View Javadoc
1   /*
2    * Copyright 2010 The Kuali Foundation.
3    * 
4    * Licensed under the Educational Community License, Version 1.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    * http://www.opensource.org/licenses/ecl1.php
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.ole.sec.web.struts;
17  
18  import javax.servlet.http.HttpServletRequest;
19  import javax.servlet.http.HttpServletResponse;
20  
21  import org.apache.commons.lang.StringUtils;
22  import org.apache.struts.action.ActionForm;
23  import org.apache.struts.action.ActionForward;
24  import org.apache.struts.action.ActionMapping;
25  import org.apache.struts.config.ExceptionConfig;
26  import org.kuali.ole.sec.SecConstants;
27  import org.kuali.ole.sec.SecKeyConstants;
28  import org.kuali.ole.sec.businessobject.AccessSecurityRestrictionInfo;
29  import org.kuali.ole.sys.context.SpringContext;
30  import org.kuali.rice.core.api.config.property.ConfigurationService;
31  import org.kuali.rice.kns.web.struts.form.pojo.StrutsExceptionIncidentHandler;
32  import org.kuali.rice.krad.util.GlobalVariables;
33  
34  
35  /**
36   * Checks for security access exception and forwards to security access error page
37   */
38  public class SecurityExceptionIncidentHandler extends StrutsExceptionIncidentHandler {
39  
40      /**
41       * @see org.kuali.rice.kns.web.struts.pojo.StrutsExceptionIncidentHandler#execute(java.lang.Exception, org.apache.struts.config.ExceptionConfig,
42       *      org.apache.struts.action.ActionMapping, org.apache.struts.action.ActionForm, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
43       */
44      @Override
45      public ActionForward execute(Exception exception, ExceptionConfig exceptionConfig, ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) {
46          AccessSecurityRestrictionInfo restrictionInfo = (AccessSecurityRestrictionInfo) GlobalVariables.getUserSession().retrieveObject(SecConstants.OPEN_DOCUMENT_SECURITY_ACCESS_DENIED_ERROR_KEY);
47          if (restrictionInfo != null) {
48              String accessMessage = SpringContext.getBean(ConfigurationService.class).getPropertyValueAsString(SecKeyConstants.MESSAGE_OPEN_DOCUMENT_RESTRICTED);
49              accessMessage = StringUtils.replace(accessMessage, "{0}", GlobalVariables.getUserSession().getPrincipalName());
50              accessMessage = StringUtils.replace(accessMessage, "{1}", restrictionInfo.getDocumentNumber());
51              accessMessage = StringUtils.replace(accessMessage, "{2}", restrictionInfo.getPropertyLabel());
52              accessMessage = StringUtils.replace(accessMessage, "{3}", restrictionInfo.getRetrictedValue());
53              request.setAttribute(SecConstants.ACCESS_ERROR_STRING_REQUEST_KEY, accessMessage);
54  
55              GlobalVariables.getUserSession().removeObject(SecConstants.OPEN_DOCUMENT_SECURITY_ACCESS_DENIED_ERROR_KEY);
56  
57              return mapping.findForward(SecConstants.ACCESS_DENIED_ERROR_FORWARD);
58          }
59  
60          return super.execute(exception, exceptionConfig, mapping, form, request, response);
61      }
62  
63  }