Example 36 with HongsException
use of app.hongs.HongsException in project HongsCORE by ihongs.
the class PermitInvoker method invoke.
@Override
public void invoke(ActionHelper helper, ActionRunner chains, Annotation anno) throws HongsException {
Permit ann = (Permit) anno;
String conf = ann.conf();
String[] role = ann.role();
/**
* 很多对外动作并不需要做复杂的权限校验
* 仅需判断用户是否登录即可
* conf 为 $ 时仅查会话状态
* 此时 role 解释为登录区域
* 空串 role 表示可在匿名区
*/
if (conf.startsWith("$")) {
conf = conf.substring(1);
if (conf.length() == 0) {
conf = Cnst.SAE_SES;
}
Object uid = helper.getSessibute(Cnst.UID_SES);
if (uid == null || "".equals(uid)) {
throw new HongsException(0x1101);
}
if (role.length != 0) {
Set usl = (Set) helper.getSessibute(conf);
Set rol = new HashSet(Arrays.asList(role));
if (usl == null || !usl.isEmpty()) {
if (!rol.contains("")) {
throw new HongsException(0x1102);
}
} else {
if (!rol.retainAll(usl)) {
throw new HongsException(0x1102);
}
}
}
chains.doAction();
return;
}
// 识别路径
if (conf.length() == 0) {
String form;
form = chains.getEntity();
conf = chains.getModule();
// 照顾 Module Action 的配置规则
if (NaviMap.hasConfFile(conf + "/" + form)) {
conf = conf + "/" + form;
}
}
NaviMap map = NaviMap.getInstance(conf);
boolean was = map.getAuthSet() != null;
boolean has = false;
if (!was) {
throw new HongsException(0x1101);
}
if (role == null || role.length == 0) {
has = map.chkAuth(chains.getAction());
} else {
for (String rale : role) {
if (map.chkRole(rale)) {
has = true;
break;
}
}
}
if (!has) {
throw new HongsException(0x1103);
}
chains.doAction();
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HongsException(app.hongs.HongsException)
NaviMap(app.hongs.action.NaviMap)
HashSet(java.util.HashSet)
Example 37 with HongsException
use of app.hongs.HongsException in project HongsCORE by ihongs.
the class PresetInvoker method invoke.
@Override
public void invoke(ActionHelper helper, ActionRunner chains, Annotation anno) throws HongsException {
Preset ann = (Preset) anno;
String conf = ann.conf();
String form = ann.form();
String[] deft = ann.deft();
String[] defs = ann.defs();
// 默认参数可完全由外部指定
if (deft == null || deft.length == 0) {
Set<String> uzed = Synt.toTerms(helper.getParameter(Cnst.AB_KEY));
Set<String> used = new LinkedHashSet();
if (null != uzed && !uzed.isEmpty()) {
for (String item : uzed) {
if (item.startsWith("_") || item.startsWith(".") || item.startsWith("!")) {
if (item.equals("_obj_")) {
Core.getInstance().put(Cnst.OBJECT_MODE, true);
} else if (item.equals("_str_")) {
Core.getInstance().put(Cnst.OBJECT_MODE, false);
}
continue;
}
used.add("!" + item);
}
deft = used.toArray(new String[0]);
}
}
// 识别路径
if (form.length() == 0) {
form = chains.getEntity();
}
if (conf.length() == 0) {
conf = chains.getModule();
// 照顾 Module Action 的配置规则
if (FormSet.hasConfFile(conf + "/" + form)) {
conf = conf + "/" + form;
}
}
// 补充参数
try {
Map req;
PresetHelper pre;
req = helper.getRequestData();
pre = new PresetHelper();
pre.addItemsByForm(conf, form, deft, defs);
pre.preset(req, helper);
} catch (HongsException ex) {
int ec = ex.getErrno();
if (ec != 0x10e8 && ec != 0x10e9 && ec != 0x10eb) {
throw ex;
}
}
chains.doAction();
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
HongsException(app.hongs.HongsException)
PresetHelper(app.hongs.action.PresetHelper)
Map(java.util.Map)
Example 38 with HongsException
use of app.hongs.HongsException in project HongsCORE by ihongs.
the class ActsAction method service.
/**
* 服务方法
* Servlet Mapping: *.act<br/>
* 注意: 不支持请求URI的路径中含有"."(句点), 且必须区分大小写;
* 其目的是为了防止产生多种形式的请求路径, 影响动作过滤, 产生安全隐患.
*
* @param req
* @param rsp
* @throws javax.servlet.ServletException
*/
@Override
public void service(HttpServletRequest req, HttpServletResponse rsp) throws ServletException {
String act = ActionDriver.getRecentPath(req);
Core core = ActionDriver.getActualCore(req);
ActionHelper helper = core.get(ActionHelper.class);
Core.THREAD_CORE.set(core);
if (act == null || act.length() == 0) {
senderr(helper, 0x1104, null, "Action URI can not be empty.", "");
return;
}
// 去掉根和扩展名
act = act.substring(1);
int pos = act.lastIndexOf('.');
if (pos != -1)
act = act.substring(0, pos);
// 获取并执行动作
try {
ActionRunner runner = new ActionRunner(helper, act);
runner.doAction();
} catch (ClassCastException ex) {
// 类型转换失败按 400 错误处理
senderr(helper, new HongsException(0x1100, ex));
} catch (HongsException ex) {
senderr(helper, ex);
} catch (HongsExpedient ex) {
senderr(helper, ex);
} catch (HongsError ex) {
senderr(helper, ex);
}
}
Also used :
ActionRunner(app.hongs.action.ActionRunner)
HongsError(app.hongs.HongsError)
HongsException(app.hongs.HongsException)
ActionHelper(app.hongs.action.ActionHelper)
HongsExpedient(app.hongs.HongsExpedient)
Core(app.hongs.Core)
Example 39 with HongsException
use of app.hongs.HongsException in project HongsCORE by ihongs.
the class AuthAction method service.
/**
* 服务方法
* 判断配置和消息有没有生成, 如果没有则生成; 消息按客户语言存放
* @param req
* @param rsp
* @throws java.io.IOException
* @throws javax.servlet.ServletException
*/
@Override
public void service(HttpServletRequest req, HttpServletResponse rsp) throws ServletException, IOException {
// 受是否登录、不同用户等影响, 权限经常变化,必须禁止缓存
rsp.setHeader("Expires", "0");
rsp.addHeader("Pragma", "no-cache");
rsp.setHeader("Cache-Control", "no-cache");
Core core = ActionDriver.getActualCore(req);
ActionHelper helper = core.get(ActionHelper.class);
String name = req.getPathInfo();
if (name == null || name.length() == 0) {
helper.error400("Path info required");
return;
}
int p = name.lastIndexOf('.');
if (p < 0) {
helper.error400("File type required");
return;
}
String type = name.substring(1 + p);
name = name.substring(1, p);
if (!"js".equals(type) && !"json".equals(type)) {
helper.error400("Wrong file type: " + type);
return;
}
String s;
try {
NaviMap sitemap = NaviMap.getInstance(name);
Set<String> authset = sitemap.getAuthSet();
// 没有设置 rsname 的不公开
if (null == sitemap.session) {
helper.error404("Auth data for '" + name + "' is not open to the public");
return;
}
Map<String, Boolean> datamap = new HashMap();
if (null == authset)
authset = new HashSet();
for (String act : sitemap.actions) {
datamap.put(act, authset.contains(act));
}
s = Data.toString(datamap);
} catch (HongsException | HongsExpedient | HongsError ex) {
if (ex.getErrno() == 0x10e0) {
helper.error404(ex.getMessage());
} else {
helper.error500(ex.getMessage());
}
return;
}
// 输出权限信息
if ("json".equals(type)) {
helper.print(s, "application/json");
} else {
String c = req.getParameter("callback");
if (c != null && c.length() != 0) {
if (!c.matches("^[a-zA-Z_\\$][a-zA-Z0-9_]*$")) {
helper.error400("Illegal callback function name!");
return;
}
helper.print("function " + c + "() { return " + s + "; }", "text/javascript");
} else {
helper.print("if(!self.HsAUTH)self.HsAUTH={};Object.assign(self.HsAUTH," + s + ");", "text/javascript");
}
}
}
Also used :
HongsError(app.hongs.HongsError)
HashMap(java.util.HashMap)
HongsExpedient(app.hongs.HongsExpedient)
NaviMap(app.hongs.action.NaviMap)
HongsException(app.hongs.HongsException)
ActionHelper(app.hongs.action.ActionHelper)
Core(app.hongs.Core)
HashSet(java.util.HashSet)
Example 40 with HongsException
use of app.hongs.HongsException in project HongsCORE by ihongs.
the class MoreAction method call.
@Action("call")
public void call(ActionHelper helper) throws HongsException {
CoreConfig cnf = CoreConfig.getInstance();
HttpServletRequest req = helper.getRequest();
HttpServletResponse rsp = helper.getResponse();
// 许可及IP白名单
boolean sw = cnf.getProperty("core.call.more.enable", false);
String ia = cnf.getProperty("core.call.more.allows");
String ip = addr(req);
Set ias = Synt.toTerms(ia);
if (ias == null || ias.isEmpty()) {
ias = new HashSet();
ias.add("::1");
ias.add("127.0.0.1");
ias.add("0:0:0:0:0:0:0:1");
}
if (!sw) {
throw new HongsException(0x1100, "Illegal request!");
}
if (!ias.contains(ip)) {
throw new HongsException(0x1100, "Illegal request.");
}
// 从参数提取参数
Map map = helper.getRequestData();
helper.setRequestData(data(map.get("request")));
helper.setContextData(data(map.get("context")));
helper.setSessionData(data(map.get("session")));
helper.setCookiesData(data(map.get("cookies")));
String uri = "/" + map.get("act") + Cnst.ACT_EXT;
call(helper, uri, req, rsp);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Set(java.util.Set)
HashSet(java.util.HashSet)
CoreConfig(app.hongs.CoreConfig)
HongsException(app.hongs.HongsException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Action(app.hongs.action.anno.Action)
Aggregations
HongsException (app.hongs.HongsException)89
Map (java.util.Map)42
HashMap (java.util.HashMap)34
IOException (java.io.IOException)21
ArrayList (java.util.ArrayList)15
HashSet (java.util.HashSet)15
LinkedHashMap (java.util.LinkedHashMap)15
Set (java.util.Set)15
List (java.util.List)13
File (java.io.File)11
SQLException (java.sql.SQLException)10
FileNotFoundException (java.io.FileNotFoundException)9
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)9
PreparedStatement (java.sql.PreparedStatement)8
Iterator (java.util.Iterator)8
DocumentBuilder (javax.xml.parsers.DocumentBuilder)8
DocumentBuilderFactory (javax.xml.parsers.DocumentBuilderFactory)8
HongsExpedient (app.hongs.HongsExpedient)7
FormSet (app.hongs.action.FormSet)7
Table (app.hongs.db.Table)7
