Source code

001/*
002 * Copyright 2010 The Kuali Foundation.
003 * 
004 * Licensed under the Educational Community License, Version 1.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 * 
008 * http://www.opensource.org/licenses/ecl1.php
009 * 
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.ole.sec.web.struts;
017
018import javax.servlet.http.HttpServletRequest;
019import javax.servlet.http.HttpServletResponse;
020
021import org.apache.commons.lang.StringUtils;
022import org.apache.struts.action.ActionForm;
023import org.apache.struts.action.ActionForward;
024import org.apache.struts.action.ActionMapping;
025import org.apache.struts.config.ExceptionConfig;
026import org.kuali.ole.sec.SecConstants;
027import org.kuali.ole.sec.SecKeyConstants;
028import org.kuali.ole.sec.businessobject.AccessSecurityRestrictionInfo;
029import org.kuali.ole.sys.context.SpringContext;
030import org.kuali.rice.core.api.config.property.ConfigurationService;
031import org.kuali.rice.kns.web.struts.form.pojo.StrutsExceptionIncidentHandler;
032import org.kuali.rice.krad.util.GlobalVariables;
033
034
035/**
036 * Checks for security access exception and forwards to security access error page
037 */
038public class SecurityExceptionIncidentHandler extends StrutsExceptionIncidentHandler {
039
040    /**
041     * @see org.kuali.rice.kns.web.struts.pojo.StrutsExceptionIncidentHandler#execute(java.lang.Exception, org.apache.struts.config.ExceptionConfig,
042     *      org.apache.struts.action.ActionMapping, org.apache.struts.action.ActionForm, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
043     */
044    @Override
045    public ActionForward execute(Exception exception, ExceptionConfig exceptionConfig, ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) {
046        AccessSecurityRestrictionInfo restrictionInfo = (AccessSecurityRestrictionInfo) GlobalVariables.getUserSession().retrieveObject(SecConstants.OPEN_DOCUMENT_SECURITY_ACCESS_DENIED_ERROR_KEY);
047        if (restrictionInfo != null) {
048            String accessMessage = SpringContext.getBean(ConfigurationService.class).getPropertyValueAsString(SecKeyConstants.MESSAGE_OPEN_DOCUMENT_RESTRICTED);
049            accessMessage = StringUtils.replace(accessMessage, "{0}", GlobalVariables.getUserSession().getPrincipalName());
050            accessMessage = StringUtils.replace(accessMessage, "{1}", restrictionInfo.getDocumentNumber());
051            accessMessage = StringUtils.replace(accessMessage, "{2}", restrictionInfo.getPropertyLabel());
052            accessMessage = StringUtils.replace(accessMessage, "{3}", restrictionInfo.getRetrictedValue());
053            request.setAttribute(SecConstants.ACCESS_ERROR_STRING_REQUEST_KEY, accessMessage);
054
055            GlobalVariables.getUserSession().removeObject(SecConstants.OPEN_DOCUMENT_SECURITY_ACCESS_DENIED_ERROR_KEY);
056
057            return mapping.findForward(SecConstants.ACCESS_DENIED_ERROR_FORWARD);
058        }
059
060        return super.execute(exception, exceptionConfig, mapping, form, request, response);
061    }
062
063}