Java tutorial
/* * Cerberus Copyright (C) 2013 vertigo17 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This file is part of Cerberus. * * Cerberus is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * Cerberus is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Cerberus. If not, see <http://www.gnu.org/licenses/>. */ package org.cerberus.servlet.crud.countryenvironment; import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.FileItemFactory; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.cerberus.crud.entity.Application; import org.cerberus.crud.entity.ApplicationObject; import org.cerberus.crud.entity.CountryEnvironmentParameters; import org.cerberus.crud.factory.IFactoryCountryEnvironmentParameters; import org.cerberus.crud.service.IApplicationObjectService; import org.cerberus.crud.service.IApplicationService; import org.cerberus.crud.service.ICountryEnvironmentParametersService; import org.cerberus.crud.service.ILogEventService; import org.cerberus.crud.service.impl.LogEventService; import org.cerberus.engine.entity.MessageEvent; import org.cerberus.enums.MessageEventEnum; import org.cerberus.exception.CerberusException; import org.cerberus.util.ParameterParserUtil; import org.cerberus.util.StringUtil; import org.cerberus.util.answer.Answer; import org.cerberus.util.answer.AnswerItem; import org.cerberus.util.answer.AnswerUtil; import org.cerberus.util.servlet.ServletUtil; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; import org.owasp.html.PolicyFactory; import org.owasp.html.Sanitizers; import org.springframework.context.ApplicationContext; import org.springframework.web.context.support.WebApplicationContextUtils; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.sql.Timestamp; import java.util.*; import java.util.logging.Level; import java.util.logging.Logger; /** * * @author bcivel */ @WebServlet(name = "UpdateApplicationObject", urlPatterns = { "/UpdateApplicationObject" }) public class UpdateApplicationObject extends HttpServlet { /** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> * methods. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException { JSONObject jsonResponse = new JSONObject(); ApplicationContext appContext = WebApplicationContextUtils .getWebApplicationContext(this.getServletContext()); Answer ans = new Answer(); MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED); msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", "")); ans.setResultMessage(msg); String charset = request.getCharacterEncoding(); response.setContentType("application/json"); // Calling Servlet Transversal Util. ServletUtil.servletStart(request); Map<String, String> fileData = new HashMap<String, String>(); FileItem file = null; FileItemFactory factory = new DiskFileItemFactory(); ServletFileUpload upload = new ServletFileUpload(factory); try { List<FileItem> fields = upload.parseRequest(request); Iterator<FileItem> it = fields.iterator(); if (!it.hasNext()) { return; } while (it.hasNext()) { FileItem fileItem = it.next(); boolean isFormField = fileItem.isFormField(); if (isFormField) { fileData.put(fileItem.getFieldName(), ParameterParserUtil .parseStringParamAndDecode(fileItem.getString("UTF-8"), null, charset)); } else { file = fileItem; } } } catch (FileUploadException e) { e.printStackTrace(); } /** * Parsing and securing all required parameters. */ // Parameter that are already controled by GUI (no need to decode) --> We SECURE them // Parameter that needs to be secured --> We SECURE+DECODE them String application = fileData.get("application"); String object = fileData.get("object"); String value = fileData.get("value"); String usrmodif = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getRemoteUser(), "", charset); String datemodif = new Timestamp(new java.util.Date().getTime()).toString(); // Parameter that we cannot secure as we need the html --> We DECODE them // Getting list of application from JSON Call // Prepare the final answer. MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK); Answer finalAnswer = new Answer(msg1); /** * Checking all constrains before calling the services. */ if (StringUtil.isNullOrEmpty(application)) { msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED); msg.setDescription( msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Update") .replace("%REASON%", "Application name (applicationobject) is missing.")); ans.setResultMessage(msg); } else if (StringUtil.isNullOrEmpty(object)) { msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED); msg.setDescription( msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Update") .replace("%REASON%", "Object name (applicationobject) is missing.")); ans.setResultMessage(msg); } else { /** * All data seems cleans so we can call the services. */ IApplicationObjectService applicationObjectService = appContext .getBean(IApplicationObjectService.class); AnswerItem resp = applicationObjectService.readByKey(application, object); if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) { /** * Object could not be found. We stop here and report the error. */ finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) resp); } else { /** * The service was able to perform the query and confirm the * object exist, then we can update it. */ ApplicationObject applicationData = (ApplicationObject) resp.getItem(); String fileName = applicationData.getScreenShotFileName(); if (file != null) { ans = applicationObjectService.uploadFile(applicationData.getID(), file); if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) { fileName = file.getName(); } } applicationData.setValue(value); applicationData.setScreenShotFileName(fileName); applicationData.setUsrModif(usrmodif); applicationData.setDateModif(datemodif); ans = applicationObjectService.update(applicationData); finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans); if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) { /** * Update was succesfull. Adding Log entry. */ ILogEventService logEventService = appContext.getBean(LogEventService.class); logEventService.createPrivateCalls("/UpdateApplication", "UPDATE", "Updated Application : ['" + application + "']", request); } finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans); } } /** * Formating and returning the json result. */ jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString()); jsonResponse.put("message", finalAnswer.getResultMessage().getDescription()); response.getWriter().print(jsonResponse); response.getWriter().flush(); } // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code."> /** * Handles the HTTP <code>GET</code> method. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { processRequest(request, response); } catch (CerberusException ex) { Logger.getLogger(UpdateApplicationObject.class.getName()).log(Level.SEVERE, null, ex); } catch (JSONException ex) { Logger.getLogger(UpdateApplicationObject.class.getName()).log(Level.SEVERE, null, ex); } } /** * Handles the HTTP <code>POST</code> method. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { processRequest(request, response); } catch (CerberusException ex) { Logger.getLogger(UpdateApplicationObject.class.getName()).log(Level.SEVERE, null, ex); } catch (JSONException ex) { Logger.getLogger(UpdateApplicationObject.class.getName()).log(Level.SEVERE, null, ex); } } /** * Returns a short description of the servlet. * * @return a String containing servlet description */ @Override public String getServletInfo() { return "Short description"; }// </editor-fold> }