View Javadoc

1   /*
2    * Copyright 2007 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 1.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl1.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kns.web.struts.action;
17  
18  import java.util.regex.Matcher;
19  import java.util.regex.Pattern;
20  
21  import javax.servlet.http.HttpServletRequest;
22  import javax.servlet.http.HttpServletResponse;
23  
24  import org.apache.struts.action.ActionForm;
25  import org.apache.struts.action.ActionForward;
26  import org.apache.struts.action.ActionMapping;
27  import org.kuali.rice.core.config.ConfigContext;
28  import org.kuali.rice.kns.exception.KualiException;
29  import org.kuali.rice.kns.util.KNSConstants;
30  
31  /**
32   * This is the action for the portal.
33   * 
34   * @author Kuali Rice Team (rice.collab@kuali.org)
35   */
36  public class KualiPortalAction extends KualiSimpleAction {
37  
38      @Override
39      public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
40  
41          String gotoUrl = null;
42          String selectedTab = null;
43  
44          if (request.getQueryString() != null && request.getQueryString().indexOf("channelUrl") >= 0) {
45              gotoUrl = request.getQueryString().substring(request.getQueryString().indexOf("channelUrl") + 11, request.getQueryString().length());
46          } else if (request.getParameter("channelUrl") != null && request.getParameter("channelUrl").length() > 0) {
47              gotoUrl = request.getParameter("channelUrl");
48          }
49          
50          if (gotoUrl != null) {
51              // encode some characters for security purposes if present in url
52              gotoUrl = gotoUrl.replace(">", "%3E");
53              gotoUrl = gotoUrl.replace("<", "%3C");
54              gotoUrl = gotoUrl.replace("\"", "%22");
55          
56              // check url allowed to display in portal
57              Pattern pattern = Pattern.compile(ConfigContext.getCurrentContextConfig().getProperty(KNSConstants.PORTAL_ALLOWED_REGEX));
58              Matcher matcher = pattern.matcher(gotoUrl);
59              if(!matcher.matches()) {
60                  throw new KualiException("The requested channel URL is not authorized for display in portal.");
61              }
62          }
63  
64          if (request.getParameter("selectedTab") != null && request.getParameter("selectedTab").length() > 0) {
65              request.getSession().setAttribute("selectedTab", request.getParameter("selectedTab"));
66          }
67  
68          request.setAttribute("gotoUrl", gotoUrl);
69  
70          return super.execute(mapping, form, request, response);
71      }
72  
73  }