorCode)); } else { response.sendRedirect(encodedRedirectUrl); } return false; } } } return true; }
From source file:org.etudes.mneme.tool.PartManageView.java
/** * {@inheritDoc}// w ww. jav a 2 s .c om */ public void post(HttpServletRequest req, HttpServletResponse res, Context context, String[] params) throws IOException { // aid, return if (params.length < 3) { throw new IllegalArgumentException(); } String assessmentId = params[2]; String returnDestination = null; if (params.length > 3) { returnDestination = "/" + StringUtil.unsplit(params, 3, params.length - 3, "/"); } // if not specified, go to the main assessment_edit view else { returnDestination = "/assessment_edit/" + assessmentId; } final Assessment assessment = assessmentService.getAssessment(assessmentId); if (assessment == null) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.invalid))); return; } // security check if (!assessmentService.allowEditAssessment(assessment)) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.unauthorized))); return; } // for editing the parts titles PopulatingSet parts = uiService.newPopulatingSet(new Factory() { public Object get(String id) { Part part = assessment.getParts().getPart(id); return part; } }, new Id() { public String getId(Object o) { return ((Part) o).getId(); } }); context.put("parts", parts); // setup the model: the selected assessment context.put("assessment", assessment); // value holders for the selection check boxes Values values = this.uiService.newValues(); context.put("ids", values); // for the upload of attachments Upload upload = new Upload(this.toolManager.getCurrentPlacement().getContext(), AttachmentService.DOCS_AREA, this.attachmentService); context.put("upload", upload); // read the form String destination = uiService.decode(req, context); // save the attachments upload if (upload.getUpload() != null) { assessment.getPresentation().addAttachment(upload.getUpload()); } // // handle an attachments remove // if (destination.startsWith("REMOVE:")) // { // String[] parts = StringUtil.split(destination, ":"); // if (parts.length != 2) // { // throw new IllegalArgumentException(); // } // String refString = parts[1]; // Reference ref = this.entityManager.newReference(refString); // // // remove from the assessment // assessment.getPresentation().removeAttachment(ref); // // // remove the attachment // // TODO: really? // this.attachmentService.removeAttachment(ref); // // // stay here // destination = context.getDestination(); // } try { if (destination.equals("ADD")) { assessment.getParts().addPart(); this.assessmentService.saveAssessment(assessment); destination = context.getDestination(); } else if (destination.equals("DELETE")) { for (String id : values.getValues()) { Part part = assessment.getParts().getPart(id); if (part == null) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.invalid))); return; } // remove part assessment.getParts().removePart(part); } this.assessmentService.saveAssessment(assessment); destination = context.getDestination(); } else if (destination.equals("SAVE")) { this.assessmentService.saveAssessment(assessment); destination = context.getDestination(); } else if (destination.equals("INSTRUCTIONS")) { // save the assessment this.assessmentService.saveAssessment(assessment); destination = "/instructions_edit/" + assessmentId + "/part_manage/" + assessmentId + returnDestination; } else { this.assessmentService.saveAssessment(assessment); } } catch (AssessmentPermissionException e) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.unauthorized))); return; } catch (AssessmentPolicyException e) { // redirect to error res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.policy))); return; } // redirect to the next destination res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, destination))); }
From source file:com.jaspersoft.jasperserver.api.metadata.user.service.impl.RequestAuthenticationProcessingFilter.java
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException { if (logger.isDebugEnabled()) { logger.debug("Authentication success: " + authResult.toString()); }//from www.ja va2s . c om SecurityContextHolder.getContext().setAuthentication(authResult); if (logger.isDebugEnabled()) { logger.debug( "Updated SecurityContextHolder to contain the following Authentication: '" + authResult + "'"); } String targetUrl = (new SavedRequest(request, portResolver)).getFullRequestUrl(); if (logger.isDebugEnabled()) { logger.debug("Redirecting to target URL from HTTP Session (or default): " + targetUrl); } onSuccessfulAuthentication(request, response, authResult); getRememberMeServices().loginSuccess(request, response, authResult); // Fire event if (this.eventPublisher != null) { eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass())); } response.sendRedirect(response.encodeRedirectURL(targetUrl)); }