Source code

001/**
002 * Copyright 2005-2014 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.kns.web.struts.action;
017
018import org.apache.struts.action.ActionForm;
019import org.apache.struts.action.ActionForward;
020import org.apache.struts.action.ActionMapping;
021import org.kuali.rice.core.api.config.property.ConfigContext;
022import org.kuali.rice.krad.util.KRADConstants;
023
024import javax.servlet.http.HttpServletRequest;
025import javax.servlet.http.HttpServletResponse;
026import java.util.regex.Matcher;
027import java.util.regex.Pattern;
028
029/**
030 * This is the action for the portal.
031 *
032 * @author Kuali Rice Team (rice.collab@kuali.org)
033 *
034 * @deprecated KNS Struts deprecated, use KRAD and the Spring MVC framework.
035 */
036@Deprecated
037public class KualiPortalAction extends KualiSimpleAction {
038
039    @Override
040    public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
041
042        String gotoUrl = null;
043        String selectedTab = null;
044
045        if (request.getQueryString() != null && request.getQueryString().indexOf("channelUrl") >= 0) {
046            gotoUrl = request.getQueryString().substring(request.getQueryString().indexOf("channelUrl") + 11, request.getQueryString().length());
047        } else if (request.getParameter("channelUrl") != null && request.getParameter("channelUrl").length() > 0) {
048            gotoUrl = request.getParameter("channelUrl");
049        }
050
051        if (gotoUrl != null) {
052            // encode some characters for security purposes if present in url
053            gotoUrl = gotoUrl.replace(">", "%3E");
054            gotoUrl = gotoUrl.replace("<", "%3C");
055            gotoUrl = gotoUrl.replace("\"", "%22");
056
057            // check url allowed to display in portal
058            Pattern pattern = Pattern.compile(ConfigContext.getCurrentContextConfig().getProperty(KRADConstants.PORTAL_ALLOWED_REGEX));
059            Matcher matcher = pattern.matcher(gotoUrl);
060            if(!matcher.matches()) {
061                throw new Exception("The requested channel URL is not authorized for display in portal.");
062            }
063        }
064
065        if (request.getParameter("selectedTab") != null && request.getParameter("selectedTab").length() > 0) {
066            request.getSession().setAttribute("selectedTab", request.getParameter("selectedTab"));
067        }
068
069        request.setAttribute("gotoUrl", gotoUrl);
070
071        return super.execute(mapping, form, request, response);
072    }
073}