View Javadoc

1   /**
2    * Copyright 2005-2014 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kns.web.struts.action;
17  
18  import org.apache.struts.action.ActionForm;
19  import org.apache.struts.action.ActionForward;
20  import org.apache.struts.action.ActionMapping;
21  import org.kuali.rice.core.api.config.property.ConfigContext;
22  import org.kuali.rice.krad.util.KRADConstants;
23  
24  import javax.servlet.http.HttpServletRequest;
25  import javax.servlet.http.HttpServletResponse;
26  import java.util.regex.Matcher;
27  import java.util.regex.Pattern;
28  
29  /**
30   * This is the action for the portal.
31   *
32   * @author Kuali Rice Team (rice.collab@kuali.org)
33   */
34  public class KualiPortalAction extends KualiSimpleAction {
35  
36      @Override
37      public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
38  
39          String gotoUrl = null;
40          String selectedTab = null;
41  
42          if (request.getQueryString() != null && request.getQueryString().indexOf("channelUrl") >= 0) {
43              gotoUrl = request.getQueryString().substring(request.getQueryString().indexOf("channelUrl") + 11, request.getQueryString().length());
44          } else if (request.getParameter("channelUrl") != null && request.getParameter("channelUrl").length() > 0) {
45              gotoUrl = request.getParameter("channelUrl");
46          }
47  
48          if (gotoUrl != null) {
49              // encode some characters for security purposes if present in url
50              gotoUrl = gotoUrl.replace(">", "%3E");
51              gotoUrl = gotoUrl.replace("<", "%3C");
52              gotoUrl = gotoUrl.replace("\"", "%22");
53  
54              // check url allowed to display in portal
55              Pattern pattern = Pattern.compile(ConfigContext.getCurrentContextConfig().getProperty(KRADConstants.PORTAL_ALLOWED_REGEX));
56              Matcher matcher = pattern.matcher(gotoUrl);
57              if(!matcher.matches()) {
58                  throw new Exception("The requested channel URL is not authorized for display in portal.");
59              }
60          }
61  
62          if (request.getParameter("selectedTab") != null && request.getParameter("selectedTab").length() > 0) {
63              request.getSession().setAttribute("selectedTab", request.getParameter("selectedTab"));
64          }
65  
66          request.setAttribute("gotoUrl", gotoUrl);
67  
68          return super.execute(mapping, form, request, response);
69      }
70  }