org.akaza.openclinica.control.core.SecureController.java Source code

Java tutorial

Introduction

Here is the source code for org.akaza.openclinica.control.core.SecureController.java

Source

/*
 * OpenClinica is distributed under the
 * GNU Lesser General Public License (GNU LGPL).
    
 * For details see: http://www.openclinica.org/license
 * copyright 2003-2005 Akaza Research
 */

package org.akaza.openclinica.control.core;

import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Properties;
import java.util.ResourceBundle;
import java.util.StringTokenizer;

import javax.mail.MessagingException;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.SingleThreadModel;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.sql.DataSource;

import org.akaza.openclinica.bean.admin.CRFBean;
import org.akaza.openclinica.bean.core.DiscrepancyNoteType;
import org.akaza.openclinica.bean.core.Role;
import org.akaza.openclinica.bean.core.Status;
import org.akaza.openclinica.bean.core.Utils;
import org.akaza.openclinica.bean.extract.ArchivedDatasetFileBean;
import org.akaza.openclinica.bean.login.StudyUserRoleBean;
import org.akaza.openclinica.bean.login.UserAccountBean;
import org.akaza.openclinica.bean.managestudy.DiscrepancyNoteBean;
import org.akaza.openclinica.bean.managestudy.StudyBean;
import org.akaza.openclinica.bean.managestudy.StudyEventBean;
import org.akaza.openclinica.bean.managestudy.StudyEventDefinitionBean;
import org.akaza.openclinica.bean.managestudy.StudyGroupClassBean;
import org.akaza.openclinica.bean.managestudy.StudySubjectBean;
import org.akaza.openclinica.bean.submit.EventCRFBean;
import org.akaza.openclinica.bean.submit.ItemBean;
import org.akaza.openclinica.bean.submit.ItemDataBean;
import org.akaza.openclinica.control.SpringServletAccess;
import org.akaza.openclinica.core.CRFLocker;
import org.akaza.openclinica.core.EmailEngine;
import org.akaza.openclinica.core.SessionManager;
import org.akaza.openclinica.core.form.StringUtil;
import org.akaza.openclinica.dao.admin.CRFDAO;
import org.akaza.openclinica.dao.core.AuditableEntityDAO;
import org.akaza.openclinica.dao.core.CoreResources;
import org.akaza.openclinica.dao.extract.ArchivedDatasetFileDAO;
import org.akaza.openclinica.dao.hibernate.UserAccountDao;
import org.akaza.openclinica.dao.login.UserAccountDAO;
import org.akaza.openclinica.dao.managestudy.StudyDAO;
import org.akaza.openclinica.dao.managestudy.StudyEventDAO;
import org.akaza.openclinica.dao.managestudy.StudyEventDefinitionDAO;
import org.akaza.openclinica.dao.managestudy.StudyGroupClassDAO;
import org.akaza.openclinica.dao.managestudy.StudyGroupDAO;
import org.akaza.openclinica.dao.managestudy.StudySubjectDAO;
import org.akaza.openclinica.dao.service.StudyConfigService;
import org.akaza.openclinica.dao.service.StudyParameterValueDAO;
import org.akaza.openclinica.dao.submit.EventCRFDAO;
import org.akaza.openclinica.dao.submit.ItemDAO;
import org.akaza.openclinica.dao.submit.ItemDataDAO;
import org.akaza.openclinica.exception.OpenClinicaException;
import org.akaza.openclinica.i18n.core.LocaleResolver;
import org.akaza.openclinica.i18n.util.I18nFormatUtil;
import org.akaza.openclinica.i18n.util.ResourceBundleProvider;
import org.akaza.openclinica.service.pmanage.Authorization;
import org.akaza.openclinica.service.pmanage.ParticipantPortalRegistrar;
import org.akaza.openclinica.view.BreadcrumbTrail;
import org.akaza.openclinica.view.Page;
import org.akaza.openclinica.view.StudyInfoPanel;
import org.akaza.openclinica.view.StudyInfoPanelLine;
import org.akaza.openclinica.web.InconsistentStateException;
import org.akaza.openclinica.web.InsufficientPermissionException;
import org.akaza.openclinica.web.SQLInitServlet;
import org.akaza.openclinica.web.bean.EntityBeanTable;
import org.apache.commons.lang.StringUtils;
import org.quartz.JobKey;
import org.quartz.SchedulerException;
import org.quartz.Trigger;
import org.quartz.TriggerKey;
import org.quartz.impl.StdScheduler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.mail.MailException;
import org.springframework.mail.javamail.JavaMailSenderImpl;
import org.springframework.mail.javamail.MimeMessageHelper;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

/**
 * This class enhances the Controller in several ways.
 *
 * <ol>
 * <li>The method mayProceed, for which the class is named, is declared abstract and is called before processRequest.
 * This
 * method indicates whether the user may proceed with the action he wishes to perform (as indicated by various
 * attributes or
 * parameters in request or session). Note, howeveer, that the method has a void return, and throws
 * InsufficientPermissionException. The intention is that if the user may not proceed with his desired action, the
 * method
 * should throw an exception. InsufficientPermissionException will accept a Page object which indicates where the user
 * should
 * be redirected in order to be informed that he has insufficient permission, and the process method enforces this
 * redirection
 * by catching an InsufficientPermissionException object.
 *
 * <li>Four new members, session, request, response, and the UserAccountBean object ub have been declared protected, and
 * are
 * set in the process method. This allows developers to avoid passing these objects between methods, and moreover it
 * accurately encodes the fact that these objects represent the state of the servlet.
 *
 * <br/>
 * In particular, please note that it is no longer necessary to generate a bean for the session manager, the current
 * user or
 * the current study.
 *
 * <li>The method processRequest has been declared abstract. This change is unlikely to affect most code, since by
 * custom
 * processRequest is declared in each subclass anyway.
 *
 * <li>The standard try-catch block within most processRequest methods has been included in the process method, which
 * calls
 * the processRequest method. Therefore, subclasses may throw an Exception in the processRequest method without having
 * to
 * handle it.
 *
 * <li>The addPageMessage method has been declared to streamline the process of setting page-level messages. The
 * accompanying
 * showPageMessages.jsp file in jsp/include/ automatically displays all of the page messages; the developer need only
 * include
 * this file in the jsp.
 *
 * <li>The addEntityList method makes it easy to add a Collection of EntityBeans to the request. Note that this method
 * should
 * only be used for Collections from which one EntityBean must be selected by the user. If the Collection is empty, this
 * method will throw an InconsistentStateException, taking the user to an error page and settting a page message
 * indicating
 * that the user may not proceed because no entities are present. Note that the error page and the error message must be
 * specified.
 * </ol>
 *
 * @author ssachs
 */
public abstract class SecureController extends HttpServlet implements SingleThreadModel {
    protected ServletContext context;
    protected SessionManager sm;
    // protected final Logger logger =
    // LoggerFactory.getLogger(getClass().getName());
    protected final Logger logger = LoggerFactory.getLogger(getClass().getName());
    protected String logDir;
    protected String logLevel;
    protected HttpSession session;
    protected HttpServletRequest request;
    protected HttpServletResponse response;
    protected UserAccountBean ub;
    protected StudyBean currentStudy;
    protected StudyBean currentPublicStudy;
    protected StudyUserRoleBean currentRole;
    protected HashMap errors = new HashMap();
    protected UserAccountDao userDaoDomain;
    private static String SCHEDULER = "schedulerFactoryBean";

    private StdScheduler scheduler;
    /**
     * local_df is set to the client locale in each request.
     */
    protected SimpleDateFormat local_df = new SimpleDateFormat("MM/dd/yyyy");
    public static ResourceBundle resadmin, resaudit, resexception, resformat, respage, resterm, restext, resword,
            resworkflow;

    protected StudyInfoPanel panel = new StudyInfoPanel();

    public static final String PAGE_MESSAGE = "pageMessages";// for showing
    // page
    // wide message

    public static final String INPUT_MESSAGES = "formMessages"; // for showing
    // input-specific
    // messages

    public static final String PRESET_VALUES = "presetValues"; // for setting
    // preset values

    public static final String ADMIN_SERVLET_CODE = "admin";

    public static final String BEAN_TABLE = "table";

    public static final String STUDY_INFO_PANEL = "panel"; // for setting the
    // side panel

    public static final String BREADCRUMB_TRAIL = "breadcrumbs";

    public static final String POP_UP_URL = "popUpURL";

    // public static String DATASET_HOME_DIR = "OpenClinica";

    // Use this variable as the key for the support url
    public static final String SUPPORT_URL = "supportURL";

    // Use this variable as the key for the walkme url
    public static final String WALKME_URL = "walkmeURL";

    // Use this variable as the key for the piwik url
    public static final String PIWIK_URL = "piwikURL";

    public static final String MODULE = "module";// to determine which module

    private CRFLocker crfLocker;
    private final String COMMON = "common";

    // user is in

    // for setting the breadcrumb trail
    // protected HashMap errors = new HashMap();//error messages on the page

    protected void addPageMessage(String message) {
        ArrayList pageMessages = (ArrayList) request.getAttribute(PAGE_MESSAGE);

        if (pageMessages == null) {
            pageMessages = new ArrayList();
        }

        pageMessages.add(message);
        logger.debug(message);
        request.setAttribute(PAGE_MESSAGE, pageMessages);
    }

    protected void resetPanel() {
        panel.reset();
    }

    protected void setToPanel(String title, String info) {
        if (panel.isOrderedData()) {
            ArrayList data = panel.getUserOrderedData();
            data.add(new StudyInfoPanelLine(title, info));
            panel.setUserOrderedData(data);
        } else {
            panel.setData(title, info);
        }
        request.setAttribute(STUDY_INFO_PANEL, panel);
    }

    protected void setInputMessages(HashMap messages) {
        request.setAttribute(INPUT_MESSAGES, messages);
    }

    protected void setPresetValues(HashMap presetValues) {
        request.setAttribute(PRESET_VALUES, presetValues);
    }

    protected void setTable(EntityBeanTable table) {
        request.setAttribute(BEAN_TABLE, table);
    }

    @Override
    public void init() throws ServletException {
        context = getServletContext();
        crfLocker = SpringServletAccess.getApplicationContext(context).getBean(CRFLocker.class);
    }

    /**
     * Process request
     *
     * @throws Exception
     */
    protected abstract void processRequest() throws Exception;

    protected abstract void mayProceed() throws InsufficientPermissionException;

    public static final String USER_BEAN_NAME = "userBean";

    public void passwdTimeOut() {
        Date lastChangeDate = ub.getPasswdTimestamp();
        if (!ub.isLdapUser() && lastChangeDate == null) {
            // @pgawade 18-Sep-2012: fix for issue #14506
            // (https://issuetracker.openclinica.com/view.php?id=14506#c58197)
            // addPageMessage(respage.getString("welcome") + " " + ub.getFirstName() + " " + ub.getLastName() + ". " +
            // respage.getString("password_set"));
            // + "<a href=\"UpdateProfile\">" + respage.getString("user_profile") + " </a>");
            int pwdChangeRequired = new Integer(SQLInitServlet.getField("change_passwd_required")).intValue();
            /*
             * if (pwdChangeRequired == 1) {
             * addPageMessage(respage.getString("welcome") + " " + ub.getFirstName() + " " + ub.getLastName() + ". " +
             * respage.getString("password_set"));
             * request.setAttribute("mustChangePass", "yes");
             * forwardPage(Page.RESET_PASSWORD);
             * }
             */
        }
    }

    private void pingJobServer(HttpServletRequest request) {
        String jobName = (String) request.getSession().getAttribute("jobName");
        String groupName = (String) request.getSession().getAttribute("groupName");
        Integer datasetId = (Integer) request.getSession().getAttribute("datasetId");
        try {
            if (jobName != null && groupName != null) {

                Trigger.TriggerState triggerState = getScheduler(request)
                        .getTriggerState(new TriggerKey(jobName, groupName));
                org.quartz.JobDetail details = getScheduler(request).getJobDetail(new JobKey(jobName, groupName));
                List contexts = getScheduler(request).getCurrentlyExecutingJobs();
                // will we get the above, even if its completed running?
                // ProcessingResultType message = null;
                // for (int i = 0; i < contexts.size(); i++) {
                // org.quartz.JobExecutionContext context = (org.quartz.JobExecutionContext) contexts.get(i);
                // if (context.getJobDetail().getName().equals(jobName) &&
                // context.getJobDetail().getGroup().equals(groupName)) {
                // message = (ProcessingResultType) context.getResult();
                // System.out.println("found message " + message.getDescription());
                // }
                // }
                // ProcessingResultType message = (ProcessingResultType) details.getResult();
                org.quartz.JobDataMap dataMap = details.getJobDataMap();
                String failMessage = dataMap.getString("failMessage");
                if (triggerState == Trigger.TriggerState.NONE || triggerState == Trigger.TriggerState.COMPLETE) {
                    // add the message here that your export is done
                    // TODO make absolute paths in the message, for example a link from /pages/* would break
                    // TODO i18n
                    if (failMessage != null) {
                        // The extract data job failed with the message:
                        // ERROR: relation "demographics" already exists
                        // More information may be available in the log files.
                        addPageMessage("The extract data job failed with the message: <br/><br/>" + failMessage
                                + "<br/><br/>More information may be available in the log files.");
                        request.getSession().removeAttribute("jobName");
                        request.getSession().removeAttribute("groupName");
                        request.getSession().removeAttribute("datasetId");
                    } else {
                        String successMsg = dataMap.getString("SUCCESS_MESSAGE");
                        String success = dataMap.getString("successMsg");
                        if (success != null) {

                            if (successMsg.contains("$linkURL")) {
                                successMsg = decodeLINKURL(successMsg, datasetId);
                            }

                            if (successMsg != null && !successMsg.isEmpty()) {
                                addPageMessage(successMsg);
                            } else {
                                addPageMessage(
                                        "Your Extract is now completed. Please go to review them at <a href='ExportDataset?datasetId="
                                                + datasetId + "'> Here </a>.");
                            }
                            request.getSession().removeAttribute("jobName");
                            request.getSession().removeAttribute("groupName");
                            request.getSession().removeAttribute("datasetId");
                        }
                    }

                } else {

                }
            }
        } catch (SchedulerException se) {
            se.printStackTrace();
        }

    }

    private String decodeLINKURL(String successMsg, Integer datasetId) {

        ArchivedDatasetFileDAO asdfDAO = new ArchivedDatasetFileDAO(sm.getDataSource());

        ArrayList<ArchivedDatasetFileBean> fileBeans = asdfDAO.findByDatasetId(datasetId);

        successMsg = successMsg.replace("$linkURL", "<a href=\"" + CoreResources.getField("sysURL.base")
                + "AccessFile?fileId=" + fileBeans.get(0).getId() + "\">here </a>");

        return successMsg;
    }

    private StdScheduler getScheduler(HttpServletRequest request) {
        scheduler = this.scheduler != null ? scheduler
                : (StdScheduler) SpringServletAccess.getApplicationContext(request.getSession().getServletContext())
                        .getBean(SCHEDULER);
        return scheduler;
    }

    private void process(HttpServletRequest request, HttpServletResponse response)
            throws OpenClinicaException, UnsupportedEncodingException {
        request.setCharacterEncoding("UTF-8");
        session = request.getSession();
        // BWP >> 1/8/2008
        try {
            // YW 10-03-2007 <<
            session.setMaxInactiveInterval(Integer.parseInt(SQLInitServlet.getField("max_inactive_interval")));
            String smURL = CoreResources.getField("smURL");
            if (StringUtils.isNotEmpty(smURL)) {

                int index = smURL.indexOf("//");
                String protocol = smURL.substring(0, index) + "//";
                String subDomain = smURL.substring(smURL.indexOf("//") + 2, smURL.indexOf("/", protocol.length()));
                String crossStorageURL = protocol + subDomain + "/hub/hub.html";
                session.setAttribute("crossStorageURL", crossStorageURL);
            }
            // YW >>
        } catch (NumberFormatException nfe) {
            // BWP>>3600 is the datainfo.properties maxInactiveInterval on
            // 1/8/2008
            session.setMaxInactiveInterval(3600);
        }

        // If the session already has a value with key SUPPORT_URL don't reset
        if (session.getAttribute(SUPPORT_URL) == null) {
            session.setAttribute(SUPPORT_URL, SQLInitServlet.getSupportURL());
        }

        // If the session already has a value with key WALKME_URL don't reset
        if (session.getAttribute(WALKME_URL) == null) {
            session.setAttribute(WALKME_URL, CoreResources.getField("walkme.url"));
        }

        // If the session already has a value with key PIWIK_URL don't reset
        if (session.getAttribute(PIWIK_URL) == null) {
            session.setAttribute(PIWIK_URL, CoreResources.getField("piwik.url"));
        }

        ub = (UserAccountBean) session.getAttribute(USER_BEAN_NAME);
        currentStudy = (StudyBean) session.getAttribute("study");
        currentPublicStudy = (StudyBean) session.getAttribute("publicStudy");
        currentRole = (StudyUserRoleBean) session.getAttribute("userRole");

        // Set current language preferences
        Locale locale = LocaleResolver.getLocale(request);
        ResourceBundleProvider.updateLocale(locale);
        resadmin = ResourceBundleProvider.getAdminBundle(locale);
        resaudit = ResourceBundleProvider.getAuditEventsBundle(locale);
        resexception = ResourceBundleProvider.getExceptionsBundle(locale);
        resformat = ResourceBundleProvider.getFormatBundle(locale);
        restext = ResourceBundleProvider.getTextsBundle(locale);
        resterm = ResourceBundleProvider.getTermsBundle(locale);
        resword = ResourceBundleProvider.getWordsBundle(locale);
        respage = ResourceBundleProvider.getPageMessagesBundle(locale);
        resworkflow = ResourceBundleProvider.getWorkflowBundle(locale);

        local_df = I18nFormatUtil.getDateFormat(locale);

        try {
            String userName = request.getRemoteUser();
            // BWP 1/8/08<< the sm variable may already be set with a mock
            // object,
            // from the perspective of
            // JUnit servlets tests
            /*
             * if(sm==null && (!StringUtil.isBlank(userName))) {//check if user logged in, then create a new
             * sessionmanger to
             * get ub //create a new sm in order to get a new ub object sm = new SessionManager(ub, userName); }
             */
            // BWP 01/08 >>
            // sm = new SessionManager(ub, userName);
            sm = new SessionManager(ub, userName, SpringServletAccess.getApplicationContext(context));
            if (ub == null || StringUtils.isEmpty(ub.getName())) {
                UserAccountDAO uDAO = new UserAccountDAO(sm.getDataSource());
                ub = (UserAccountBean) uDAO.findByEmail(userName);
                session.setAttribute("userBean", ub);
            }
            request.setAttribute("userBean", ub);
            StudyDAO sdao = new StudyDAO(sm.getDataSource());
            if (currentPublicStudy == null || currentPublicStudy.getId() <= 0) {
                UserAccountDAO uDAO = new UserAccountDAO(sm.getDataSource());
                ub = (UserAccountBean) uDAO.findByUserName(ub.getName());
                session.setAttribute(USER_BEAN_NAME, ub);
                if (ub.getId() > 0 && ub.getActiveStudyId() > 0) {
                    CoreResources.setRequestSchema(request, "public");
                    StudyParameterValueDAO spvdao = new StudyParameterValueDAO(sm.getDataSource());
                    currentPublicStudy = (StudyBean) sdao.findByPK(ub.getActiveStudyId());

                    ArrayList studyParameters = spvdao.findParamConfigByStudy(currentPublicStudy);

                    currentPublicStudy.setStudyParameters(studyParameters);

                    // set up the panel here, tbh
                    panel.reset();
                    /*
                     * panel.setData("Study", currentPublicStudy.getName()); panel.setData("Summary",
                     * currentPublicStudy.getSummary());
                     * panel.setData("Start Date", sdf.format(currentPublicStudy.getDatePlannedStart()));
                     * panel.setData("End Date",
                     * sdf.format(currentPublicStudy.getDatePlannedEnd())); panel.setData("Principal Investigator",
                     * currentPublicStudy.getPrincipalInvestigator());
                     */
                    session.setAttribute(STUDY_INFO_PANEL, panel);
                } else {
                    currentPublicStudy = new StudyBean();
                }
                session.setAttribute("publicStudy", currentPublicStudy);
                request.setAttribute("requestSchema", currentPublicStudy.getSchemaName());
                currentStudy = (StudyBean) sdao.findByUniqueIdentifier(currentPublicStudy.getIdentifier());
                if (currentStudy != null) {
                    currentStudy.setParentStudyName(currentPublicStudy.getParentStudyName());
                    StudyConfigService scs = new StudyConfigService(sm.getDataSource());
                    if (currentStudy.getParentStudyId() <= 0) {// top study
                        scs.setParametersForStudy(currentStudy);

                    } else {
                        // YW <<
                        currentStudy.setParentStudyName(
                                ((StudyBean) sdao.findByPK(currentStudy.getParentStudyId())).getName());
                        // YW >>
                        scs.setParametersForSite(currentStudy);
                    }
                }
                request.setAttribute("requestSchema", "public");
                session.setAttribute("study", currentStudy);
            } else if (currentPublicStudy.getId() > 0) {
                // YW 06-20-2007<< set site's parentstudy name when site is
                // restored
                if (currentPublicStudy.getParentStudyId() > 0) {
                    currentPublicStudy.setParentStudyName(
                            ((StudyBean) sdao.findByPK(currentPublicStudy.getParentStudyId())).getName());
                    request.setAttribute("requestSchema", currentPublicStudy.getSchemaName());
                    currentStudy.setParentStudyName(
                            ((StudyBean) sdao.findByPK(currentStudy.getParentStudyId())).getName());
                    request.setAttribute("requestSchema", "public");
                }
                // YW >>
            }

            if (currentPublicStudy.getParentStudyId() > 0) {
                /*
                 * The Role decription will be set depending on whether the user logged in at study lever or site level.
                 * issue-2422
                 */
                List roles = Role.toArrayList();
                for (Iterator it = roles.iterator(); it.hasNext();) {
                    Role role = (Role) it.next();
                    switch (role.getId()) {
                    case 2:
                        role.setDescription("site_Study_Coordinator");
                        break;
                    case 3:
                        role.setDescription("site_Study_Director");
                        break;
                    case 4:
                        role.setDescription("site_investigator");
                        break;
                    case 5:
                        role.setDescription("site_Data_Entry_Person");
                        break;
                    case 6:
                        role.setDescription("site_monitor");
                        break;
                    case 7:
                        role.setDescription("site_Data_Entry_Person2");
                        break;
                    default:
                        // logger.info("No role matched when setting role description");
                    }
                }
            } else {
                /*
                 * If the current study is a site, we will change the role description. issue-2422
                 */
                List roles = Role.toArrayList();
                for (Iterator it = roles.iterator(); it.hasNext();) {
                    Role role = (Role) it.next();
                    switch (role.getId()) {
                    case 2:
                        role.setDescription("Study_Coordinator");
                        break;
                    case 3:
                        role.setDescription("Study_Director");
                        break;
                    case 4:
                        role.setDescription("Investigator");
                        break;
                    case 5:
                        role.setDescription("Data_Entry_Person");
                        break;
                    case 6:
                        role.setDescription("Monitor");
                        break;
                    default:
                        // logger.info("No role matched when setting role description");
                    }
                }
            }

            if (currentRole == null || currentRole.getId() <= 0) {
                // if (ub.getId() > 0 && currentPublicStudy.getId() > 0) {
                // if current study has been "removed", current role will be
                // kept as "invalid" -- YW 06-21-2007
                if (ub.getId() > 0 && currentPublicStudy.getId() > 0
                        && !currentPublicStudy.getStatus().getName().equals("removed")) {
                    currentRole = ub.getRoleByStudy(currentPublicStudy.getId());
                    if (currentPublicStudy.getParentStudyId() > 0) {
                        // Checking if currentPublicStudy has been removed or not will
                        // ge good enough -- YW 10-17-2007
                        StudyUserRoleBean roleInParent = ub.getRoleByStudy(currentPublicStudy.getParentStudyId());
                        // inherited role from parent study, pick the higher
                        // role
                        currentRole.setRole(Role.max(currentRole.getRole(), roleInParent.getRole()));
                    }
                    // logger.info("currentRole:" + currentRole.getRoleName());
                } else {
                    currentRole = new StudyUserRoleBean();
                }
                session.setAttribute("userRole", currentRole);
            }
            // YW << For the case that current role is not "invalid" but current
            // active study has been removed.
            else if (currentRole.getId() > 0 && (currentPublicStudy.getStatus().equals(Status.DELETED)
                    || currentPublicStudy.getStatus().equals(Status.AUTO_DELETED))) {
                currentRole.setRole(Role.INVALID);
                currentRole.setStatus(Status.DELETED);
                session.setAttribute("userRole", currentRole);
            }
            // YW 06-19-2007 >>

            request.setAttribute("isAdminServlet", getAdminServlet());

            this.request = request;
            this.response = response;

            // java.util.Enumeration en_session = session.getAttributeNames();
            // java.util.Enumeration en_request = request.getAttributeNames();
            //
            // // logging added to find problems with adding subjects, tbh
            // 102007
            // String ss_names = "session names: ";
            // while (en_session.hasMoreElements()) {
            // ss_names += " - " + en_session.nextElement();
            // }
            // logger.info(ss_names);
            //
            // // also added tbh, 102007
            // String rq_names = "request names: ";
            // while (en_request.hasMoreElements()) {
            // rq_names += " - " + en_request.nextElement();
            // }
            // logger.info(rq_names);
            if (!request.getRequestURI().endsWith("ResetPassword")) {
                passwdTimeOut();
            }
            request.setAttribute("requestSchema", getRequestSchema(request));
            mayProceed();
            // pingJobServer(request);
            processRequest();
        } catch (InconsistentStateException ise) {
            ise.printStackTrace();
            logger.warn("InconsistentStateException: org.akaza.openclinica.control.SecureController: "
                    + ise.getMessage());

            addPageMessage(ise.getOpenClinicaMessage());
            forwardPage(ise.getGoTo());
        } catch (InsufficientPermissionException ipe) {
            ipe.printStackTrace();
            logger.warn("InsufficientPermissionException: org.akaza.openclinica.control.SecureController: "
                    + ipe.getMessage());

            // addPageMessage(ipe.getOpenClinicaMessage());
            forwardPage(ipe.getGoTo());
        } catch (OutOfMemoryError ome) {
            ome.printStackTrace();
            long heapSize = Runtime.getRuntime().totalMemory();
            session.setAttribute("ome", "yes");
        } catch (Exception e) {
            e.printStackTrace();
            logger.error(SecureController.getStackTrace(e));

            forwardPage(Page.ERROR);
        }
    }

    public String getRequestSchema(HttpServletRequest request) {
        switch (StringUtils.substringAfterLast(request.getRequestURI(), "/")) {
        case "ChangeStudy":
        case "DeleteStudyUserRole":
        case "DeleteUser":
        case "ListStudyUser":
        case "ViewUserAccount":
        case "ListUserAccounts":
        case "CreateUserAccount":
        case "SetUserRole":
        case "ListStudy":
        case "AuditUserActivity":
        case "EditStudyUserRole":
        case "SignStudySubject":
            return "public";
        default:
            return currentPublicStudy.getSchemaName();
        }
    }

    public static String getStackTrace(Throwable t) {
        StringWriter sw = new StringWriter();
        PrintWriter pw = new PrintWriter(sw, true);
        t.printStackTrace(pw);
        pw.flush();
        sw.flush();
        return sw.toString();
    }

    /**
     * Handles the HTTP <code>GET</code> method.
     *
     * @param request
     * @param response
     * @throws ServletException
     * @throws java.io.IOException
     */
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, java.io.IOException {
        try {
            logger.debug("Request");
            process(request, response);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /**
     * Handles the HTTP <code>POST</code> method.
     *
     * @param request
     *            servlet request
     * @param response
     *            servlet response
     */
    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, java.io.IOException {
        try {
            logger.debug("Post");
            process(request, response);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /**
     * <P>
     * Forwards to a jsp page. Additions to the forwardPage() method involve checking the session for the bread crumb
     * trail
     * and setting it, if necessary. Setting it here allows the developer to only have to update the
     * <code>BreadcrumbTrail</code> class.
     *
     * @param jspPage
     *            The page to go to.
     * @param checkTrail
     *            The command to check for, and set a trail in the session.
     */
    protected void forwardPage(Page jspPage, boolean checkTrail) {
        Page page1 = Page.valueOf(jspPage.name());
        String temp;

        // YW 10-03-2007 <<
        response.setHeader("Cache-Control", "no-cache");
        response.setHeader("Pragma", "no-cache");
        response.setDateHeader("Expires", -1);
        response.setHeader("Cache-Control", "no-store");
        // YW >>

        // to load all available event based on currentStudy for Task > Add Subject
        request.setAttribute("requestSchema", currentPublicStudy.getSchemaName());
        request.setAttribute("allDefsArray", this.getEventDefinitionsByCurrentStudy());
        try {
            String paramsString = Utils.getParamsString(request.getParameterMap());

            request.setAttribute("currentPageUrl",
                    URLEncoder.encode(request.getRequestURL().toString() + "?" + paramsString, "UTF-8"));
        } catch (UnsupportedEncodingException e) {
            logger.error("Error getting parameters:" + e);
        }

        if (request.getAttribute(POP_UP_URL) == null) {
            request.setAttribute(POP_UP_URL, "");
        }

        try {
            // Added 01/19/2005 for breadcrumbs, tbh
            if (checkTrail) {
                BreadcrumbTrail bt = new BreadcrumbTrail();
                if (session != null) {// added bu jxu, fixed bug for log out
                    /*
                     * ArrayList trail = (ArrayList) session.getAttribute("trail");
                     * if (trail == null) {
                     * trail = bt.generateTrail(jspPage, request);
                     * } else {
                     * bt.setTrail(trail);
                     * trail = bt.generateTrail(jspPage, request);
                     * }
                     * session.setAttribute("trail", trail);
                     */
                    panel = (StudyInfoPanel) session.getAttribute(STUDY_INFO_PANEL);
                    if (panel == null) {
                        panel = new StudyInfoPanel();
                        panel.setData(jspPage, session, request);
                    } else {
                        panel.setData(jspPage, session, request);
                    }

                    session.setAttribute(STUDY_INFO_PANEL, panel);
                }
                // we are also using checkTrail to update the panel, tbh
                // 01/31/2005
            }

            temp = page1.getFileName();
            // above added 01/19/2005, tbh
            context.getRequestDispatcher(temp).forward(request, response);
        } catch (Exception se) {
            /*
             * if ("View Notes".equals(jspPage.getTitle())) {
             * String viewNotesURL = jspPage.getFileName();
             * if (viewNotesURL != null && viewNotesURL.contains("listNotes_p_=")) {
             * String[] ps = viewNotesURL.split("listNotes_p_=");
             * String t = ps[1].split("&")[0];
             * int p = t.length() > 0 ? Integer.valueOf(t).intValue() : -1;
             * if (p > 1) {
             * viewNotesURL = viewNotesURL.replace("listNotes_p_=" + p, "listNotes_p_=" + (p - 1));
             * //forwardPage(Page.setNewPage(viewNotesURL, "View Notes"));
             * try {
             * getServletContext().getRequestDispatcher(viewNotesURL).forward(request, response);
             * } catch (ServletException e) {
             * // TODO Auto-generated catch block
             * e.printStackTrace();
             * } catch (IOException e) {
             * // TODO Auto-generated catch block
             * e.printStackTrace();
             * }
             * } else if (p <= 0) {
             * forwardPage(Page.VIEW_DISCREPANCY_NOTES_IN_STUDY);
             * }
             * }
             * }
             */ logger.error(se.getMessage(), se);
        } finally {
            page1 = null;
            jspPage = null;
            temp = null;
        }
    }

    protected void forwardPage(Page jspPage) {
        this.forwardPage(jspPage, true);
    }

    /**
     * This method supports functionality of the type
     * "if a list of entities is empty, then jump to some page and display an error message." This prevents users from
     * seeing
     * empty drop-down lists and being given error messages when they can't choose an entity from the drop-down list.
     * Use,
     * e.g.:
     * <code>addEntityList("groups", allGroups, "There are no groups to display, so you cannot add a subject to this Study.",
     * Page.SUBMIT_DATA)</code>
     *
     * @param beanName
     *            The name of the entity list as it should be stored in the request object.
     * @param list
     *            The Collection of entities.
     * @param messageIfEmpty
     *            The message to display if the collection is empty.
     * @param destinationIfEmpty
     *            The Page to go to if the collection is empty.
     * @throws InconsistentStateException
     */
    protected void addEntityList(String beanName, Collection list, String messageIfEmpty, Page destinationIfEmpty)
            throws InconsistentStateException {
        if (list.isEmpty()) {
            throw new InconsistentStateException(destinationIfEmpty, messageIfEmpty);
        }

        request.setAttribute(beanName, list);
    }

    /**
     * @return A blank String if this servlet is not an Administer System servlet. SecureController.ADMIN_SERVLET_CODE
     *         otherwise.
     */
    protected String getAdminServlet() {
        return "";
    }

    protected void setPopUpURL(String url) {
        if (url != null && request != null) {
            request.setAttribute(POP_UP_URL, url);
            request.setAttribute("hasPopUp", 1);
            logger.info("just set pop up url: " + url);

        }
    }

    /**
     * <p>
     * Check if an entity with passed entity id is included in studies of current user.
     * </p>
     *
     * <p>
     * Note: This method called AuditableEntityDAO.findByPKAndStudy which required
     * "The subclass must define findByPKAndStudyName before calling this
     * method. Otherwise an inactive AuditableEntityBean will be returned."
     * </p>
     * 
     * @author ywang 10-18-2007
     * @param entityId
     *            int
     * @param userName
     *            String
     * @param adao
     *            AuditableEntityDAO
     * @param ds
     *            javax.sql.DataSource
     */
    protected boolean entityIncluded(int entityId, String userName, AuditableEntityDAO adao, DataSource ds) {
        StudyDAO sdao = new StudyDAO(ds);
        ArrayList<StudyBean> studies = (ArrayList<StudyBean>) sdao.findAllByUserNotRemoved(userName);
        for (int i = 0; i < studies.size(); ++i) {
            StudyBean publicStudy = studies.get(i);
            CoreResources.setRequestSchema(request, publicStudy.getSchemaName());
            StudyBean study = sdao.findByOid(publicStudy.getOid());
            if (adao.findByPKAndStudy(entityId, study).getId() > 0) {
                return true;
            }
            // Here follow the current logic - study subjects at sites level are
            // visible to parent studies.
            if (study.getParentStudyId() <= 0) {
                ArrayList<StudyBean> sites = (ArrayList<StudyBean>) sdao.findAllByParent(study.getId());
                if (sites.size() > 0) {
                    for (int j = 0; j < sites.size(); ++j) {
                        if (adao.findByPKAndStudy(entityId, sites.get(j)).getId() > 0) {
                            return true;
                        }
                    }
                }
            }
        }

        return false;
    }

    public String getRequestURLMinusServletPath() {
        String requestURLMinusServletPath = request.getRequestURL().toString().replaceAll(request.getServletPath(),
                "");
        return requestURLMinusServletPath;
    }

    public String getHostPath() {
        String requestURLMinusServletPath = getRequestURLMinusServletPath();
        return requestURLMinusServletPath.substring(0, requestURLMinusServletPath.lastIndexOf("/"));
    }

    public String getContextPath() {
        String contextPath = request.getContextPath().replaceAll("/", "");
        return contextPath;
    }

    /*
     * To check if the current study is LOCKED
     */
    public void checkStudyLocked(Page page, String message) {
        if (currentStudy.getStatus().equals(Status.LOCKED)) {
            addPageMessage(message);
            forwardPage(page);
        }
    }

    public void checkStudyLocked(String url, String message) {
        try {
            if (currentStudy.getStatus().equals(Status.LOCKED)) {
                addPageMessage(message);
                response.sendRedirect(url);
            }
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

    /*
     * To check if the current study is FROZEN
     */

    public void checkStudyFrozen(Page page, String message) {
        if (currentStudy.getStatus().equals(Status.FROZEN)) {
            addPageMessage(message);
            forwardPage(page);
        }
    }

    public void checkStudyFrozen(String url, String message) {
        try {
            if (currentStudy.getStatus().equals(Status.FROZEN)) {
                addPageMessage(message);
                response.sendRedirect(url);
            }
        } catch (Exception ex) {
            ex.printStackTrace();
        }

    }

    public ArrayList getEventDefinitionsByCurrentStudy() {
        StudyDAO studyDAO = new StudyDAO(sm.getDataSource());
        StudyEventDefinitionDAO studyEventDefinitionDAO = new StudyEventDefinitionDAO(sm.getDataSource());
        ArrayList<StudyEventDefinitionBean> tempList = new ArrayList();
        ArrayList<StudyEventDefinitionBean> allDefs = new ArrayList();
        if (currentStudy == null)
            return allDefs;
        int parentStudyId = currentStudy.getParentStudyId();
        if (parentStudyId > 0) {
            StudyBean parentStudy = (StudyBean) studyDAO.findByPK(parentStudyId);
            allDefs = studyEventDefinitionDAO.findAllActiveByStudy(parentStudy);
        } else {
            allDefs = studyEventDefinitionDAO.findAllActiveByStudy(currentStudy);
        }
        for (StudyEventDefinitionBean studyEventDefinition : allDefs) {
            if (!studyEventDefinition.getType().equals(COMMON)) {
                tempList.add(studyEventDefinition);
            }
        }

        return tempList;
    }

    public ArrayList getStudyGroupClassesByCurrentStudy() {
        StudyDAO studyDAO = new StudyDAO(sm.getDataSource());
        StudyGroupClassDAO studyGroupClassDAO = new StudyGroupClassDAO(sm.getDataSource());
        StudyGroupDAO studyGroupDAO = new StudyGroupDAO(sm.getDataSource());
        int parentStudyId = currentStudy.getParentStudyId();
        ArrayList studyGroupClasses = new ArrayList();
        if (parentStudyId > 0) {
            StudyBean parentStudy = (StudyBean) studyDAO.findByPK(parentStudyId);
            studyGroupClasses = studyGroupClassDAO.findAllActiveByStudy(parentStudy);
        } else {
            parentStudyId = currentStudy.getId();
            studyGroupClasses = studyGroupClassDAO.findAllActiveByStudy(currentPublicStudy);
        }

        for (int i = 0; i < studyGroupClasses.size(); i++) {
            StudyGroupClassBean sgc = (StudyGroupClassBean) studyGroupClasses.get(i);
            ArrayList groups = studyGroupDAO.findAllByGroupClass(sgc);
            sgc.setStudyGroups(groups);
        }

        return studyGroupClasses;

    }

    protected UserDetails getUserDetails() {
        Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        if (principal instanceof UserDetails) {
            return (UserDetails) principal;
        } else {
            return null;
        }
    }

    public Boolean sendEmail(String to, String subject, String body, Boolean htmlEmail, Boolean sendMessage)
            throws Exception {
        return sendEmail(to, EmailEngine.getAdminEmail(), subject, body, htmlEmail,
                respage.getString("your_message_sent_succesfully"),
                respage.getString("mail_cannot_be_sent_to_admin"), sendMessage);
    }

    public Boolean sendEmail(String to, String subject, String body, Boolean htmlEmail) throws Exception {
        return sendEmail(to, EmailEngine.getAdminEmail(), subject, body, htmlEmail,
                respage.getString("your_message_sent_succesfully"),
                respage.getString("mail_cannot_be_sent_to_admin"), true);
    }

    public Boolean sendEmail(String to, String from, String subject, String body, Boolean htmlEmail)
            throws Exception {
        return sendEmail(to, from, subject, body, htmlEmail, respage.getString("your_message_sent_succesfully"),
                respage.getString("mail_cannot_be_sent_to_admin"), true);
    }

    public Boolean sendEmail(String to, String from, String subject, String body, Boolean htmlEmail,
            String successMessage, String failMessage, Boolean sendMessage) throws Exception {
        Boolean messageSent = true;
        try {
            JavaMailSenderImpl mailSender = (JavaMailSenderImpl) SpringServletAccess.getApplicationContext(context)
                    .getBean("mailSender");
            // @pgawade 09-Feb-2012 #issue 13201 - setting the "mail.smtp.localhost" property to localhost when java API
            // is not able to
            // retrieve the host name
            Properties javaMailProperties = mailSender.getJavaMailProperties();
            if (null != javaMailProperties) {
                if (javaMailProperties.get("mail.smtp.localhost") == null
                        || ((String) javaMailProperties.get("mail.smtp.localhost")).equalsIgnoreCase("")) {
                    javaMailProperties.put("mail.smtp.localhost", "localhost");
                }
            }

            MimeMessage mimeMessage = mailSender.createMimeMessage();

            MimeMessageHelper helper = new MimeMessageHelper(mimeMessage, htmlEmail);
            helper.setFrom(from);
            helper.setTo(processMultipleImailAddresses(to.trim()));
            helper.setSubject(subject);
            helper.setText(body, true);

            mailSender.send(mimeMessage);
            if (successMessage != null && sendMessage) {
                addPageMessage(successMessage);
            }
            logger.debug("Email sent successfully on {}", new Date());
        } catch (MailException me) {
            me.printStackTrace();
            if (failMessage != null && sendMessage) {
                addPageMessage(failMessage);
            }
            logger.debug("Email could not be sent on {} due to: {}", new Date(), me.toString());
            messageSent = false;
        }
        return messageSent;
    }

    private InternetAddress[] processMultipleImailAddresses(String to) throws MessagingException {
        ArrayList<String> recipientsArray = new ArrayList<String>();
        StringTokenizer st = new StringTokenizer(to, ",");
        while (st.hasMoreTokens()) {
            recipientsArray.add(st.nextToken());
        }

        int sizeTo = recipientsArray.size();
        InternetAddress[] addressTo = new InternetAddress[sizeTo];
        for (int i = 0; i < sizeTo; i++) {
            addressTo[i] = new InternetAddress(recipientsArray.get(i).toString());
        }
        return addressTo;

    }

    public void dowloadFile(File f, String contentType) throws Exception {

        response.setHeader("Content-disposition", "attachment; filename=\"" + f.getName() + "\";");
        response.setContentType("text/xml");
        response.setHeader("Pragma", "public");

        ServletOutputStream op = response.getOutputStream();

        DataInputStream in = null;
        try {
            response.setContentType("text/xml");
            response.setHeader("Pragma", "public");
            response.setContentLength((int) f.length());

            byte[] bbuf = new byte[(int) f.length()];
            in = new DataInputStream(new FileInputStream(f));
            int length;
            while (in != null && (length = in.read(bbuf)) != -1) {
                op.write(bbuf, 0, length);
            }

            in.close();
            op.flush();
            op.close();
        } catch (Exception ee) {
            ee.printStackTrace();
        } finally {
            if (in != null) {
                in.close();
            }
            if (op != null) {
                op.close();
            }
        }
    }

    public String getPageServletFileName() {
        String fileName = request.getServletPath();
        String temp = request.getPathInfo();
        if (temp != null) {
            fileName += temp;
        }
        temp = request.getQueryString();
        if (temp != null && temp.length() > 0) {
            fileName += "?" + temp;
        }
        return fileName;
    }

    public String getPageURL() {
        String url = request.getRequestURL().toString();
        String query = request.getQueryString();
        if (url != null && url.length() > 0 && query != null) {
            url += "?" + query;
        }
        return url;
    }

    public DiscrepancyNoteBean getNoteInfo(DiscrepancyNoteBean note) {
        StudySubjectDAO ssdao = new StudySubjectDAO(sm.getDataSource());
        if ("itemData".equalsIgnoreCase(note.getEntityType())) {
            int itemDataId = note.getEntityId();
            ItemDataDAO iddao = new ItemDataDAO(sm.getDataSource());
            ItemDataBean itemData = (ItemDataBean) iddao.findByPK(itemDataId);
            ItemDAO idao = new ItemDAO(sm.getDataSource());
            if (StringUtil.isBlank(note.getEntityName())) {
                ItemBean item = (ItemBean) idao.findByPK(itemData.getItemId());
                note.setEntityName(item.getName());
                request.setAttribute("item", item);
            }
            EventCRFDAO ecdao = new EventCRFDAO(sm.getDataSource());
            StudyEventDAO svdao = new StudyEventDAO(sm.getDataSource());

            EventCRFBean ec = (EventCRFBean) ecdao.findByPK(itemData.getEventCRFId());
            StudyEventBean event = (StudyEventBean) svdao.findByPK(ec.getStudyEventId());

            StudyEventDefinitionDAO seddao = new StudyEventDefinitionDAO(sm.getDataSource());
            StudyEventDefinitionBean sed = (StudyEventDefinitionBean) seddao
                    .findByPK(event.getStudyEventDefinitionId());
            note.setEventName(sed.getName());
            if (event.getDateStarted() != null)
                note.setEventStart(event.getDateStarted());

            CRFDAO cdao = new CRFDAO(sm.getDataSource());
            CRFBean crf = cdao.findByVersionId(ec.getCRFVersionId());
            note.setCrfName(crf.getName());
            note.setEventCRFId(ec.getId());

            if (StringUtil.isBlank(note.getSubjectName())) {
                StudySubjectBean ss = (StudySubjectBean) ssdao.findByPK(ec.getStudySubjectId());
                note.setSubjectName(ss.getName());
            }

            if (note.getDiscrepancyNoteTypeId() == 0) {
                note.setDiscrepancyNoteTypeId(DiscrepancyNoteType.FAILEDVAL.getId());// default
                // value
            }

        } else if ("eventCrf".equalsIgnoreCase(note.getEntityType())) {
            int eventCRFId = note.getEntityId();
            EventCRFDAO ecdao = new EventCRFDAO(sm.getDataSource());
            StudyEventDAO svdao = new StudyEventDAO(sm.getDataSource());

            EventCRFBean ec = (EventCRFBean) ecdao.findByPK(eventCRFId);
            StudyEventBean event = (StudyEventBean) svdao.findByPK(ec.getStudyEventId());

            StudyEventDefinitionDAO seddao = new StudyEventDefinitionDAO(sm.getDataSource());
            StudyEventDefinitionBean sed = (StudyEventDefinitionBean) seddao
                    .findByPK(event.getStudyEventDefinitionId());
            note.setEventName(sed.getName());
            note.setEventStart(event.getDateStarted());

            CRFDAO cdao = new CRFDAO(sm.getDataSource());
            CRFBean crf = cdao.findByVersionId(ec.getCRFVersionId());
            note.setCrfName(crf.getName());
            StudySubjectBean ss = (StudySubjectBean) ssdao.findByPK(ec.getStudySubjectId());
            note.setSubjectName(ss.getName());
            note.setEventCRFId(ec.getId());

        } else if ("studyEvent".equalsIgnoreCase(note.getEntityType())) {
            int eventId = note.getEntityId();
            StudyEventDAO svdao = new StudyEventDAO(sm.getDataSource());
            StudyEventBean event = (StudyEventBean) svdao.findByPK(eventId);

            StudyEventDefinitionDAO seddao = new StudyEventDefinitionDAO(sm.getDataSource());
            StudyEventDefinitionBean sed = (StudyEventDefinitionBean) seddao
                    .findByPK(event.getStudyEventDefinitionId());
            note.setEventName(sed.getName());
            note.setEventStart(event.getDateStarted());

            StudySubjectBean ss = (StudySubjectBean) ssdao.findByPK(event.getStudySubjectId());
            note.setSubjectName(ss.getName());

        } else if ("studySub".equalsIgnoreCase(note.getEntityType())) {
            int studySubjectId = note.getEntityId();
            StudySubjectBean ss = (StudySubjectBean) ssdao.findByPK(studySubjectId);
            note.setSubjectName(ss.getName());

        } else if ("Subject".equalsIgnoreCase(note.getEntityType())) {
            int subjectId = note.getEntityId();
            StudySubjectBean ss = ssdao.findBySubjectIdAndStudy(subjectId, currentPublicStudy);
            note.setSubjectName(ss.getName());
        }

        return note;
    }

    public void checkRoleByUserAndStudy(UserAccountBean ub, StudyBean tenantStudy, StudyDAO studyDAO) {
        StudyBean study = null;

        if (StringUtils.isNotEmpty(tenantStudy.getSchemaName()))
            study = tenantStudy;
        else
            study = studyDAO.getPublicStudy(tenantStudy.getOid());

        StudyUserRoleBean studyUserRole = ub.getRoleByStudy(study.getParentStudyId());
        StudyUserRoleBean siteUserRole = new StudyUserRoleBean();
        if (study.getId() != 0) {
            siteUserRole = ub.getRoleByStudy(study.getId());
        }
        if (studyUserRole.getRole().equals(Role.INVALID) && siteUserRole.getRole().equals(Role.INVALID)) {
            addPageMessage(respage.getString("no_have_correct_privilege_current_study") + " "
                    + respage.getString("change_active_study_or_contact"));
            forwardPage(Page.MENU_SERVLET);
            return;
        }
    }

    protected void baseUrl() throws MalformedURLException {
        String portalURL = CoreResources.getField("portalURL");
        URL pManageUrl = new URL(portalURL);

        ParticipantPortalRegistrar registrar = new ParticipantPortalRegistrar();
        Authorization pManageAuthorization = registrar.getAuthorization(currentStudy.getOid());
        String url = "";
        if (pManageAuthorization != null)
            url = pManageUrl.getProtocol() + "://" + pManageAuthorization.getStudy().getHost() + "."
                    + pManageUrl.getHost()
                    + ((pManageUrl.getPort() > 0) ? ":" + String.valueOf(pManageUrl.getPort()) : "");
        System.out.println("the url :  " + url);
        request.setAttribute("participantUrl", url + "/");

    }

    /**
     * A inner class designed to allow the implementation of a JUnit test case for abstract SecureController. The inner
     * class
     * allows the test case to call the outer class' private process() method.
     *
     * @author Bruce W. Perry 01/2008
     */
    public class SecureControllerTestDelegate {

        public SecureControllerTestDelegate() {
            super();
        }

        public void process(HttpServletRequest request, HttpServletResponse response)
                throws OpenClinicaException, UnsupportedEncodingException {
            SecureController.this.process(request, response);
        }
    }

    public CRFLocker getCrfLocker() {
        return crfLocker;
    }

}