Search in sources :

Example 1 with ActionInvocation

use of com.opensymphony.xwork2.ActionInvocation in project KeyBox by skavanagh.

the class HTTPStrictTransportSecurityInterceptor method intercept.

@Override
public String intercept(ActionInvocation invocation) throws Exception {
    ActionContext context = invocation.getInvocationContext();
    HttpServletResponse response = (HttpServletResponse) context.get(StrutsStatics.HTTP_RESPONSE);
    String headerValue = MAX_AGE + ONE_YEAR;
    response.addHeader(HEADER, headerValue);
    return invocation.invoke();
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) ActionContext(com.opensymphony.xwork2.ActionContext)

Example 2 with ActionInvocation

use of com.opensymphony.xwork2.ActionInvocation in project bamboobsc by billchen198318.

the class UserLoginInterceptor method intercept.

@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
    ActionContext actionContext = actionInvocation.getInvocationContext();
    Map<String, Object> session = actionContext.getSession();
    this.accountObj = (AccountObj) session.get(Constants.SESS_ACCOUNT);
    boolean fromCookieCheckOrRetySubjectLogin = false;
    // 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
    boolean getUserCurrentCookieFail = false;
    String contextPath = ServletActionContext.getServletContext().getContextPath();
    if (!contextPath.endsWith(ApplicationSiteUtils.getContextPathFromMap(Constants.getMainSystem()))) {
        /**
			 * 1. 先用admin登入
			 * 2. 登出admin 改用 tester登入
			 * 這樣的話 gsbsc-web 的 http-session 還是admin , 所以非core-web 要檢查當前CURRENT cookie 中的帳戶是否與 gsbsc-web 一樣
			 * 要是不同的話就讓這個 http-session 失效掉
			 */
        this.invalidCurrentSessionForDifferentAccount(actionContext);
        SecurityUtils.setSecurityManager((DefaultSecurityManager) AppContext.getBean("securityManager"));
        Subject subject = SecurityUtils.getSubject();
        if (accountObj == null) {
            fromCookieCheckOrRetySubjectLogin = getUserCurrentCookie(actionContext);
            if (!fromCookieCheckOrRetySubjectLogin && UserCurrentCookie.foundCurrent((HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST))) {
                // 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
                getUserCurrentCookieFail = true;
            }
        }
        if (accountObj != null && !subject.isAuthenticated()) {
            fromCookieCheckOrRetySubjectLogin = true;
        }
    }
    if (accountObj != null && !StringUtils.isBlank(accountObj.getAccount())) {
        if (uSessLogHelper.countByAccount(accountObj.getAccount()) < 1) {
            return this.redirectLogin(session, getUserCurrentCookieFail);
        }
        if (fromCookieCheckOrRetySubjectLogin) {
            // core-web 有 session了, 但gsbsc-web 沒有session, 所以產生gsbsc-web 的 http session		
            SecurityUtils.setSecurityManager((DefaultSecurityManager) AppContext.getBean("securityManager"));
            Subject subject = SecurityUtils.getSubject();
            GreenStepBaseUsernamePasswordToken token = new GreenStepBaseUsernamePasswordToken();
            token.setRememberMe(false);
            token.setCaptcha("");
            token.setUsername(accountObj.getAccount());
            token.setPassword(((AccountVO) accountObj).getPassword().toCharArray());
            if (!subject.isAuthenticated()) {
                subject.login(token);
            }
            UserAccountHttpSessionSupport.create(actionContext, accountObj);
        }
        return actionInvocation.invoke();
    }
    return this.redirectLogin(session, getUserCurrentCookieFail);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) GreenStepBaseUsernamePasswordToken(com.netsteadfast.greenstep.sys.GreenStepBaseUsernamePasswordToken) ActionContext(com.opensymphony.xwork2.ActionContext) ServletActionContext(org.apache.struts2.ServletActionContext) AccountVO(com.netsteadfast.greenstep.vo.AccountVO) Subject(org.apache.shiro.subject.Subject)

Example 3 with ActionInvocation

use of com.opensymphony.xwork2.ActionInvocation in project bamboobsc by billchen198318.

the class NoCacheHeaderInterceptor method intercept.

@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
    ActionContext context = actionInvocation.getInvocationContext();
    HttpServletResponse response = (HttpServletResponse) context.get(StrutsStatics.HTTP_RESPONSE);
    if (response != null) {
        response.setHeader("Cache-control", "no-cache, no-store");
        response.setHeader("Pragma", "no-cache");
        response.setHeader("Expires", "0");
    }
    return actionInvocation.invoke();
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) ActionContext(com.opensymphony.xwork2.ActionContext)

Example 4 with ActionInvocation

use of com.opensymphony.xwork2.ActionInvocation in project bamboobsc by billchen198318.

the class BaseSimpleActionInfo method handlerActionAnnotations.

public void handlerActionAnnotations() {
    if (this.actionAnnotations != null) {
        return;
    }
    ActionInvocation actionInvocation = ActionContext.getContext().getActionInvocation();
    this.actionAnnotations = actionInvocation.getAction().getClass().getAnnotations();
    Method[] methods = actionInvocation.getAction().getClass().getMethods();
    for (Method method : methods) {
        if (this.actionMethodName.equals(method.getName())) {
            this.actionMethodAnnotations = method.getAnnotations();
        }
    }
}
Also used : ActionInvocation(com.opensymphony.xwork2.ActionInvocation) Method(java.lang.reflect.Method)

Example 5 with ActionInvocation

use of com.opensymphony.xwork2.ActionInvocation in project dhis2-core by dhis2.

the class LoginInterceptor method intercept.

@Override
public String intercept(ActionInvocation invocation) throws Exception {
    Boolean jli = (Boolean) ServletActionContext.getRequest().getSession().getAttribute(LoginInterceptor.JLI_SESSION_VARIABLE);
    if (jli != null) {
        log.debug("JLI marker is present. Running " + actions.size() + " JLI actions.");
        for (Action a : actions) {
            a.execute();
        }
        ServletActionContext.getRequest().getSession().removeAttribute(LoginInterceptor.JLI_SESSION_VARIABLE);
    }
    return invocation.invoke();
}
Also used : Action(com.opensymphony.xwork2.Action)

Aggregations

ActionContext (com.opensymphony.xwork2.ActionContext)7 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 HashMap (java.util.HashMap)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 ValueStack (com.opensymphony.xwork2.util.ValueStack)3 Map (java.util.Map)3 Action (com.opensymphony.xwork2.Action)2 ActionInvocation (com.opensymphony.xwork2.ActionInvocation)2 ActionConfig (com.opensymphony.xwork2.config.entities.ActionConfig)2 PrintWriter (java.io.PrintWriter)2 ServletActionContext (org.apache.struts2.ServletActionContext)2 GreenStepBaseUsernamePasswordToken (com.netsteadfast.greenstep.sys.GreenStepBaseUsernamePasswordToken)1 AccountVO (com.netsteadfast.greenstep.vo.AccountVO)1 ValidationAware (com.opensymphony.xwork2.ValidationAware)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 File (java.io.File)1 IOException (java.io.IOException)1 OutputStream (java.io.OutputStream)1 Method (java.lang.reflect.Method)1 Connection (java.sql.Connection)1