View Javadoc
1   /**
2    * Copyright 2005-2014 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kns.web.struts.action;
17  
18  import org.apache.struts.action.ActionForm;
19  import org.apache.struts.action.ActionForward;
20  import org.apache.struts.action.ActionMapping;
21  import org.kuali.rice.core.api.config.property.ConfigContext;
22  import org.kuali.rice.krad.util.KRADConstants;
23  
24  import javax.servlet.http.HttpServletRequest;
25  import javax.servlet.http.HttpServletResponse;
26  import java.util.regex.Matcher;
27  import java.util.regex.Pattern;
28  
29  /**
30   * This is the action for the portal.
31   *
32   * @author Kuali Rice Team (rice.collab@kuali.org)
33   *
34   * @deprecated KNS Struts deprecated, use KRAD and the Spring MVC framework.
35   */
36  @Deprecated
37  public class KualiPortalAction extends KualiSimpleAction {
38  
39      @Override
40      public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
41  
42          String gotoUrl = null;
43          String selectedTab = null;
44  
45          if (request.getQueryString() != null && request.getQueryString().indexOf("channelUrl") >= 0) {
46              gotoUrl = request.getQueryString().substring(request.getQueryString().indexOf("channelUrl") + 11, request.getQueryString().length());
47          } else if (request.getParameter("channelUrl") != null && request.getParameter("channelUrl").length() > 0) {
48              gotoUrl = request.getParameter("channelUrl");
49          }
50  
51          if (gotoUrl != null) {
52              // encode some characters for security purposes if present in url
53              gotoUrl = gotoUrl.replace(">", "%3E");
54              gotoUrl = gotoUrl.replace("<", "%3C");
55              gotoUrl = gotoUrl.replace("\"", "%22");
56  
57              // check url allowed to display in portal
58              Pattern pattern = Pattern.compile(ConfigContext.getCurrentContextConfig().getProperty(KRADConstants.PORTAL_ALLOWED_REGEX));
59              Matcher matcher = pattern.matcher(gotoUrl);
60              if(!matcher.matches()) {
61                  throw new Exception("The requested channel URL is not authorized for display in portal.");
62              }
63          }
64  
65          if (request.getParameter("selectedTab") != null && request.getParameter("selectedTab").length() > 0) {
66              request.getSession().setAttribute("selectedTab", request.getParameter("selectedTab"));
67          }
68  
69          request.setAttribute("gotoUrl", gotoUrl);
70  
71          return super.execute(mapping, form, request, response);
72      }
73  }