Java tutorial
/* Copyright (c) 2003 eInnovation Inc. All rights reserved This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. */ package org.openedit.entermedia.modules; import java.util.ArrayList; import java.util.Date; import java.util.Enumeration; import java.util.Iterator; import java.util.List; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.openedit.data.SearcherManager; import org.openedit.users.AllowViewing; import org.openedit.users.GroupSearcher; import org.openedit.users.PasswordHelper; import com.openedit.OpenEditException; import com.openedit.WebPageRequest; import com.openedit.config.Configuration; import com.openedit.modules.BaseModule; import com.openedit.page.Page; import com.openedit.page.PageRequestKeys; import com.openedit.page.PageStreamer; import com.openedit.page.Permission; import com.openedit.page.PermissionManager; import com.openedit.page.manage.PageManager; import com.openedit.users.Group; import com.openedit.users.User; import com.openedit.users.UserManager; import com.openedit.users.UserManager; import com.openedit.users.authenticate.AuthenticationRequest; import com.openedit.users.authenticate.PasswordGenerator; import com.openedit.util.PathUtilities; import com.openedit.util.StringEncryption; import com.openedit.util.URLUtilities; /** * This module allows the user to view and administer the site. * * @author Eric Galluzzo * @author Matt Avery, mavery@einnovation.com */ public class AdminModule extends BaseModule { protected static final String ENTERMEDIAKEY = "entermedia.key"; //username + md542 + md5password + tstamp + timestampenc protected static final String TIMESTAMP = "tstamp"; protected static final long MILLISECONDS_PER_DAY = 24 * 60 * 60 * 1000;// milliseconds in one day (used to calculate password expiry) protected String fieldImagesRoot; // used by the imagepicker protected String fieldRootFTPURL; protected static final String UNAME = "username"; protected static final String EMAIL = "to"; private static final Log log = LogFactory.getLog(AdminModule.class); protected StringEncryption fieldCookieEncryption; protected SendMailModule sendMailModule; protected List fieldWelcomeFiles; public List getWelcomeFiles() { return fieldWelcomeFiles; } public void setWelcomeFiles(List inWelcomeFiles) { fieldWelcomeFiles = inWelcomeFiles; } public AdminModule() { super(); } public SearcherManager getSearcherManager() { return (SearcherManager) getBeanFactory().getBean("searcherManager"); } /** * Sets the root FTP URL. * * @param rootFTPURL * The root FTP URL to set */ public void setRootFTPURL(String rootFTPURL) { if ((rootFTPURL != null) && rootFTPURL.endsWith("/")) { fieldRootFTPURL = rootFTPURL.substring(0, rootFTPURL.length() - 1); } else { fieldRootFTPURL = rootFTPURL; } } /** * Returns the root FTP URL. * * @return A string, which will not end in a slash, or <code>null</code> if * FTP support has not been configured. */ public String getRootFTPURL() { return fieldRootFTPURL; } //TODO: Use Spring protected PasswordHelper getPasswordHelper(WebPageRequest inReq) throws OpenEditException { PasswordHelper passwordHelper = (PasswordHelper) inReq.getSessionValue("passwordHelper"); if (passwordHelper == null) { passwordHelper = new PasswordHelper(); passwordHelper.setSendMailModule(sendMailModule); inReq.putSessionValue("passwordHelper", passwordHelper); } return passwordHelper; } public void emailPasswordReminder(WebPageRequest inReq) throws Exception { String e = inReq.getRequestParameter(EMAIL); String u = inReq.getRequestParameter(UNAME); if (e == null && u == null) { inReq.putPageValue("commandSucceeded", "didnotexecute"); // log.error("Invalid information"); return; } User foundUser = null; String username = null; String email = null; String password = null; // if the user provided an email instead of a username, lookup username String emailaddress = inReq.getRequestParameter(EMAIL); if (emailaddress != null && emailaddress.length() > 0) { foundUser = (User) getUserManager(inReq).getUserByEmail(emailaddress); } if (foundUser == null) { // If the user provided a valid username username = inReq.getRequestParameter(UNAME); if (username != null) { foundUser = (User) getUserManager(inReq).getUser(username); } } if (foundUser != null) { email = foundUser.getEmail(); if (email == null || email.equals("")) { inReq.putPageValue("error", "noemail"); return; } // get the user's current password if (foundUser.getPassword().startsWith("DES:")) { password = getUserManager(inReq).getStringEncryption().decrypt(foundUser.getPassword()); } else { password = foundUser.getPassword(); } username = foundUser.getUserName(); } else { inReq.putPageValue("error", "nouser"); inReq.putPageValue("commandSucceeded", "nouser"); return; } inReq.putPageValue("founduser", foundUser); // let the passwordHelper send the password PasswordHelper passwordHelper = getPasswordHelper(inReq); String passenc = getUserManager(inReq).getStringEncryption().getPasswordMd5(foundUser.getPassword()); passenc = foundUser.getUserName() + "md542" + passenc; //append an encrypted timestamp to passenc try { String expiry = inReq.getPageProperty("temporary_password_expiry"); if (expiry == null || expiry.isEmpty()) { log.info("Temporary password expiry is not enabled."); } else { int days = 0; try { days = Integer.parseInt(expiry); } catch (Exception ee) { } if (days <= 0) { log.info( "Temporary password expiry is not formatted correctly - require a number greater than 0."); } else { String tsenc = getUserManager(inReq).getStringEncryption() .encrypt(String.valueOf(new Date().getTime())); if (tsenc != null && !tsenc.isEmpty()) { if (tsenc.startsWith("DES:")) tsenc = tsenc.substring("DES:".length());//kloog: remove DES: prefix since appended to URL passenc += TIMESTAMP + tsenc; } else { log.info("Unable to append encrypted timestamp. Autologin URL does not have an expiry."); } } } } catch (OpenEditException oex) { log.error(oex.getMessage(), oex); log.info("Unable to append encrypted timestamp. Autologin URL does not have an expiry."); } passwordHelper.emailPasswordReminder(inReq, getPageManager(), username, password, passenc, email); } public void loadPermissions(WebPageRequest inReq) throws Exception { String catid = inReq.findValue("catalogid"); if (catid == null) { catid = "system"; } PermissionManager manager = (PermissionManager) getModuleManager().getBean(catid, "permissionManager"); String limited = null; if (inReq.getCurrentAction() != null) { limited = inReq.getCurrentAction().getChildValue("permissions"); } manager.loadPermissions(inReq, inReq.getContentPage(), limited); } //We will see if we use this or not. Actions may want to handle it themself public void permissionRedirect(WebPageRequest inReq) throws OpenEditException { String name = inReq.findValue("permission"); String value = (String) inReq.getPageValue("can" + name); if (!Boolean.parseBoolean(value)) { String login = inReq.findValue("redirectpath"); if (login != null) { inReq.redirect(login); } } } /** * * @deprecated Use Admin.loadPermissions then check for the "canedit" page * property * @throws Exception */ public void allowEditing(WebPageRequest inReq) throws Exception { // if( inReq.getPageValue("canedit") == null) // { boolean value = false; if (inReq.getUser() != null) { Permission filter = inReq.getPage().getPermission("edit"); value = ((filter == null) || filter.passes(inReq)); } inReq.setEditable(value); // } } public void allowViewing(WebPageRequest inReq) throws OpenEditException { AllowViewing command = new AllowViewing(); command.setPageManager(getPageManager()); command.configure(inReq); command.execute(inReq); } public void checkForDuplicateByEmail(WebPageRequest inReq) throws Exception { String email = inReq.getRequiredParameter("email"); User user = getUserManager(inReq).getUserByEmail(email); if (user != null) { String page = inReq.getCurrentAction().getConfig().getChildValue("redirectpage"); if (page == null) { inReq.redirect(page); } else { inReq.putPageValue("oe-exception", "Account already exists with address " + email); } } } protected UserManager getUserSearcher(WebPageRequest inReq) { return (UserManager) getUserManager(inReq).getUserSearcher(); } protected UserManager getUserManager(WebPageRequest inReq) { String catalogid = inReq.findValue("catalogid"); if (catalogid == null) { catalogid = "system"; } return (UserManager) getModuleManager().getBean(catalogid, "userManager"); } protected GroupSearcher getGroupSearcher(WebPageRequest inReq) { String catalogid = inReq.findValue("catalogid"); if (catalogid == null) { catalogid = "system"; } return (GroupSearcher) getSearcherManager().getSearcher(catalogid, "group"); } /* * public void loginByEmail( WebPageRequest inReq ) throws Exception { * String account = inReq.getRequestParameter("email"); * * if ( account != null ) { User user = getUserManager(inReq).getUserByEmail( * account ); loginAndRedirect(user,inReq); } else { String referrer = * inReq.getRequest().getHeader("REFERER"); if ( referrer != null ) { //this * is the original page someone might have been on * inReq.putSessionValue("originalEntryPage",referrer ); } } } */ public void login(WebPageRequest inReq) throws Exception { String account = inReq.getRequestParameter("accountname"); String password = inReq.getRequestParameter("password"); if (account == null && inReq.getRequest() != null && inReq.getSessionValue("fullOriginalEntryPage") == null) { String referrer = inReq.getRequest().getHeader("REFERER"); if (referrer != null && !referrer.contains("authentication") && referrer.startsWith(inReq.getSiteRoot())) { //the original page someone might have been on inReq.putSessionValue("fullOriginalEntryPage", referrer); } } else if (account != null) { UserManager userManager = getUserManager(inReq); User user = userManager.getUser(account); if (user == null && account.contains("@")) { user = userManager.getUserByEmail(account); } if (user == null) // Allow guest user { String groupname = inReq.getPage().get("autologingroup"); if (groupname != null) { //we dont want to save the real password since it might be NT based String tmppassword = new PasswordGenerator().generate(); user = userManager.createGuestUser(account, tmppassword, groupname); log.info("Username not found. Creating guest user."); } } if (password == null) { inReq.putPageValue("oe-exception", "Password cannot be blank"); return; } if (user == null) { inReq.putPageValue("oe-exception", "Invalid Logon"); return; } AuthenticationRequest aReq = createAuthenticationRequest(inReq, password, user); if (loginAndRedirect(aReq, inReq)) { user.setVirtual(false); userManager.saveUser(user); } } } public boolean authenticate(WebPageRequest inReq) throws Exception { String account = inReq.getRequestParameter("id"); String password = inReq.getRequestParameter("password"); User user = getUserManager(inReq).getUser(account); Boolean ok = false; if (user != null) { AuthenticationRequest aReq = createAuthenticationRequest(inReq, password, user); if (getUserManager(inReq).authenticate(aReq)) { ok = true; String md5 = getCookieEncryption().getPasswordMd5(user.getPassword()); String value = user.getUserName() + "md542" + md5; inReq.putPageValue("entermediakey", value); String catalogid = user.get("catalogid"); inReq.putSessionValue(catalogid + "user", user); } } else { log.info("No such user" + account); // String catalogid =user.get("catalogid"); // inReq.putSessionValue(catalogid + "user", null); } inReq.putPageValue("id", account); inReq.putPageValue("authenticated", ok); return ok; } protected AuthenticationRequest createAuthenticationRequest(WebPageRequest inReq, String password, User user) { AuthenticationRequest aReq = new AuthenticationRequest(); aReq.setUser(user); aReq.setPassword(password); String domain = inReq.getRequestParameter("domain"); if (domain == null) { domain = inReq.getContentPage().get("authenticationdomain"); } aReq.putProperty("authenticationdomain", domain); String server = inReq.getPage().get("authenticationserver"); aReq.putProperty("authenticationserver", server); return aReq; } /** * @param inUser * @param inReq */ protected boolean loginAndRedirect(AuthenticationRequest inAReq, WebPageRequest inReq) throws Exception { User inUser = inAReq.getUser(); boolean userok = false; String sendTo = inReq.getRequestParameter("loginokpage"); String maxcounts = inReq.findValue("maxfailedloginattemps"); int maxattemps = 5; if (maxcounts != null) { try { maxattemps = Integer.parseInt(maxcounts); } catch (Exception e) { } } boolean disable = Boolean.parseBoolean(inReq.getContentProperty("autodisableusers")); UserManager userManager = getUserManager(inReq); if (inUser != null) { // Save our logged-in user in the session, // because we use it again later. if (inAReq.getPassword() != null || inUser.getPassword() != null) { if (inUser.isEnabled()) { userok = userManager.authenticate(inAReq); //<---- This is it!!!! we login } else { inReq.putSessionValue("oe-exception", "User has been disabled"); inReq.putPageValue("oe-exception", "User has been disabled"); inReq.putPageValue("disabled", true); inReq.putPageValue("invaliduser", inUser); return false; } } } if (userok) { if (disable) { //This resets the "failed attemps" to 0. inUser.setProperty("failedlogincount", "0"); userManager.saveUser(inUser); } // // check validation // String lastTime= inUser.getLastLoginTime(); // if(lastTime != null){ // int duration= Integer.parseInt(inReq.getPageProperty("active-duration")); // if(duration >-1){ // //Date lastDateTime = DateStorageUtil.getStorageUtil().parseFromStorage(lastTime); // double eslapsedPeriod =DateStorageUtil.getStorageUtil().compareStorateDateWithCurrentTime(lastTime); // if( eslapsedPeriod > duration){ // inReq.putPageValue("inactive", true); // inReq.putSessionValue("inactive", true); // inReq.putPageValue("inactiveuser", inUser); // inReq.putSessionValue("active-duration", String.valueOf(duration)); // return false; // } // // } // } inReq.removeSessionValue("userprofile"); //inReq.putSessionValue("user", inUser); //TODO: Move this into the manager String catalogid = userManager.getUserSearcher().getCatalogId(); inUser.setProperty("catalogid", catalogid); inReq.putSessionValue(catalogid + "user", inUser); createUserSession(inReq); // user is now logged in String sendToOld = (String) inReq.getSessionValue("fullOriginalEntryPage"); if (sendTo == null || sendTo.trim().length() == 0) { if (inReq.getRequest() != null) { String referrer = inReq.getRequest().getHeader("REFERER"); if (sendToOld != null && !sendToOld.equals(referrer)) { sendTo = sendToOld; } inReq.removeSessionValue("originalEntryPage"); inReq.removeSessionValue("fullOriginalEntryPage"); } } if (sendTo == null) { String appid = inReq.findValue("applicationid"); if (appid != null) { sendTo = "/" + appid + "/index.html"; } else { sendTo = "/index.html"; } } savePasswordAsCookie(inUser, inReq); String cancelredirect = inReq.findValue("cancelredirect"); if (!Boolean.parseBoolean(cancelredirect)) { sendTo = sendTo.replace("oemaxlevel=", "canceloemaxlevel="); inReq.redirect(sendTo); } return true; } else { if (disable) { String failedLoginCount = inUser.get("failedlogincount"); int fails = 0; if (failedLoginCount != null) { fails = Integer.parseInt(failedLoginCount); } fails++; inUser.setProperty("failedlogincount", String.valueOf(fails)); if (fails >= maxattemps) { { User user = inReq.getUser(); if (user != null) { String md5 = getCookieEncryption().getPasswordMd5(user.getPassword()); String value = user.getUserName() + "md542" + md5; inReq.putPageValue("entermediakey", value); } } inUser.setEnabled(false); } userManager.saveUser(inUser); } // inReq.putSessionValue("oe-exception", "Invalid Logon"); inReq.putPageValue("oe-exception", "Invalid Logon"); return false; } } public void savePasswordAsCookie(User user, WebPageRequest inReq) throws OpenEditException { if (user.isVirtual()) { log.debug("User is virtual. Not saving cookie"); return; } HttpServletResponse res = inReq.getResponse(); if (res != null) { String name = createMd5CookieName(inReq, true); try { String md5 = getCookieEncryption().getPasswordMd5(user.getPassword()); String value = user.getUserName() + "md542" + md5; Cookie cookie = new Cookie(name, value); cookie.setMaxAge(Integer.MAX_VALUE); //Needs new servelet api jar // cookie.setHttpOnly(true); cookie.setPath("/"); // http://www.unix.org.ua/orelly/java-ent/servlet/ch07_04.htm This does not really work. It tends to not send the data res.addCookie(cookie); inReq.putPageValue("entermediakey", value); } catch (Exception ex) { throw new OpenEditException(ex); } //TODO: Add a new alternative cookie that will auto login the user by passing the md5 of a secret key + their password //TODO: If the MD5 matches on both sides then we are ok to log them in } } public void loadEnterMediaKey(WebPageRequest inReq) { String account = inReq.getRequestParameter("id"); String password = inReq.getRequestParameter("password"); User user = getUserManager(inReq).getUser(account); Boolean ok = false; if (user != null) { AuthenticationRequest aReq = createAuthenticationRequest(inReq, password, user); if (getUserManager(inReq).authenticate(aReq)) { String md5 = getCookieEncryption().getPasswordMd5(user.getPassword()); String value = user.getUserName() + "md542" + md5; inReq.putPageValue("entermediakey", value); inReq.putPageValue("user", user); } } } public void logout(WebPageRequest inReq) throws OpenEditException { UserManager usermanager = getUserManager(inReq); String catalogid = usermanager.getUserSearcher().getCatalogId(); User user = (User) inReq.getSessionValue(catalogid + "user"); if (user == null) { //this user is already logged out return; } usermanager.logout(user); Enumeration enumeration = inReq.getSession().getAttributeNames(); List toremove = new ArrayList(); while (enumeration.hasMoreElements()) { String id = (String) enumeration.nextElement(); toremove.add(id); } for (Iterator iter = toremove.iterator(); iter.hasNext();) { String id = (String) iter.next(); inReq.removeSessionValue(id); // inReq.removeSessionValue("editMode"); //legacy // inReq.removeSessionValue("username"); //legacy // inReq.removeSessionValue("user"); } inReq.removePageValue("user"); inReq.removePageValue("userprofile"); removeCookie(inReq); String referrer = inReq.getRequestParameter("editingPath"); if (referrer != null && !referrer.startsWith("http")) { Page epath = getPageManager().getPage(referrer); if (referrer.indexOf("/openedit") >= 0 || !epath.isHtml() || !epath.exists()) { referrer = null; } } if (referrer != null) { inReq.redirect(referrer); } } protected void removeCookie(WebPageRequest inReq) { HttpServletResponse res = inReq.getResponse(); if (res != null) { Cookie cookie = new Cookie(createMd5CookieName(inReq, true), "none"); cookie.setMaxAge(0); cookie.setPath("/"); // http://www.unix.org.ua/orelly/java-ent/servlet/ch07_04.htm res.addCookie(cookie); cookie = new Cookie(createMd5CookieName(inReq, false), "none"); cookie.setMaxAge(0); cookie.setPath("/"); // http://www.unix.org.ua/orelly/java-ent/servlet/ch07_04.htm res.addCookie(cookie); } } public void autoLogin(WebPageRequest inReq) throws OpenEditException { createUserSession(inReq); if (inReq.getUser() != null) { return; } if (Boolean.parseBoolean(inReq.getContentProperty("oe.usernameinheader"))) { autoLoginFromRequest(inReq); } if (inReq.getSessionValue("autologindone") == null) { readPasswordFromCookie(inReq); } if (inReq.getUser() == null) { String md5 = inReq.getRequestParameter(ENTERMEDIAKEY); if (md5 != null) { autoLoginFromMd5Value(inReq, md5); } } // // String login = inReq.getRequestParameter("accountname"); // if (login != null) // { // quickLogin(inReq); // } createUserSession(inReq); } public User createUserSession(WebPageRequest inReq) { UserManager userManager = getUserManager(inReq); String catalogid = userManager.getUserSearcher().getCatalogId(); User user = (User) inReq.getSessionValue(catalogid + "user"); inReq.putPageValue("user", user); return user; } protected void quickLogin(WebPageRequest inReq) throws OpenEditException { if (inReq.getUser() == null) { String username = inReq.getRequestParameter("accountname"); String password = inReq.getRequestParameter("password"); if (password == null) { password = inReq.getRequestParameter("code"); password = getUserManager(inReq).getStringEncryption().decrypt(password); } if (password == null) { return; } User user = getUserManager(inReq).getUser(username); if (user == null) { return; } if (!getUserManager(inReq).authenticate(user, password)) { throw new OpenEditException("Did not authenticate: " + username); } else { inReq.setUser(user); } } } protected void autoLoginFromRequest(WebPageRequest inRequest) { String username = inRequest.getRequest().getRemoteUser(); if (username == null) { return; } if (inRequest.getUser() != null) { return; } UserManager userManager = getUserManager(inRequest); User user = userManager.getUser(username); if (user == null) { String groupname = inRequest.getPageProperty("autologingroup"); if (groupname != null) { user = userManager.createGuestUser(username, null, groupname); } } if (user != null) { inRequest.putProtectedPageValue(PageRequestKeys.USER, user); } } String createMd5CookieName(WebPageRequest inReq, boolean withapp) { String home = (String) inReq.getPageValue("home"); String name = ENTERMEDIAKEY + home; if (withapp) { String root = PathUtilities.extractRootDirectory(inReq.getPath()); if (root != null && root.length() > 1) { name = name + root.substring(1); } } return name; } protected void readPasswordFromCookie(WebPageRequest inReq) throws OpenEditException { // see if we have a coookie for this person with their encrypted password // in it HttpServletRequest req = inReq.getRequest(); if (req != null) { Cookie[] cookies = req.getCookies(); if (cookies != null) { String id = createMd5CookieName(inReq, true); String idold = createMd5CookieName(inReq, false); for (int i = 0; i < cookies.length; i++) { Cookie cook = cookies[i]; if (cook.getName() != null) { if (id.equals(cook.getName()) || idold.equals(cook.getName())) { if (autoLoginFromMd5Value(inReq, cook.getValue())) { return; } else { cook.setMaxAge(0); // remove the cookie inReq.getResponse().addCookie(cook); } } } } } } } protected boolean autoLoginFromMd5Value(WebPageRequest inReq, String uandpass) { //get the password expiry in days int pwd_expiry_in_days = 1; String str = inReq.getPageProperty("temporary_password_expiry"); if (str != null && !str.isEmpty()) { try { pwd_expiry_in_days = Integer.parseInt(str); } catch (NumberFormatException e) { } if (pwd_expiry_in_days < 1) pwd_expiry_in_days = 1;//default if malformed if (log.isDebugEnabled()) { log.debug("Password is set to expire in " + pwd_expiry_in_days + " days"); } } //String uandpass = cook.getValue(); if (uandpass != null) { int split = uandpass.indexOf("md542"); if (split == -1) { return false; } String username = uandpass.substring(0, split); User user = getUserManager(inReq).getUser(username); if (user != null && user.getPassword() != null) { String md5 = uandpass.substring(split + 5); //if timestamp included, check whether the autologin has expired if ((split = md5.indexOf(TIMESTAMP)) != -1) { String tsenc = md5.substring(split + TIMESTAMP.length()); md5 = md5.substring(0, split); try { String ctext = getCookieEncryption().decrypt(tsenc); long ts = Long.parseLong(ctext); long current = new Date().getTime(); if ((current - ts) > (pwd_expiry_in_days * MILLISECONDS_PER_DAY)) { log.debug("Autologin has expired, redirecting to login page"); return false; } else { if (log.isDebugEnabled()) { log.debug("Autologin has not expired, processing md5 password"); } } } catch (Exception oex) { log.error(oex.getMessage(), oex); return false; } } else { if (log.isDebugEnabled()) { log.debug("Autologin does not have a timestamp"); } } try { String hash = getCookieEncryption().getPasswordMd5(user.getPassword()); if (md5.equals(hash)) { String catalogid = user.get("catalogid"); inReq.putSessionValue(catalogid + "user", user); createUserSession(inReq); return true; } else { log.info("Auto login did not work " + username + " md5 " + md5); return false; } } catch (Exception ex) { throw new OpenEditException(ex); } } } return false; } public void forwardToSecureSocketsLayer(WebPageRequest inReq) { String useSecure = inReq.getPage().get("useshttps"); if (Boolean.parseBoolean(useSecure) && inReq.getRequest() != null) { String host = inReq.getPage().get("hostname"); if (host == null) { host = inReq.getPage().get("hostName"); } if (host == null) { return; } if (host.contains("localhost")) { return; } if (host != null && !inReq.getRequest().isSecure()) { String path = "https://" + host + inReq.getPathUrl(); log.info("Forward to address " + path); inReq.redirect(path); } } } /** * This is deprecated because it can't handle directory redirects and is * buggy and hard to read. Use redirectHost and redirectInternal instead. * * @param inReq * @throws OpenEditException * @deprecated */ public void redirect(WebPageRequest inReq) throws OpenEditException { String path = inReq.getCurrentAction().getChildValue("redirectpath"); if (path == null) { path = inReq.getPage().get("redirectpath"); } if (path != null && inReq.getRequest() != null) { URLUtilities utils = (URLUtilities) inReq.getPageValue(PageRequestKeys.URL_UTILITIES); if (path.endsWith("/")) { path = path.substring(0, path.length() - 1); } List host = inReq.getCurrentAction().getConfig().getChildren("host"); if (host.size() > 0) { String server = utils.buildRoot(); //http://localhost:8080/ boolean found = false; for (Iterator iterator = host.iterator(); iterator.hasNext();) { Configuration conf = (Configuration) iterator.next(); //verify the host String hostval = conf.getValue(); log.debug("Checking [" + server + "] starts with [" + hostval + "]"); if (server.startsWith(hostval)) { found = true; break; } } if (!found) { log.info("Host did not match, was [" + server + "]"); return; } } int indestpath = path.indexOf("*"); //http://xyz/* if (indestpath > -1) { //this is a dynamic redirect path //http://xyz/* -> http://xyz/somepage.html //take off a part of the path before the *? String begin = path.substring(0, indestpath); String ending = utils.requestPathWithArgumentsNoContext(); if (ending.startsWith("/") == true) { ending = ending.substring(1, ending.length()); } String server = utils.buildRoot(); String redirectPath = null; if (path.startsWith("http")) { redirectPath = begin + "/" + PathUtilities.extractFileName(ending); } else { redirectPath = begin + ending; //this does not handle subdirectory redirects } if (!redirectPath.equals(server)) { inReq.redirectPermanently(redirectPath); } else { throw new OpenEditException("Infinite loop to forward to " + redirectPath); } } else if (path.startsWith("http")) { // String fixedpath = path; // String domain = utils.siteRoot(); // if( domain.startsWith("https://") && !fixedpath.startsWith("https://") ) // { // fixedpath = "https://" + path.substring("https://".length()-1, path.length()); // } // if( !fixedpath.startsWith(domain) ) // { // //see if it exists locally // if ( inReq.getContentPage().exists() ) // { // String newurl = fixedpath + utils.requestPathWithArguments(); // inReq.redirectPermanently(newurl); // } // else // { //http://localhost:8080/ String server = utils.buildRoot(); if (!path.startsWith(server)) { inReq.redirectPermanently(path); } // } } else { if (!inReq.getPath().equals(path)) { inReq.redirectPermanently(path); } } } } /** * This is used to direct to a different host. I can be used in conjunction * with redirectInternal(). <path-action name="Admin.redirectHost"> * <redirecthost>http://xyz.com/</redirecthost> </path-action> * * @param inReq * @throws OpenEditException */ public void redirectHost(WebPageRequest inReq) throws OpenEditException { if (inReq.getRequest() == null) { return; } String host = inReq.getCurrentAction().getChildValue("redirecthost"); URLUtilities utils = (URLUtilities) inReq.getPageValue(PageRequestKeys.URL_UTILITIES); if (utils == null) { utils = new URLUtilities(inReq.getRequest(), inReq.getResponse()); } String ending = utils.requestPathWithArgumentsNoContext(); String server = utils.buildRoot(); if (server != null && server.endsWith("/")) { server = server.substring(0, server.length() - 1); } if (host.endsWith("/")) { host = host.substring(0, host.length() - 1); } if (!host.equals(server)) { String redirectPath = host + ending; //log.info("Redirecting " + host + " AND " + server); inReq.redirectPermanently(redirectPath); } else { return; } } /** * This is used to redirect between pages on the same server. It may be used * in conjunction with redirectHost(). This should be used instead of the * old Admin.redirect <path-action name="Admin.redirectInternal"> <!--This * is an example of directory substitution--> * <redirectpath>/newpath/</redirectpath> * <redirectroot>/oldpath/</redirectroot> </path-action> <path-action * name="Admin.redirectInternal"> <!--This is an example of absolute * substitution--> <redirectpath>/newpath/index.html</redirectpath> * <redirectroot>*</redirectroot> </path-action> * * @param inReq * @throws OpenEditException */ public void redirectInternal(WebPageRequest inReq) throws OpenEditException { String path = inReq.getCurrentAction().getChildValue("redirectpath"); String rootdir = inReq.getCurrentAction().getChildValue("redirectroot"); URLUtilities utils = (URLUtilities) inReq.getPageValue(PageRequestKeys.URL_UTILITIES); String server = utils.buildRoot(); if (server.endsWith("/")) { server = server.substring(0, server.length() - 1); } String ending = utils.requestPathWithArgumentsNoContext(); String newEnding; if (rootdir.equals("*")) { newEnding = path; } else { newEnding = ending.replace(rootdir, path); } String redirectPath = server + newEnding; if (!newEnding.equals(ending)) { inReq.redirectPermanently(redirectPath); } else { return; } } public void redirectToOriginal(WebPageRequest inReq) { String editPath = inReq.getRequestParameter("editPath"); String orig = inReq.getRequestParameter("origURL"); if (orig == null) { orig = inReq.findValue("origURL"); } if (orig != null) { if (orig.indexOf("?") == -1 && editPath != null) { inReq.redirect(orig + "?path=" + editPath + "&cache=false"); } else { inReq.redirect(orig); } } else { // log.error("No origURL specified"); } } public SendMailModule getSendMailModule() { return sendMailModule; } public void setSendMailModule(SendMailModule sendMailModule) { this.sendMailModule = sendMailModule; } public void toogleAdminToolbar(WebPageRequest inReq) { User user = inReq.getUser(); if (user != null) { boolean bol = user.getBoolean("openadmintoolbar"); if (bol) { user.put("openadmintoolbar", "false"); } else { user.put("openadmintoolbar", "true"); } if (!user.isVirtual()) { getUserManager(inReq).saveUser(user); } } redirectToOriginal(inReq); } public StringEncryption getCookieEncryption() { // if (fieldCookieEncryption == null) // { // fieldCookieEncryption = new StringEncryption(); //// String KEY = "SomeWeirdReallyLongStringYUITYGFNERDF343dfdGDFGSDGGD"; //// fieldCookieEncryption.setEncryptionKey(KEY); // } return fieldCookieEncryption; } public void setCookieEncryption(StringEncryption inCookieEncryption) { fieldCookieEncryption = inCookieEncryption; } public void toggleProperty(WebPageRequest inReq) throws Exception { User user = inReq.getUser(); if (user != null) { String id = inReq.getRequestParameter("propertyid"); if (id == null) { id = inReq.getRequestParameter("id"); } if (id != null) { boolean has = user.hasProperty(id); if (has) { user.remove(id); } else { user.put(id, String.valueOf(has)); } getUserManager(inReq).saveUser(user); } } } public String getTheme(WebPageRequest inReq) throws Exception { String theme = inReq.findValue("themeprefix"); inReq.putPageValue("themeprefix", theme); return theme; } protected Page findWelcomePage(Page inDirectory) throws OpenEditException { String dir = inDirectory.getPath(); if (!dir.endsWith("/")) { dir = dir + "/"; } for (Iterator iterator = getWelcomeFiles().iterator(); iterator.hasNext();) { String index = (String) iterator.next(); if (getPageManager().getRepository().doesExist(dir + index)) { return getPageManager().getPage(dir + index, true); } } return getPageManager().getPage(dir + "index.html", true); } public void checkExist(WebPageRequest inReq) throws Exception { check404(inReq); } public void check404(WebPageRequest inReq) throws Exception { boolean exist = inReq.getPage().exists(); if (exist) { return; } PageStreamer streamer = inReq.getPageStreamer(); if (streamer != null) { streamer.getWebPageRequest().putPageValue("pathNotFound", inReq.getPath()); } String isVirtual = inReq.getPage().get("virtual"); if (Boolean.parseBoolean(isVirtual)) { return; } URLUtilities utils = (URLUtilities) inReq.getPageValue(PageRequestKeys.URL_UTILITIES); if (utils != null) { //redirecting only works relative to a webapp if (streamer != null) { streamer.getWebPageRequest().putPageValue("forcedDestinationPath", utils.requestPathWithArgumentsNoContext()); } } PageManager pageManager = getPageManager(); if (inReq.getPage().isHtml() && inReq.isEditable()) { Page wizard = pageManager.getPage("/system/nopagefound.html"); if (wizard.exists()) { inReq.getPageStreamer().include(wizard); inReq.setHasRedirected(true); return; } } if (!inReq.getPage().isHtml()) { HttpServletResponse response = inReq.getResponse(); if (response != null) { response.sendError(HttpServletResponse.SC_NOT_FOUND); inReq.setHasRedirected(true); return; } } if (inReq.getContentPage().getPath().equals(inReq.getPath())) { //log.info( "Could not use add page wizard. 404 error on: " + inReq.getPath() ); Page p404 = pageManager.getPage("/error404.html"); if (p404.exists()) { HttpServletResponse response = inReq.getResponse(); if (response != null) { response.setStatus(HttpServletResponse.SC_NOT_FOUND); } inReq.putProtectedPageValue("content", p404); //inReq.forward(p404.getPath()); return; } else { log.error("Could not report full 404 error on: " + inReq.getPath() + ". Make sure the 404 error page exists " + p404.getPath()); //other users will get the standard file not found error HttpServletResponse response = inReq.getResponse(); if (response != null) { response.sendError(HttpServletResponse.SC_NOT_FOUND); inReq.setHasRedirected(true); } } } else { inReq.getWriter().write("404 on " + inReq.getPath()); inReq.getWriter().flush(); inReq.setHasRedirected(true); } } public void createGuestUser(WebPageRequest inReq) { User user = inReq.getUser(); if (user == null) { Group guest = getGroupSearcher(inReq).getGroup("guest"); if (guest == null) { getUserManager(inReq).createGroup("guest"); } user = getUserManager(inReq).createGuestUser(null, null, "guest"); String catalogid = user.get("catalogid"); inReq.putSessionValue(catalogid + "user", user); inReq.putPageValue("user", user); } } public void switchToUser(WebPageRequest inReq) { User user = inReq.getUser(); if (!user.isInGroup("administrators")) { return; } String userid = inReq.getRequestParameter("userid"); User target = getUserManager(inReq).getUser(userid); if (target != null) { clearSession(inReq); inReq.putSessionValue("realuser", user); inReq.putSessionValue(target.get("catalogid") + "user", target); createUserSession(inReq); } } public void revertToUser(WebPageRequest inReq) { User olduser = (User) inReq.getSessionValue("realuser"); if (olduser != null) { clearSession(inReq); inReq.putSessionValue("realuser", null); inReq.putSessionValue(olduser.get("catalogid") + "user", olduser); createUserSession(inReq); } } public void clearSession(WebPageRequest inReq) { Enumeration keys = inReq.getSession().getAttributeNames(); while (keys.hasMoreElements()) { String key = (String) keys.nextElement(); inReq.putSessionValue(key, null); } } }