use of javax.portlet.PortletMode in project uPortal by Jasig.
the class UrlSyntaxProviderImpl method parseLegacyPortalUrl.
protected IPortalRequestInfo parseLegacyPortalUrl(HttpServletRequest request, Map<String, String[]> parameterMap) {
final PortalRequestInfoImpl portalRequestInfo = new PortalRequestInfoImpl();
final String[] fname = parameterMap.remove(LEGACY_PARAM_PORTLET_FNAME);
if (fname != null && fname.length > 0) {
final IPortletWindow portletWindow = this.portletWindowRegistry.getOrCreateDefaultPortletWindowByFname(request, fname[0]);
if (portletWindow != null) {
logger.debug("Legacy fname parameter {} resolved to {}", fname[0], portletWindow);
final IPortletWindowId portletWindowId = portletWindow.getPortletWindowId();
portalRequestInfo.setTargetedPortletWindowId(portletWindowId);
final PortletRequestInfoImpl portletRequestInfo = portalRequestInfo.getPortletRequestInfo(portletWindowId);
// Check the portlet request type
final String[] type = parameterMap.remove(LEGACY_PARAM_PORTLET_REQUEST_TYPE);
if (type != null && type.length > 0 && "ACTION".equals(type[0])) {
portalRequestInfo.setUrlType(UrlType.ACTION);
}
// Set the window state
final String[] state = parameterMap.remove(LEGACY_PARAM_PORTLET_STATE);
if (state != null && state.length > 0) {
final WindowState windowState = PortletUtils.getWindowState(state[0]);
// none of the other options make sense
if (portalRequestInfo.getUrlType() == UrlType.ACTION || PATH_WINDOW_STATES.contains(windowState)) {
portletRequestInfo.setWindowState(windowState);
}
}
// If no window state was set assume MAXIMIZED
if (portletRequestInfo.getWindowState() == null) {
portletRequestInfo.setWindowState(WindowState.MAXIMIZED);
}
// Set the portlet mode
final String[] mode = parameterMap.remove(LEGACY_PARAM_PORTLET_MODE);
if (mode != null && mode.length > 0) {
final PortletMode portletMode = PortletUtils.getPortletMode(mode[0]);
portletRequestInfo.setPortletMode(portletMode);
}
// Set the parameters
final Map<String, List<String>> portletParameters = portletRequestInfo.getPortletParameters();
for (final Map.Entry<String, String[]> parameterEntry : parameterMap.entrySet()) {
final String prefixedName = parameterEntry.getKey();
// If the parameter starts with the portlet param prefix
if (prefixedName.startsWith(LEGACY_PARAM_PORTLET_PARAM_PREFX)) {
final String name = prefixedName.substring(LEGACY_PARAM_PORTLET_PARAM_PREFX.length());
portletParameters.put(name, Arrays.asList(parameterEntry.getValue()));
}
}
// Set the url state based on the window state
final UrlState urlState = this.determineUrlState(portletWindow, portletRequestInfo.getWindowState());
portalRequestInfo.setUrlState(urlState);
} else {
logger.debug("Could not find portlet for legacy fname fname parameter {}", fname[0]);
}
}
// Check root=uP_root
final String[] root = parameterMap.remove(LEGACY_PARAM_LAYOUT_ROOT);
if (root != null && root.length > 0) {
if (LEGACY_PARAM_LAYOUT_ROOT_VALUE.equals(root[0])) {
// Check uP_sparam=activeTab
final String[] structParam = parameterMap.remove(LEGACY_PARAM_LAYOUT_STRUCT_PARAM);
if (structParam != null && structParam.length > 0) {
if (LEGACY_PARAM_LAYOUT_TAB_ID.equals(structParam[0])) {
// Get the active tab id
final String[] activeTabId = parameterMap.remove(LEGACY_PARAM_LAYOUT_TAB_ID);
if (activeTabId != null && activeTabId.length > 0) {
// Get the user's layout and do xpath for tab at index=activeTabId[0]
final IUserInstance userInstance = this.userInstanceManager.getUserInstance(request);
final IUserPreferencesManager preferencesManager = userInstance.getPreferencesManager();
final IUserLayoutManager userLayoutManager = preferencesManager.getUserLayoutManager();
final IUserLayout userLayout = userLayoutManager.getUserLayout();
final String nodeId = this.xpathOperations.doWithExpression("/layout/folder/folder[@type='regular' and @hidden='false'][position() = $activeTabId]/@ID", Collections.singletonMap("activeTabId", activeTabId[0]), new Function<XPathExpression, String>() {
@Override
public String apply(XPathExpression xPathExpression) {
return userLayout.findNodeId(xPathExpression);
}
});
// Found nodeId for activeTabId
if (nodeId != null) {
logger.debug("Found layout node {} for legacy activeTabId parameter {}", nodeId, activeTabId[0]);
portalRequestInfo.setTargetedLayoutNodeId(nodeId);
} else {
logger.debug("No layoout node found for legacy activeTabId parameter {}", activeTabId[0]);
}
}
}
}
}
}
return portalRequestInfo;
}
use of javax.portlet.PortletMode in project uPortal by Jasig.
the class PortletDelegationDispatcherImpl method doAction.
@Override
public DelegationActionResponse doAction(ActionRequest actionRequest, ActionResponse actionResponse, DelegationRequest delegationRequest) throws IOException {
final HttpServletRequest request = this.portalRequestUtils.getPortletHttpRequest(actionRequest);
final HttpServletResponse response = this.portalRequestUtils.getOriginalPortalResponse(actionRequest);
// Sanity check that the dispatch is being called by the same user it was created for
final IPerson person = this.personManager.getPerson(request);
if (this.userId != person.getID()) {
throw new IllegalStateException("This dispatcher was created for userId " + this.userId + " but is being executed for userId " + person.getID());
}
this.setupDelegateRequestInfo(request, delegationRequest);
final IPortletWindowId portletWindowId = this.portletWindow.getPortletWindowId();
try {
// TODO canRender permission checks!
this.portletRenderer.doAction(portletWindowId, request, response);
} catch (RuntimeException e) {
this.logger.error("Failed to execute action on delegate", e);
throw e;
}
// Get the portal URL builders for this request and check if a redirect was sent
final IPortalActionUrlBuilder portalActionUrlBuilder = this.portalUrlProvider.getPortalActionUrlBuilder(request);
final String redirectLocation = portalActionUrlBuilder.getRedirectLocation();
if (redirectLocation != null) {
final String renderUrlParamName = portalActionUrlBuilder.getRenderUrlParamName();
// clear out the redirect from the delegate, leave it up to the parent if the redirect
// should happen
portalActionUrlBuilder.setRedirectLocation(null, null);
return new DelegationActionResponse(this.getDelegateState(), redirectLocation, renderUrlParamName);
}
// No redirect so get the portlet's url builder and copy the state-changing data into the
// delegate response
final IPortletUrlBuilder portletUrlBuilder = portalActionUrlBuilder.getPortletUrlBuilder(portletWindowId);
final WindowState windowState = portletUrlBuilder.getWindowState();
final PortletMode portletMode = portletUrlBuilder.getPortletMode();
final Map<String, String[]> parameters = portletUrlBuilder.getParameters();
return new DelegationActionResponse(this.getDelegateState(), portletMode, windowState, parameters);
}
use of javax.portlet.PortletMode in project uPortal by Jasig.
the class PortletRendererImpl method enforceConfigPermission.
/**
* Enforces config mode access control. If requesting user does not have CONFIG permission, and
* the PortletWindow specifies config mode, throws AuthorizationException. Otherwise does
* nothing.
*
* @param httpServletRequest the non-null current HttpServletRequest (for determining requesting
* user)
* @param portletWindow a non-null portlet window that might be in config mode
* @throws AuthorizationException if the user is not permitted to access config mode yet portlet
* window specifies config mode
* @throws java.lang.IllegalArgumentException if the request or window are null
* @since 4.0.13.1, 4.0.14, 4.1.
*/
protected void enforceConfigPermission(final HttpServletRequest httpServletRequest, final IPortletWindow portletWindow) {
Validate.notNull(httpServletRequest, "Servlet request must not be null to determine remote user.");
Validate.notNull(portletWindow, "Portlet window must not be null to determine its mode.");
final PortletMode portletMode = portletWindow.getPortletMode();
if (portletMode != null) {
if (IPortletRenderer.CONFIG.equals(portletMode)) {
final IPerson person = this.personManager.getPerson(httpServletRequest);
final EntityIdentifier ei = person.getEntityIdentifier();
final AuthorizationServiceFacade authorizationServiceFacade = AuthorizationServiceFacade.instance();
final IAuthorizationPrincipal ap = authorizationServiceFacade.newPrincipal(ei.getKey(), ei.getType());
final IPortletEntity portletEntity = portletWindow.getPortletEntity();
final IPortletDefinition portletDefinition = portletEntity.getPortletDefinition();
if (!ap.canConfigure(portletDefinition.getPortletDefinitionId().getStringId())) {
logger.error("User {} attempted to use portlet {} in {} but lacks permission to use that mode. " + "THIS MAY BE AN ATTEMPT TO EXPLOIT A HISTORICAL SECURITY FLAW. " + "You should probably figure out who this user is and why they are trying to access " + "unauthorized portlet modes.", person.getUserName(), portletDefinition.getFName(), portletMode);
throw new AuthorizationException(person.getUserName() + " does not have permission to render '" + portletDefinition.getFName() + "' in " + portletMode + " PortletMode.");
}
}
}
}
use of javax.portlet.PortletMode in project uPortal by Jasig.
the class PortletWindowAttributeSource method getAdditionalAttributes.
@Override
public final Iterator<Attribute> getAdditionalAttributes(HttpServletRequest request, HttpServletResponse response, StartElement event) {
final QName eventName = event.getName();
final String localEventName = eventName.getLocalPart();
// Only pay attention to channel events
if (!IUserLayoutManager.CHANNEL.equals(localEventName)) {
return null;
}
final Tuple<IPortletWindow, StartElement> portletWindowAndElement = this.portletWindowRegistry.getPortletWindow(request, event);
if (portletWindowAndElement == null) {
this.logger.warn("No IPortletWindow could be found or created for element: " + event);
return null;
}
// Lookup the portlet window for the layout node
final IPortletWindow portletWindow = portletWindowAndElement.first;
// Create the attributes
final Collection<Attribute> attributes = new LinkedList<Attribute>();
// Add window state data
final WindowState windowState = getWindowState(request, portletWindow);
final Attribute windowStateAttribute = xmlEventFactory.createAttribute("windowState", windowState.toString());
attributes.add(windowStateAttribute);
// Add portlet mode data
final PortletMode portletMode = portletWindow.getPortletMode();
final Attribute portletModeAttribute = xmlEventFactory.createAttribute("portletMode", portletMode.toString());
attributes.add(portletModeAttribute);
return attributes.iterator();
}
use of javax.portlet.PortletMode in project uPortal by Jasig.
the class PortletDelegationDispatcherImpl method setupDelegateRequestInfo.
protected void setupDelegateRequestInfo(HttpServletRequest request, DelegationRequest delegationRequest) {
if (delegationRequest == null) {
return;
}
final DelegateState delegateState = delegationRequest.getDelegateState();
if (delegateState != null) {
final PortletMode portletMode = delegateState.getPortletMode();
if (portletMode != null) {
this.portletWindow.setPortletMode(portletMode);
}
final WindowState windowState = delegateState.getWindowState();
if (windowState != null) {
this.portletWindow.setWindowState(windowState);
}
}
final IPortletWindowId portletWindowId = this.portletWindow.getPortletWindowId();
// Store the DelegationRequest so it can be accessed elsewhere
this.portletDelegationManager.setDelegationRequest(request, portletWindowId, delegationRequest);
}
Aggregations