Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.kns.web.struts.action;
017
018import org.apache.struts.action.ActionForm;
019import org.apache.struts.action.ActionForward;
020import org.apache.struts.action.ActionMapping;
021import org.kuali.rice.core.api.config.property.ConfigContext;
022import org.kuali.rice.krad.util.KRADConstants;
023
024import javax.servlet.http.HttpServletRequest;
025import javax.servlet.http.HttpServletResponse;
026import java.util.regex.Matcher;
027import java.util.regex.Pattern;
028
029/**
030 * This is the action for the portal.
031 *
032 * @author Kuali Rice Team (rice.collab@kuali.org)
033 */
034public class KualiPortalAction extends KualiSimpleAction {
035
036    @Override
037    public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
038
039        String gotoUrl = null;
040        String selectedTab = null;
041
042        if (request.getQueryString() != null && request.getQueryString().indexOf("channelUrl") >= 0) {
043            gotoUrl = request.getQueryString().substring(request.getQueryString().indexOf("channelUrl") + 11, request.getQueryString().length());
044        } else if (request.getParameter("channelUrl") != null && request.getParameter("channelUrl").length() > 0) {
045            gotoUrl = request.getParameter("channelUrl");
046        }
047
048        if (gotoUrl != null) {
049            // encode some characters for security purposes if present in url
050            gotoUrl = gotoUrl.replace(">", "%3E");
051            gotoUrl = gotoUrl.replace("<", "%3C");
052            gotoUrl = gotoUrl.replace("\"", "%22");
053
054            // check url allowed to display in portal
055            Pattern pattern = Pattern.compile(ConfigContext.getCurrentContextConfig().getProperty(KRADConstants.PORTAL_ALLOWED_REGEX));
056            Matcher matcher = pattern.matcher(gotoUrl);
057            if(!matcher.matches()) {
058                throw new Exception("The requested channel URL is not authorized for display in portal.");
059            }
060        }
061
062        if (request.getParameter("selectedTab") != null && request.getParameter("selectedTab").length() > 0) {
063            request.getSession().setAttribute("selectedTab", request.getParameter("selectedTab"));
064        }
065
066        request.setAttribute("gotoUrl", gotoUrl);
067
068        return super.execute(mapping, form, request, response);
069    }
070}