Example usage for javax.servlet ServletRequest getParameter

List of usage examples for javax.servlet ServletRequest getParameter

Introduction

In this page you can find the example usage for javax.servlet ServletRequest getParameter.

Prototype

public String getParameter(String name);

Source Link

Document

Returns the value of a request parameter as a String, or null if the parameter does not exist.

Usage

From source file:org.eclipse.skalli.view.internal.filter.LoginFilter.java

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {

    long timeBeginnProcessing = System.currentTimeMillis();

    HttpServletRequest httpRequest = (HttpServletRequest) request;

    String pathInfo = httpRequest.getPathInfo();
    String requestURL = httpRequest.getRequestURL().toString();

    // servletUrl = schema://host:port/contextPath/servletPath
    String servletURL = StringUtils.removeEnd(requestURL, pathInfo);
    request.setAttribute(Consts.ATTRIBUTE_SERVLET_URL, servletURL);

    // baseUrl = schema://host:port/contextPath
    String baseURL = StringUtils.removeEnd(servletURL, httpRequest.getServletPath());
    request.setAttribute(Consts.ATTRIBUTE_BASE_URL, baseURL);

    // webLocator = schema://host:port
    String webLocator = StringUtils.removeEnd(requestURL, httpRequest.getRequestURI());
    request.setAttribute(Consts.ATTRIBUTE_WEBLOCATOR, webLocator);

    String paramProjectId = request.getParameter(Consts.PARAM_ID);

    // determine the project from the URL
    Project project = null;/*from   w ww .  j ava2 s . c  o  m*/
    ProjectService projectService = ((ProjectService) EntityServices.getByEntityClass(Project.class));

    // first check if project can be deduced from pathInfo
    if (StringUtils.isNotBlank(pathInfo)) {
        if (pathInfo.startsWith(FilterUtil.PATH_SEPARATOR)) {
            pathInfo = pathInfo.replaceFirst(FilterUtil.PATH_SEPARATOR, StringUtils.EMPTY);
        }
        if (pathInfo.contains(FilterUtil.PATH_SEPARATOR)) {
            pathInfo = pathInfo.substring(0, pathInfo.indexOf(FilterUtil.PATH_SEPARATOR));
        }
        project = projectService.getProjectByProjectId(pathInfo);

        // project not found by name, search by UUID
        if (project == null && UUIDUtils.isUUID(pathInfo)) {
            UUID uuid = UUIDUtils.asUUID(pathInfo);
            project = projectService.getByUUID(uuid);
            // project not found by UUID, search for deleted project by UUID
            if (project == null) {
                project = projectService.getDeletedProject(uuid);
            }
        }

        if (project == null) {
            request.setAttribute(Consts.ATTRIBUTE_WINDOWNAME, httpRequest.getPathInfo());
        }
    }

    // project not found by pathInfo, check if project is provided via URL parameter
    if (project == null && StringUtils.isNotBlank(paramProjectId)) {
        project = projectService.getProjectByProjectId(paramProjectId);
        if (project == null) {
            // currently we don't support a scenario where projects are passed via UUID
            FilterUtil.handleException(request, response,
                    new FilterException(String.format("Invalid project identifier '%s' specified in query '%s'",
                            paramProjectId, Consts.PARAM_ID)));
            return;
        }
    }

    if (project != null) {
        request.setAttribute(Consts.ATTRIBUTE_PROJECT, project);
        request.setAttribute(Consts.ATTRIBUTE_PROJECTID, project.getProjectId());
        request.setAttribute(Consts.ATTRIBUTE_PROJECTUUID, project.getUuid().toString());
    } else {
        // do nothing if project is null since this filter runs during
        // creation of projects and displaying of search results, too
    }

    // login and ensure that the user is allowed to access
    PermitService permitService = Services.getRequiredService(PermitService.class);
    String userId = permitService.login(httpRequest, project);
    User user = null;
    boolean isAnonymousUser = StringUtils.isBlank(userId);
    if (isAnonymousUser && rejectAnonymousUsers) {
        FilterUtil.handleACException(httpRequest, response,
                new AccessControlException("Forbidden for anonymous users"));
        return;
    }
    if (!isAnonymousUser) {
        request.setAttribute(Consts.ATTRIBUTE_USERID, userId);
        String userDisplayName = userId;
        user = UserServices.getUser(userId);
        if (user != null) {
            userDisplayName = user.getDisplayName();
            request.setAttribute(Consts.ATTRIBUTE_USER, user);
        }
        request.setAttribute(Consts.ATTRIBUTE_USER_DISPLAY_NAME, userDisplayName);
    }

    boolean isProjectAdmin = !isAnonymousUser && project != null
            && (GroupUtils.isAdministrator(userId) || Permits.isAllowed(Permit.ACTION_PUT, project));
    boolean isProjectAdminInParentChain = !isAnonymousUser && project != null
            && ProjectUtils.isProjectAdminInParentChain(userId, project);

    request.setAttribute(Consts.ATTRIBUTE_ANONYMOUS_USER, isAnonymousUser);
    request.setAttribute(Consts.ATTRIBUTE_PROJECTADMIN, isProjectAdmin);
    request.setAttribute(Consts.ATTRIBUTE_PARENTPROJECTADMIN, isProjectAdminInParentChain);

    // track the access
    Statistics statistics = Statistics.getDefault();
    if (user != null) {
        statistics.trackUser(userId, user.getDepartment(), user.getLocation());
    } else if (StringUtils.isNotBlank(userId)) {
        statistics.trackUser(userId, null, null);
    }

    String referer = httpRequest.getHeader("Referer"); //$NON-NLS-1$
    if (StringUtils.isBlank(referer)) {
        referer = request.getParameter("referer"); //$NON-NLS-1$
    }

    if (StringUtils.isNotBlank(referer)) {
        statistics.trackReferer(userId, referer);
    }

    String requestLine = MessageFormat.format("{0} {1}", //$NON-NLS-1$
            httpRequest.getMethod(), httpRequest.getRequestURI());
    if (project != null) {
        requestLine = MessageFormat.format("{0} /projects/{1}", //$NON-NLS-1$
                httpRequest.getMethod(), project.getProjectId());
    }
    statistics.trackUsage(userId, requestLine, referer);

    String browser = httpRequest.getHeader("User-Agent"); //$NON-NLS-1$
    if (StringUtils.isNotBlank(browser)) {
        statistics.trackBrowser(userId, browser);
    }

    // proceed along the chain
    chain.doFilter(request, response);

    // track the overall response time
    long responseTime = System.currentTimeMillis() - timeBeginnProcessing;
    statistics.trackResponseTime(userId, requestLine, responseTime);
    LOG.info(MessageFormat.format("{0}: responseTime={1} milliseconds)", requestLine,
            Long.toString(responseTime)));
}

From source file:org.agnitas.util.AgnUtils.java

/**
 * Getter for property parameterMap./*from   www.  ja va2 s .co m*/
 *
 * @return Value of property parameterMap.
 */
public static Map<String, String> getRequestParameterMap(ServletRequest req) {
    Map<String, String> parameterMap = new HashMap<String, String>();
    @SuppressWarnings("unchecked")
    Enumeration<String> e = req.getParameterNames();
    while (e.hasMoreElements()) {
        String parameterName = e.nextElement();
        String paremeterValue = req.getParameter(parameterName);
        parameterMap.put(parameterName, paremeterValue);
    }

    return parameterMap;
}

From source file:org.sakaiproject.portlets.PortletIFrame.java

public void doView(RenderRequest request, RenderResponse response) throws PortletException, IOException {
    response.setContentType("text/html");

    // System.out.println("==== doView called ====");

    // Grab that underlying request to get a GET parameter
    ServletRequest req = (ServletRequest) ThreadLocalManager.get(CURRENT_HTTP_REQUEST);
    String popupDone = req.getParameter("sakai.popup");

    PrintWriter out = response.getWriter();
    Context context = new VelocityContext();
    Placement placement = ToolManager.getCurrentPlacement();
    Properties config = getAllProperties(placement);

    response.setTitle(placement.getTitle());
    String source = config.getProperty(SOURCE);
    if (source == null)
        source = "";
    String height = config.getProperty(HEIGHT);
    if (height == null)
        height = "1200px";
    String sakaiPropertiesUrlKey = config.getProperty(SAKAI_PROPERTIES_URL_KEY);
    String hideOptions = config.getProperty(HIDE_OPTIONS);

    String special = getSpecial(config);

    // Handle the situation where we are displaying the worksite information
    if (SPECIAL_WORKSITE.equals(special)) {
        try {//from  w w  w  .  j  a v  a 2  s. c  om
            // If the site does not have an info url, we show description or title
            Site s = SiteService.getSite(placement.getContext());
            String rv = StringUtils.trimToNull(s.getInfoUrlFull());
            if (rv == null) {
                String siteInfo = StringUtils.trimToNull(s.getDescription());
                if (siteInfo == null) {
                    siteInfo = StringUtils.trimToNull(s.getTitle());
                }
                StringBuilder alertMsg = new StringBuilder();
                if (siteInfo != null)
                    siteInfo = validator.processFormattedText(siteInfo, alertMsg);
                context.put("siteInfo", siteInfo);
                vHelper.doTemplate(vengine, "/vm/info.vm", context, out);
                return;
            }
        } catch (Exception any) {
            any.printStackTrace();
        }
    }

    boolean popup = "true".equals(placement.getPlacementConfig().getProperty(POPUP));
    boolean maximize = "true".equals(placement.getPlacementConfig().getProperty(MAXIMIZE));

    // set the pass_pid parameter
    String passPidStr = config.getProperty(PASS_PID, "false");
    boolean passPid = "true".equalsIgnoreCase(passPidStr);

    // Set the macro expansion
    String macroExpansionStr = config.getProperty(MACRO_EXPANSION, "true");
    boolean macroExpansion = !("false".equalsIgnoreCase(macroExpansionStr));

    // Compute the URL
    String url = sourceUrl(special, source, placement.getContext(), macroExpansion, passPid, placement.getId(),
            sakaiPropertiesUrlKey);

    //System.out.println("special="+special+" source="+source+" pgc="+placement.getContext()+" macroExpansion="+macroExpansion+" passPid="+passPid+" PGID="+placement.getId()+" sakaiPropertiesUrlKey="+sakaiPropertiesUrlKey+" url="+url);

    if (url != null && url.trim().length() > 0) {
        url = sanitizeHrefURL(url);
        if (url == null || !validateURL(url)) {
            M_log.warn("invalid URL suppressed placement=" + placement.getId() + " site="
                    + placement.getContext() + " url=" + url);
            url = "about:blank";
        }

        // Check if the site sets X-Frame options
        popup = popup || popupXFrame(request, placement, url);

        Session session = SessionManager.getCurrentSession();
        String csrfToken = (String) session.getAttribute(UsageSessionService.SAKAI_CSRF_SESSION_ATTRIBUTE);
        if (csrfToken != null)
            context.put("sakai_csrf_token", csrfToken);
        context.put("tlang", rb);
        context.put("includeLatestJQuery", PortalUtils.includeLatestJQuery("PortletIFrame"));
        context.put("validator", validator);
        context.put("source", url);
        context.put("height", height);
        sendAlert(request, context);
        context.put("popup", Boolean.valueOf(popup));
        context.put("popupdone", Boolean.valueOf(popupDone != null));
        context.put("maximize", Boolean.valueOf(maximize));
        context.put("placement", placement.getId().replaceAll("[^a-zA-Z0-9]", "_"));
        context.put("loadTime", new Long(xframeLoad));

        // SAK-23566 capture the view calendar events
        if (placement != null && placement.getContext() != null && placement.getId() != null) {
            EventTrackingService ets = (EventTrackingService) ComponentManager.get(EventTrackingService.class);
            if (ets != null) {
                String eventRef = "/web/" + placement.getContext() + "/id/" + placement.getId() + "/url/"
                        + URLEncoder.encode(url, "UTF-8");
                eventRef = StringUtils.abbreviate(eventRef, 240); // ensure the ref won't pass 255 chars
                String etsProperty = (StringUtils
                        .trimToNull(config.getProperty(EVENT_ACCESS_WEB_CONTENT)) != null)
                                ? config.getProperty(EVENT_ACCESS_WEB_CONTENT)
                                : EVENT_ACCESS_WEB_CONTENT;
                ets.post(ets.newEvent(etsProperty, eventRef, false));
            }
        }

        // TODO: state.setAttribute(TARGETPAGE_URL,config.getProperty(TARGETPAGE_URL));
        // TODO: state.setAttribute(TARGETPAGE_NAME,config.getProperty(TARGETPAGE_NAME));

        vHelper.doTemplate(vengine, "/vm/main.vm", context, out);
    } else {
        out.println("Not yet configured");
    }

    // TODO: state.setAttribute(EVENT_ACCESS_WEB_CONTENT, config.getProperty(EVENT_ACCESS_WEB_CONTENT));
    // TODO: state.setAttribute(EVENT_REVISE_WEB_CONTENT, config.getProperty(EVENT_REVISE_WEB_CONTENT));

    // System.out.println("==== doView complete ====");
}

From source file:com.springsource.hq.plugin.tcserver.serverconfig.web.support.HqAuthenticationFilter.java

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();

    /**/*from  w  w  w . j a v a2  s  . c o m*/
     * If authentication isn't empty, look for the chance that the user was authenticated by
     * AnonymousAuthenticationProvider. If this is the case, there will be security credentials, but no session role
     * granted yet. The filter pulls sessionId from the session, and checks against HQ. If successful, it replaces
     * the existing token with an HQ-specific one.
     * 
     * If there is already an HqAuthenticationToken then grab the token's sessionId, and re-verify that the session
     * is active. If the sessionId is null (which only happens when manually entering URLs), send user down the
     * filter stack.
     * 
     * If there is no HqAuthenticationToken at all (which should only happen if there is a faulty change in
     * configuration), then go down the filter stack, allowing Spring Security to fail on lack of security
     * credentials. Spring Security tends to throw some sort of meaningful error indicating what is missing.
     */
    if (auth != null) {
        logger.debug("Authentication exists => " + auth);
        String sessionId = request.getParameter("sessionId");
        if (sessionId != null) {
            logger.debug("SessionId found => " + sessionId);

            if (!sessionIdExpired(request, sessionId)) {

                UsernamePasswordAuthenticationToken newToken = createHqAuthenticationToken(auth, sessionId);
                logger.debug("Replacing existing authentication with new one => " + newToken);
                SecurityContextHolder.getContext().setAuthentication(newToken);

            }
        } else {
            if (auth instanceof HqAuthenticationToken) {
                HqAuthenticationToken token = (HqAuthenticationToken) auth;
                if (sessionIdExpired(request, token.getSessionId())) {
                    throw new BadCredentialsException("Session has expired. Re-login.");
                }
            } else {
                logger.debug("sessionId not found at all. Unable to check against Hyperic.");
            }
        }
    } else {
        logger.debug("Authentication is currently empty. Unable to check against Hyperic.");
    }

    chain.doFilter(request, response);
}

From source file:com.adito.vfs.webdav.DAVTransaction.java

/**
 * <p>//from   w  ww .j  a v a2 s.c om
 * Create a new {@link DAVTransaction} instance.
 * </p>
 * 
 * @throws URISyntaxException
 */
public DAVTransaction(ServletRequest request, ServletResponse response)
        // throws ServletException, DAVAuthenticationRequiredException {
        throws ServletException, URISyntaxException {
    if (request == null)
        throw new NullPointerException("Null request");
    if (response == null)
        throw new NullPointerException("Null response");
    this.req = (HttpServletRequest) request;
    this.res = (HttpServletResponse) response;
    this.resourceCache = new HashMap();

    /*
     * First see if the launch ID has been provided as a parameter. If it
     * has we can just get the resource session directly. This should happen
     * for web folders that are first launched from an active user session
     * or from a file download from the network place HTML file browser.
     */

    String launchId = request.getParameter(LaunchSession.LAUNCH_ID);

    if (launchId != null) {
        LaunchSession launchSession = LaunchSessionFactory.getInstance().getLaunchSession(launchId);
        if (launchSession != null) {
            sessionInfo = launchSession.getSession();
            LogonControllerFactory.getInstance().addCookies(
                    new ServletRequestAdapter((HttpServletRequest) request),
                    new ServletResponseAdapter((HttpServletResponse) response),
                    launchSession.getSession().getLogonTicket(), launchSession.getSession());
            sessionInfo.access();
        } else if (log.isDebugEnabled())
            log.debug("Could not locate session using ticket");
    }
    sessionInfo = LogonControllerFactory.getInstance().getSessionInfo(req);
    configureFromRequest();
}

From source file:org.xwiki.wysiwyg.filter.ConversionFilter.java

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
        throws IOException, ServletException {
    // Take the list of request parameters that require HTML conversion.
    String[] parametersRequiringHTMLConversion = req.getParameterValues(REQUIRES_HTML_CONVERSION);
    if (parametersRequiringHTMLConversion != null) {
        MutableServletRequestFactory mreqFactory = Utils.getComponent((Type) MutableServletRequestFactory.class,
                req.getProtocol());/*  w  w  w  .j  av a 2  s  .c  o  m*/
        // Wrap the current request in order to be able to change request parameters.
        MutableServletRequest mreq = mreqFactory.newInstance(req);
        // Remove the list of request parameters that require HTML conversion to avoid recurrency.
        mreq.removeParameter(REQUIRES_HTML_CONVERSION);
        // Try to convert each parameter from the list and save caught exceptions.
        Map<String, Throwable> errors = new HashMap<String, Throwable>();
        // Save also the output to prevent loosing data in case of conversion exceptions.
        Map<String, String> output = new HashMap<String, String>();
        for (int i = 0; i < parametersRequiringHTMLConversion.length; i++) {
            String parameterName = parametersRequiringHTMLConversion[i];
            String html = req.getParameter(parameterName);
            // Remove the syntax parameter from the request to avoid interference with further request processing.
            String syntax = mreq.removeParameter(parameterName + "_syntax");
            if (html == null || syntax == null) {
                continue;
            }
            try {
                HTMLConverter converter = Utils.getComponent((Type) HTMLConverter.class);
                mreq.setParameter(parameterName, converter.fromHTML(html, syntax));
            } catch (Exception e) {
                LOGGER.error(e.getLocalizedMessage(), e);
                errors.put(parameterName, e);
            }
            // If the conversion fails the output contains the value before the conversion.
            output.put(parameterName, mreq.getParameter(parameterName));
        }

        if (!errors.isEmpty()) {
            handleConversionErrors(errors, output, mreq, res);
        } else {
            chain.doFilter(mreq, res);
        }
    } else {
        chain.doFilter(req, res);
    }
}

From source file:org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.java

protected boolean handleLogout(ServletRequest request, ServletResponse response,
        CachableUserIdentificationInfo cachedUserInfo) throws ServletException {
    logLogout(cachedUserInfo.getUserInfo());

    // invalidate Session !
    service.invalidateSession(request);/*from   w  ww .ja  va2  s  . co m*/

    request.setAttribute(DISABLE_REDIRECT_REQUEST_KEY, Boolean.TRUE);
    Map<String, String> parameters = new HashMap<String, String>();
    String securityError = request.getParameter(SECURITY_ERROR);
    if (securityError != null) {
        parameters.put(SECURITY_ERROR, securityError);
    }
    if (cachedUserInfo.getPrincipal().getName().equals(getAnonymousId())) {
        parameters.put(FORCE_ANONYMOUS_LOGIN, "true");
    }
    String requestedUrl = request.getParameter(REQUESTED_URL);
    if (requestedUrl != null) {
        parameters.put(REQUESTED_URL, requestedUrl);
    }
    // Reset JSESSIONID Cookie
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    Cookie cookie = new Cookie("JSESSIONID", null);
    cookie.setMaxAge(0);
    cookie.setPath("/");
    httpResponse.addCookie(cookie);

    String pluginName = cachedUserInfo.getUserInfo().getAuthPluginName();
    NuxeoAuthenticationPlugin authPlugin = service.getPlugin(pluginName);
    NuxeoAuthenticationPluginLogoutExtension logoutPlugin = null;

    if (authPlugin instanceof NuxeoAuthenticationPluginLogoutExtension) {
        logoutPlugin = (NuxeoAuthenticationPluginLogoutExtension) authPlugin;
    }

    boolean redirected = false;
    if (logoutPlugin != null) {
        redirected = Boolean.TRUE.equals(
                logoutPlugin.handleLogout((HttpServletRequest) request, (HttpServletResponse) response));
    }
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    if (!redirected && !XMLHTTP_REQUEST_TYPE.equalsIgnoreCase(httpRequest.getHeader("X-Requested-With"))) {
        String baseURL = service.getBaseURL(request);
        try {
            String url = baseURL + LoginScreenHelper.getStartupPagePath();
            url = URIUtils.addParametersToURIQuery(url, parameters);
            ((HttpServletResponse) response).sendRedirect(url);
            redirected = true;
        } catch (IOException e) {
            log.error("Unable to redirect to default start page after logout : " + e.getMessage());
        }
    }

    try {
        cachedUserInfo.getLoginContext().logout();
    } catch (LoginException e) {
        log.error("Unable to logout " + e.getMessage());
    }
    return redirected;
}

From source file:org.apache.nifi.web.security.x509.X509AuthenticationFilter.java

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
    final HttpServletResponse httpResponse = (HttpServletResponse) response;

    // determine if this request is attempting to create a new account
    if (isNewAccountRequest((HttpServletRequest) request)) {
        // determine if this nifi supports new account requests
        if (properties.getSupportNewAccountRequests()) {
            // ensure there is a certificate in the request
            X509Certificate certificate = certificateExtractor
                    .extractClientCertificate((HttpServletRequest) request);
            if (certificate != null) {
                // extract the principal from the certificate
                Object certificatePrincipal = principalExtractor.extractPrincipal(certificate);
                String principal = certificatePrincipal.toString();

                // log the new user account request
                logger.info("Requesting new user account for " + principal);

                try {
                    // get the justification
                    String justification = request.getParameter("justification");
                    if (justification == null) {
                        justification = StringUtils.EMPTY;
                    }/*from   w w w . j  av a2s  .  co m*/

                    // create the pending user account
                    userService.createPendingUserAccount(principal, justification);

                    // generate a response
                    httpResponse.setStatus(HttpServletResponse.SC_CREATED);
                    httpResponse.setContentType("text/plain");

                    // write the response message
                    PrintWriter out = response.getWriter();
                    out.println("Not authorized. User account created. Authorization pending.");
                } catch (IllegalArgumentException iae) {
                    handleUserServiceError((HttpServletRequest) request, httpResponse,
                            HttpServletResponse.SC_BAD_REQUEST, iae.getMessage());
                } catch (AdministrationException ae) {
                    handleUserServiceError((HttpServletRequest) request, httpResponse,
                            HttpServletResponse.SC_INTERNAL_SERVER_ERROR, ae.getMessage());
                }
            } else {
                // can this really happen?
                handleMissingCertificate((HttpServletRequest) request, httpResponse);
            }
        } else {
            handleUserServiceError((HttpServletRequest) request, httpResponse, HttpServletResponse.SC_NOT_FOUND,
                    "This NiFi does not support new account requests.");
        }
    } else {
        try {
            // this not a request to create a user account - try to authorize
            super.doFilter(request, response, chain);
        } catch (AuthenticationException ae) {
            // continue the filter chain since anonymous access should be supported
            if (!properties.getNeedClientAuth()) {
                chain.doFilter(request, response);
            } else {
                // create an appropriate response for the given exception
                handleUnsuccessfulAuthentication((HttpServletRequest) request, httpResponse, ae);
            }
        }
    }
}

From source file:org.eclipse.skalli.view.internal.filter.ProjectPermitsFilter.java

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {

    HttpServletRequest httpRequest = (HttpServletRequest) request;

    // retrieve userId and project instance from previous filters in chain
    String userId = (String) request.getAttribute(Consts.ATTRIBUTE_USERID);
    Project project = (Project) request.getAttribute(Consts.ATTRIBUTE_PROJECT);
    boolean isAnonymousUser = BooleanUtils
            .toBoolean((Boolean) request.getAttribute(Consts.ATTRIBUTE_ANONYMOUS_USER));
    boolean isProjectAdmin = BooleanUtils
            .toBoolean((Boolean) request.getAttribute(Consts.ATTRIBUTE_PROJECTADMIN));

    String servletPath = httpRequest.getServletPath();
    String pathInfo = httpRequest.getPathInfo();

    if (servletPath.startsWith(Consts.URL_PROJECTS)) {
        // handle access to project detail page
        if (project != null && !Permits.hasProjectPermit(Permit.ALLOW, Permit.ACTION_GET, project)) {
            AccessControlException e = new AccessControlException(MessageFormat.format(
                    "User ''{0}'' is not authorized to view project ''{1}''", userId, project.getProjectId()));
            FilterUtil.handleACException(httpRequest, response, e);
            return;
        }/* www  .  j  ava2 s  . c  o  m*/
        // handle URL starting with /projects
        String actionValue = request.getParameter(Consts.PARAM_ACTION);
        if (project != null && Consts.PARAM_VALUE_EDIT.equals(actionValue)) {
            // handle /projects/{projectId}?action=edit
            if (!isProjectAdmin) {
                AccessControlException e = new AccessControlException(
                        MessageFormat.format("User ''{0}'' is not authorized to edit project ''{1}''", userId,
                                project.getProjectId()));
                FilterUtil.handleACException(httpRequest, response, e);
                return;
            }
        } else if (project == null && StringUtils.isNotBlank(pathInfo)) {
            // handle /projects/{projectId} with unknown projectId => project creation dialog
            if (isAnonymousUser) {
                AccessControlException e = new AccessControlException(
                        "Anonymous users are not authorized to create new projects");
                FilterUtil.handleACException(httpRequest, response, e);
                return;
            }
        }
    } else {
        // handle all other URLs not starting with /projects
        if (isAnonymousUser) {
            AccessControlException e = new AccessControlException(
                    "Anonymous users are not authorized to view this page");
            FilterUtil.handleACException(request, response, e);
            return;
        }
        if (StringUtils.isNotBlank(pathInfo)) {
            if (project == null) {
                FilterException e = new FilterException(MessageFormat
                        .format("No project instance available although servlet path is {0}.", servletPath));
                FilterUtil.handleException(request, response, e);
                return;
            } else if (!isProjectAdmin) {
                AccessControlException e = new AccessControlException(
                        "User is not authorized to view this page");
                FilterUtil.handleACException(request, response, e);
                return;
            }
        }
    }

    // proceed along the chain
    chain.doFilter(request, response);
}