1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.kuali.rice.krad.web.controller;
17
18 import org.apache.commons.lang.StringUtils;
19 import org.apache.log4j.Logger;
20 import org.kuali.rice.krad.UserSession;
21 import org.kuali.rice.krad.uif.UifConstants;
22 import org.kuali.rice.krad.uif.UifParameters;
23 import org.kuali.rice.krad.uif.util.ProcessLogger;
24 import org.kuali.rice.krad.uif.view.ViewModel;
25 import org.kuali.rice.krad.util.GlobalVariables;
26 import org.kuali.rice.krad.util.KRADUtils;
27 import org.kuali.rice.krad.web.form.HistoryManager;
28 import org.kuali.rice.krad.web.form.UifFormBase;
29 import org.kuali.rice.krad.web.form.UifFormManager;
30 import org.kuali.rice.krad.web.service.ModelAndViewService;
31 import org.springframework.beans.factory.annotation.Autowired;
32 import org.springframework.web.bind.annotation.RequestMethod;
33 import org.springframework.web.method.HandlerMethod;
34 import org.springframework.web.servlet.HandlerInterceptor;
35 import org.springframework.web.servlet.ModelAndView;
36
37 import javax.servlet.http.HttpServletRequest;
38 import javax.servlet.http.HttpServletResponse;
39
40
41
42
43
44
45
46
47
48 public class UifControllerHandlerInterceptor implements HandlerInterceptor {
49 private static final Logger LOG = Logger.getLogger(UifControllerHandlerInterceptor.class);
50
51 @Autowired
52 private ModelAndViewService modelAndViewService;
53
54
55
56
57
58
59
60
61 @Override
62 public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
63 Object handler) throws Exception {
64 checkHandlerMethodAccess(request, handler);
65
66 final UserSession session = KRADUtils.getUserSessionFromRequest(request);
67
68 GlobalVariables.setUserSession(session);
69 GlobalVariables.clear();
70
71 createUifFormManagerIfNecessary(request);
72
73
74 if (request.getSession().getAttribute(UifConstants.HistoryFlow.HISTORY_MANAGER) == null) {
75 request.getSession().setAttribute(UifConstants.HistoryFlow.HISTORY_MANAGER, new HistoryManager());
76 }
77
78 ProcessLogger.trace("pre-handle");
79
80 return true;
81 }
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98 protected void checkHandlerMethodAccess(HttpServletRequest request, Object handler) throws Exception {
99 String requestMethod = request.getMethod();
100
101
102 if(requestMethod.equalsIgnoreCase(RequestMethod.GET.name())) {
103 return;
104 }
105
106 HandlerMethod handlerMethod = (HandlerMethod) handler;
107 MethodAccessible methodAccessible = handlerMethod.getMethodAnnotation(MethodAccessible.class);
108
109
110 if (methodAccessible != null) {
111 return;
112 }
113
114 boolean isMethodAccessible = checkForMethodAccess(request);
115
116 if (!isMethodAccessible) {
117 throw new MethodAccessException(handlerMethod.getBeanType(), handlerMethod.getMethod().getName());
118 }
119 }
120
121
122
123
124
125
126
127
128
129
130
131
132 protected boolean checkForMethodAccess(HttpServletRequest request) {
133 String methodToCall = request.getParameter(UifParameters.METHOD_TO_CALL);
134
135
136
137 if (StringUtils.isBlank(methodToCall)) {
138 return true;
139 }
140
141 UifFormManager uifFormManager = (UifFormManager) request.getSession().getAttribute(UifParameters.FORM_MANAGER);
142 UifFormBase form = null;
143
144 String formKeyParam = request.getParameter(UifParameters.FORM_KEY);
145 if (StringUtils.isNotBlank(formKeyParam) && (uifFormManager != null)) {
146 form = uifFormManager.getSessionForm(formKeyParam);
147 }
148
149
150 if ((form == null) || (form.getViewPostMetadata() == null)) {
151 return true;
152 }
153
154
155
156 return !form.getViewPostMetadata().getAvailableMethodToCalls().contains(methodToCall) || ((form
157 .getViewPostMetadata().getAccessibleMethodToCalls() != null) && form.getViewPostMetadata()
158 .getAccessibleMethodToCalls().contains(methodToCall));
159 }
160
161
162
163
164
165
166
167 protected void createUifFormManagerIfNecessary(HttpServletRequest request) {
168 UifFormManager uifFormManager = (UifFormManager) request.getSession().getAttribute(UifParameters.FORM_MANAGER);
169 if (uifFormManager == null) {
170 uifFormManager = new UifFormManager();
171 request.getSession().setAttribute(UifParameters.FORM_MANAGER, uifFormManager);
172 }
173
174
175 GlobalVariables.setUifFormManager(uifFormManager);
176 }
177
178
179
180
181
182
183
184 @Override
185 public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
186 ModelAndView modelAndView) throws Exception {
187 if (request.getAttribute(UifParameters.Attributes.VIEW_LIFECYCLE_COMPLETE) == null) {
188 getModelAndViewService().prepareView(request, modelAndView);
189 }
190
191 if ((modelAndView != null) && (modelAndView.getModelMap() != null)) {
192 Object model = modelAndView.getModelMap().get(UifConstants.DEFAULT_MODEL_NAME);
193 if ((model != null) && (model instanceof ViewModel)) {
194 ((ViewModel) model).preRender(request);
195 }
196 }
197
198 ProcessLogger.trace("post-handle");
199 }
200
201
202
203
204
205
206 @Override
207 public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
208 Exception ex) throws Exception {
209 ProcessLogger.trace("after-completion");
210
211 UifFormManager uifFormManager = (UifFormManager) request.getSession().getAttribute(UifParameters.FORM_MANAGER);
212 UifFormBase uifForm = (UifFormBase) request.getAttribute(UifConstants.REQUEST_FORM);
213
214 if ((uifForm == null) || (uifForm.getView() == null)) {
215 return;
216 }
217
218
219
220 boolean persistFormToSession = uifForm.getView().isPersistFormToSession();
221 if (persistFormToSession && (uifFormManager != null)) {
222 uifFormManager.purgeForm(uifForm);
223 uifFormManager.addSessionForm(uifForm);
224 }
225
226 uifForm.setView(null);
227
228 ProcessLogger.trace("after-completion-end");
229 }
230
231 protected ModelAndViewService getModelAndViewService() {
232 return modelAndViewService;
233 }
234
235 public void setModelAndViewService(ModelAndViewService modelAndViewService) {
236 this.modelAndViewService = modelAndViewService;
237 }
238 }