Java tutorial
/* This file is part of Cyclos (www.cyclos.org). A project of the Social Trade Organisation (www.socialtrade.org). Cyclos is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Cyclos is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with Cyclos; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ package nl.strohalm.cyclos.controls; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import nl.strohalm.cyclos.annotations.Inject; import nl.strohalm.cyclos.controls.access.ChangeExpiredPasswordAction; import nl.strohalm.cyclos.entities.access.AdminUser; import nl.strohalm.cyclos.entities.access.MemberUser; import nl.strohalm.cyclos.entities.access.OperatorUser; import nl.strohalm.cyclos.entities.access.User; import nl.strohalm.cyclos.entities.exceptions.EntityNotFoundException; import nl.strohalm.cyclos.entities.exceptions.QueryParseException; import nl.strohalm.cyclos.entities.settings.LocalSettings; import nl.strohalm.cyclos.exceptions.AccessDeniedException; import nl.strohalm.cyclos.exceptions.ExternalException; import nl.strohalm.cyclos.exceptions.LoggedOutException; import nl.strohalm.cyclos.exceptions.PermissionDeniedException; import nl.strohalm.cyclos.services.access.AccessService; import nl.strohalm.cyclos.services.customization.exceptions.ImageException; import nl.strohalm.cyclos.services.elements.ElementService; import nl.strohalm.cyclos.services.groups.GroupService; import nl.strohalm.cyclos.services.permissions.PermissionService; import nl.strohalm.cyclos.services.settings.SettingsService; import nl.strohalm.cyclos.struts.access.ActionAccessMonitor; import nl.strohalm.cyclos.utils.ActionHelper; import nl.strohalm.cyclos.utils.ImageHelper; import nl.strohalm.cyclos.utils.ImageHelper.ImageType; import nl.strohalm.cyclos.utils.LoginHelper; import nl.strohalm.cyclos.utils.MessageHelper; import nl.strohalm.cyclos.utils.Navigation; import nl.strohalm.cyclos.utils.RequestHelper; import nl.strohalm.cyclos.utils.access.LoggedUser; import nl.strohalm.cyclos.utils.transaction.CurrentTransactionData; import nl.strohalm.cyclos.utils.validation.ValidationException; import org.apache.commons.io.FileUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.struts.action.Action; import org.apache.struts.action.ActionForm; import org.apache.struts.action.ActionForward; import org.apache.struts.action.ActionMapping; import org.apache.struts.upload.MultipartRequestHandler; /** * Abstract action intented to be subclasses by all actions that need a logged user (not LoginAction, for example). The standard execute method is * implemented and marked as final. Another method, executeAction, is exposed for subclasses to implement it in order to perform the specific action * @author luis */ public abstract class BaseAction extends Action { private static final Log LOG = LogFactory.getLog(BaseAction.class); protected LoginHelper loginHelper; protected ActionHelper actionHelper; protected PermissionService permissionService; protected AccessService accessService; protected ElementService elementService; protected GroupService groupService; protected MessageHelper messageHelper; protected SettingsService settingsService; private ActionAccessMonitor actionAccessMonitor; /** * The Struts standard execute method is reserved, being the executeAction the one that subclasses must implement */ @Override public final ActionForward execute(final ActionMapping actionMapping, final ActionForm actionForm, final HttpServletRequest request, final HttpServletResponse response) throws Exception { // Check for uploads that exceeded the max length final Boolean maxLengthExceeded = (Boolean) request .getAttribute(MultipartRequestHandler.ATTRIBUTE_MAX_LENGTH_EXCEEDED); if (maxLengthExceeded != null && maxLengthExceeded) { final LocalSettings settings = settingsService.getLocalSettings(); return ActionHelper.sendError(actionMapping, request, response, "error.maxUploadSizeExceeded", FileUtils.byteCountToDisplaySize(settings.getMaxUploadBytes())); } HttpSession session = request.getSession(false); // Validate the logged user User user = null; try { user = validate(request, response, actionMapping); if (user == null) { return null; } } catch (final LoggedOutException e) { // Invalidate the current session if (session != null) { session.invalidate(); } // Create a new session session = request.getSession(); ActionForward forward = resolveLoginForward(actionMapping, request); // If the action is stored on navigation path, we should return to it after re-login if (storePath(actionMapping, request)) { // Store the path on session, so that after logging in, the user will stay on this page String path = actionMapping.getPath(); final String queryString = request.getQueryString(); if (StringUtils.isNotEmpty(queryString)) { path += "?" + queryString; } session.setAttribute("returnTo", path); session.setAttribute("loggedOut", true); // Redirect to the login page final Map<String, Object> params = new HashMap<String, Object>(); if (path.contains("/operator/")) { params.put("operator", true); } forward = ActionHelper.redirectWithParams(request, forward, params); } return forward; } catch (final AccessDeniedException e) { if (session != null) { session.invalidate(); } return ActionHelper.sendError(actionMapping, request, response, "error.accessDenied"); } catch (final Exception e) { CurrentTransactionData.setError(e); actionHelper.generateLog(request, getServlet().getServletContext(), e); LOG.error("Application error on " + getClass().getName(), e); return ActionHelper.sendError(actionMapping, request, response, null); } // Check if the member shall accept a registration agreement or change the expired password before proceeding if (session != null) { String forwardName = null; if (Boolean.TRUE.equals(session.getAttribute("shallAcceptRegistrationAgreement"))) { // AcceptRegistrationAgreementAction is a BasePublicFormAction, not BaseAction, so, we don't need to check if this is not that action forwardName = RequestHelper.isPosWeb(request) ? "poswebAcceptRegistrationAgreement" : "acceptRegistrationAgreement"; } else if (Boolean.TRUE.equals(session.getAttribute("expiredPassword")) && !(this instanceof ChangeExpiredPasswordAction)) { // Only redirect to change expired password if this is not that action if (RequestHelper.isPosWeb(request)) { forwardName = "poswebChangeExpiredPassword"; } else { return actionHelper.getForwardFor(LoggedUser.element().getNature(), "changeExpiredPassword", true); } } if (forwardName != null) { return actionMapping.findForward(forwardName); } } // Perform special actions when the request is coming from menu if (RequestHelper.isFromMenu(request)) { request.setAttribute("fromMenu", true); } // Create an action context final ActionContext context = new ActionContext(actionMapping, actionForm, request, response, user, messageHelper); request.setAttribute("formAction", actionMapping.getPath()); try { // checks access to the action actionAccessMonitor.requestAccess(context); // Store the navigation data final Navigation navigation = context.getNavigation(); if (storePath(actionMapping, request)) { navigation.setLastAction(actionMapping); navigation.store(context); } // Process the action final ActionForward forward = executeAction(context); return forward; } catch (final PermissionDeniedException e) { CurrentTransactionData.setError(e); final boolean userBlocked = accessService.notifyPermissionDeniedException(); if (userBlocked) { request.getSession(false).invalidate(); return ActionHelper.sendError(actionMapping, request, response, "login.error.blocked"); } else { return ActionHelper.sendError(actionMapping, request, response, "error.permissionDenied"); } } catch (final QueryParseException e) { CurrentTransactionData.setError(e); return ActionHelper.sendError(actionMapping, request, response, "error.queryParse"); } catch (final ImageHelper.UnknownImageTypeException e) { CurrentTransactionData.setError(e); final String recognizedTypes = StringUtils.join(ImageType.values(), ", "); return ActionHelper.sendError(actionMapping, request, response, "error.unknownImageType", recognizedTypes); } catch (final ImageException e) { CurrentTransactionData.setError(e); return ActionHelper.sendError(actionMapping, request, response, e.getKey()); } catch (final ValidationException e) { CurrentTransactionData.setError(e); return ActionHelper.handleValidationException(actionMapping, request, response, e); } catch (final EntityNotFoundException e) { // An entity not found is handled as a validation exception return ActionHelper.handleValidationException(actionMapping, request, response, new ValidationException()); } catch (final ExternalException e) { CurrentTransactionData.setError(e); return ActionHelper.sendErrorWithMessage(actionMapping, request, response, e.getMessage()); } catch (final Exception e) { CurrentTransactionData.setError(e); actionHelper.generateLog(request, getServlet().getServletContext(), e); LOG.error("Application error on " + getClass().getName(), e); return ActionHelper.sendError(actionMapping, request, response, null); } } @Inject public final void setAccessService(final AccessService accessService) { this.accessService = accessService; } @Inject public void setActionAccessMonitor(final ActionAccessMonitor actionAccessMonitor) { this.actionAccessMonitor = actionAccessMonitor; } @Inject public final void setActionHelper(final ActionHelper actionHelper) { this.actionHelper = actionHelper; } @Inject public final void setElementService(final ElementService elementService) { this.elementService = elementService; } @Inject public final void setGroupService(final GroupService groupService) { this.groupService = groupService; } @Inject public final void setLoginHelper(final LoginHelper loginHelper) { this.loginHelper = loginHelper; } @Inject public final void setMessageHelper(final MessageHelper messageHelper) { this.messageHelper = messageHelper; } @Inject public final void setPermissionService(final PermissionService permissionService) { this.permissionService = permissionService; } @Inject public final void setSettingsService(final SettingsService settingsService) { this.settingsService = settingsService; } /** * This method must be implemented to perform the action itself */ protected abstract ActionForward executeAction(ActionContext context) throws Exception; /** * Returns a forward to the login page. Will be invoked when the member was disconnected. */ protected ActionForward resolveLoginForward(final ActionMapping actionMapping, final HttpServletRequest request) { return actionMapping.findForward("login"); } /** * Should be overriden by subclasses to return false on actions that are not stored on navigation path. By default, returns true when the current * request is a GET and the action has an input page. */ protected boolean storePath(final ActionMapping actionMapping, final HttpServletRequest request) { final String path = actionMapping.getPath(); return RequestHelper.isGet(request) && StringUtils.isNotEmpty(actionMapping.getInput()) && (path.contains("admin/") || path.contains("member/") || path.contains("operator/")); } /** * Validate the user access, returning the logged user */ protected User validate(final HttpServletRequest request, final HttpServletResponse response, final ActionMapping actionMapping) throws Exception { final User user = loginHelper.validateLoggedUser(request); // Ensure the logged user is not accessing another user's type url's List<String> pathShouldNotInclude; if (user instanceof AdminUser) { pathShouldNotInclude = Arrays.asList("/member/", "/operator/"); } else if (user instanceof MemberUser) { pathShouldNotInclude = Arrays.asList("/admin/", "/operator/"); } else if (user instanceof OperatorUser) { pathShouldNotInclude = Arrays.asList("/member/", "/admin/"); } else { throw new AccessDeniedException(); } final String path = actionMapping.getPath(); for (final String current : pathShouldNotInclude) { if (path.contains(current)) { throw new AccessDeniedException(); } } return user; } }