Search in sources :

Example 6 with PortletMode

use of javax.portlet.PortletMode in project uPortal by Jasig.

the class UrlSyntaxProviderImpl method parseLegacyPortalUrl.

protected IPortalRequestInfo parseLegacyPortalUrl(HttpServletRequest request, Map<String, String[]> parameterMap) {
    final PortalRequestInfoImpl portalRequestInfo = new PortalRequestInfoImpl();
    final String[] fname = parameterMap.remove(LEGACY_PARAM_PORTLET_FNAME);
    if (fname != null && fname.length > 0) {
        final IPortletWindow portletWindow = this.portletWindowRegistry.getOrCreateDefaultPortletWindowByFname(request, fname[0]);
        if (portletWindow != null) {
            logger.debug("Legacy fname parameter {} resolved to {}", fname[0], portletWindow);
            final IPortletWindowId portletWindowId = portletWindow.getPortletWindowId();
            portalRequestInfo.setTargetedPortletWindowId(portletWindowId);
            final PortletRequestInfoImpl portletRequestInfo = portalRequestInfo.getPortletRequestInfo(portletWindowId);
            // Check the portlet request type
            final String[] type = parameterMap.remove(LEGACY_PARAM_PORTLET_REQUEST_TYPE);
            if (type != null && type.length > 0 && "ACTION".equals(type[0])) {
                portalRequestInfo.setUrlType(UrlType.ACTION);
            }
            // Set the window state
            final String[] state = parameterMap.remove(LEGACY_PARAM_PORTLET_STATE);
            if (state != null && state.length > 0) {
                final WindowState windowState = PortletUtils.getWindowState(state[0]);
                // none of the other options make sense
                if (portalRequestInfo.getUrlType() == UrlType.ACTION || PATH_WINDOW_STATES.contains(windowState)) {
                    portletRequestInfo.setWindowState(windowState);
                }
            }
            // If no window state was set assume MAXIMIZED
            if (portletRequestInfo.getWindowState() == null) {
                portletRequestInfo.setWindowState(WindowState.MAXIMIZED);
            }
            // Set the portlet mode
            final String[] mode = parameterMap.remove(LEGACY_PARAM_PORTLET_MODE);
            if (mode != null && mode.length > 0) {
                final PortletMode portletMode = PortletUtils.getPortletMode(mode[0]);
                portletRequestInfo.setPortletMode(portletMode);
            }
            // Set the parameters
            final Map<String, List<String>> portletParameters = portletRequestInfo.getPortletParameters();
            for (final Map.Entry<String, String[]> parameterEntry : parameterMap.entrySet()) {
                final String prefixedName = parameterEntry.getKey();
                // If the parameter starts with the portlet param prefix
                if (prefixedName.startsWith(LEGACY_PARAM_PORTLET_PARAM_PREFX)) {
                    final String name = prefixedName.substring(LEGACY_PARAM_PORTLET_PARAM_PREFX.length());
                    portletParameters.put(name, Arrays.asList(parameterEntry.getValue()));
                }
            }
            // Set the url state based on the window state
            final UrlState urlState = this.determineUrlState(portletWindow, portletRequestInfo.getWindowState());
            portalRequestInfo.setUrlState(urlState);
        } else {
            logger.debug("Could not find portlet for legacy fname fname parameter {}", fname[0]);
        }
    }
    // Check root=uP_root
    final String[] root = parameterMap.remove(LEGACY_PARAM_LAYOUT_ROOT);
    if (root != null && root.length > 0) {
        if (LEGACY_PARAM_LAYOUT_ROOT_VALUE.equals(root[0])) {
            // Check uP_sparam=activeTab
            final String[] structParam = parameterMap.remove(LEGACY_PARAM_LAYOUT_STRUCT_PARAM);
            if (structParam != null && structParam.length > 0) {
                if (LEGACY_PARAM_LAYOUT_TAB_ID.equals(structParam[0])) {
                    // Get the active tab id
                    final String[] activeTabId = parameterMap.remove(LEGACY_PARAM_LAYOUT_TAB_ID);
                    if (activeTabId != null && activeTabId.length > 0) {
                        // Get the user's layout and do xpath for tab at index=activeTabId[0]
                        final IUserInstance userInstance = this.userInstanceManager.getUserInstance(request);
                        final IUserPreferencesManager preferencesManager = userInstance.getPreferencesManager();
                        final IUserLayoutManager userLayoutManager = preferencesManager.getUserLayoutManager();
                        final IUserLayout userLayout = userLayoutManager.getUserLayout();
                        final String nodeId = this.xpathOperations.doWithExpression("/layout/folder/folder[@type='regular' and @hidden='false'][position() = $activeTabId]/@ID", Collections.singletonMap("activeTabId", activeTabId[0]), new Function<XPathExpression, String>() {

                            @Override
                            public String apply(XPathExpression xPathExpression) {
                                return userLayout.findNodeId(xPathExpression);
                            }
                        });
                        // Found nodeId for activeTabId
                        if (nodeId != null) {
                            logger.debug("Found layout node {} for legacy activeTabId parameter {}", nodeId, activeTabId[0]);
                            portalRequestInfo.setTargetedLayoutNodeId(nodeId);
                        } else {
                            logger.debug("No layoout node found for legacy activeTabId parameter {}", activeTabId[0]);
                        }
                    }
                }
            }
        }
    }
    return portalRequestInfo;
}
Also used : WindowState(javax.portlet.WindowState) XPathExpression(javax.xml.xpath.XPathExpression) IUserLayout(org.apereo.portal.layout.IUserLayout) IPortletWindow(org.apereo.portal.portlet.om.IPortletWindow) PortletMode(javax.portlet.PortletMode) IUserInstance(org.apereo.portal.user.IUserInstance) LinkedList(java.util.LinkedList) List(java.util.List) IUserPreferencesManager(org.apereo.portal.IUserPreferencesManager) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) IUserLayoutManager(org.apereo.portal.layout.IUserLayoutManager) IPortletWindowId(org.apereo.portal.portlet.om.IPortletWindowId)

Example 7 with PortletMode

use of javax.portlet.PortletMode in project uPortal by Jasig.

the class PortletDelegationDispatcherImpl method doAction.

@Override
public DelegationActionResponse doAction(ActionRequest actionRequest, ActionResponse actionResponse, DelegationRequest delegationRequest) throws IOException {
    final HttpServletRequest request = this.portalRequestUtils.getPortletHttpRequest(actionRequest);
    final HttpServletResponse response = this.portalRequestUtils.getOriginalPortalResponse(actionRequest);
    // Sanity check that the dispatch is being called by the same user it was created for
    final IPerson person = this.personManager.getPerson(request);
    if (this.userId != person.getID()) {
        throw new IllegalStateException("This dispatcher was created for userId " + this.userId + " but is being executed for userId " + person.getID());
    }
    this.setupDelegateRequestInfo(request, delegationRequest);
    final IPortletWindowId portletWindowId = this.portletWindow.getPortletWindowId();
    try {
        // TODO canRender permission checks!
        this.portletRenderer.doAction(portletWindowId, request, response);
    } catch (RuntimeException e) {
        this.logger.error("Failed to execute action on delegate", e);
        throw e;
    }
    // Get the portal URL builders for this request and check if a redirect was sent
    final IPortalActionUrlBuilder portalActionUrlBuilder = this.portalUrlProvider.getPortalActionUrlBuilder(request);
    final String redirectLocation = portalActionUrlBuilder.getRedirectLocation();
    if (redirectLocation != null) {
        final String renderUrlParamName = portalActionUrlBuilder.getRenderUrlParamName();
        // clear out the redirect from the delegate, leave it up to the parent if the redirect
        // should happen
        portalActionUrlBuilder.setRedirectLocation(null, null);
        return new DelegationActionResponse(this.getDelegateState(), redirectLocation, renderUrlParamName);
    }
    // No redirect so get the portlet's url builder and copy the state-changing data into the
    // delegate response
    final IPortletUrlBuilder portletUrlBuilder = portalActionUrlBuilder.getPortletUrlBuilder(portletWindowId);
    final WindowState windowState = portletUrlBuilder.getWindowState();
    final PortletMode portletMode = portletUrlBuilder.getPortletMode();
    final Map<String, String[]> parameters = portletUrlBuilder.getParameters();
    return new DelegationActionResponse(this.getDelegateState(), portletMode, windowState, parameters);
}
Also used : WindowState(javax.portlet.WindowState) IPortletUrlBuilder(org.apereo.portal.url.IPortletUrlBuilder) HttpServletResponse(javax.servlet.http.HttpServletResponse) IPortalActionUrlBuilder(org.apereo.portal.url.IPortalActionUrlBuilder) DelegationActionResponse(org.apereo.portal.api.portlet.DelegationActionResponse) PortletMode(javax.portlet.PortletMode) HttpServletRequest(javax.servlet.http.HttpServletRequest) IPerson(org.apereo.portal.security.IPerson) IPortletWindowId(org.apereo.portal.portlet.om.IPortletWindowId)

Example 8 with PortletMode

use of javax.portlet.PortletMode in project uPortal by Jasig.

the class PortletRendererImpl method enforceConfigPermission.

/**
 * Enforces config mode access control. If requesting user does not have CONFIG permission, and
 * the PortletWindow specifies config mode, throws AuthorizationException. Otherwise does
 * nothing.
 *
 * @param httpServletRequest the non-null current HttpServletRequest (for determining requesting
 *     user)
 * @param portletWindow a non-null portlet window that might be in config mode
 * @throws AuthorizationException if the user is not permitted to access config mode yet portlet
 *     window specifies config mode
 * @throws java.lang.IllegalArgumentException if the request or window are null
 * @since 4.0.13.1, 4.0.14, 4.1.
 */
protected void enforceConfigPermission(final HttpServletRequest httpServletRequest, final IPortletWindow portletWindow) {
    Validate.notNull(httpServletRequest, "Servlet request must not be null to determine remote user.");
    Validate.notNull(portletWindow, "Portlet window must not be null to determine its mode.");
    final PortletMode portletMode = portletWindow.getPortletMode();
    if (portletMode != null) {
        if (IPortletRenderer.CONFIG.equals(portletMode)) {
            final IPerson person = this.personManager.getPerson(httpServletRequest);
            final EntityIdentifier ei = person.getEntityIdentifier();
            final AuthorizationServiceFacade authorizationServiceFacade = AuthorizationServiceFacade.instance();
            final IAuthorizationPrincipal ap = authorizationServiceFacade.newPrincipal(ei.getKey(), ei.getType());
            final IPortletEntity portletEntity = portletWindow.getPortletEntity();
            final IPortletDefinition portletDefinition = portletEntity.getPortletDefinition();
            if (!ap.canConfigure(portletDefinition.getPortletDefinitionId().getStringId())) {
                logger.error("User {} attempted to use portlet {} in {} but lacks permission to use that mode.  " + "THIS MAY BE AN ATTEMPT TO EXPLOIT A HISTORICAL SECURITY FLAW.  " + "You should probably figure out who this user is and why they are trying to access " + "unauthorized portlet modes.", person.getUserName(), portletDefinition.getFName(), portletMode);
                throw new AuthorizationException(person.getUserName() + " does not have permission to render '" + portletDefinition.getFName() + "' in " + portletMode + " PortletMode.");
            }
        }
    }
}
Also used : IPerson(org.apereo.portal.security.IPerson) AuthorizationServiceFacade(org.apereo.portal.services.AuthorizationServiceFacade) IPortletEntity(org.apereo.portal.portlet.om.IPortletEntity) AuthorizationException(org.apereo.portal.AuthorizationException) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) EntityIdentifier(org.apereo.portal.EntityIdentifier) PortletMode(javax.portlet.PortletMode) IPortletDefinition(org.apereo.portal.portlet.om.IPortletDefinition)

Example 9 with PortletMode

use of javax.portlet.PortletMode in project uPortal by Jasig.

the class PortletWindowAttributeSource method getAdditionalAttributes.

@Override
public final Iterator<Attribute> getAdditionalAttributes(HttpServletRequest request, HttpServletResponse response, StartElement event) {
    final QName eventName = event.getName();
    final String localEventName = eventName.getLocalPart();
    // Only pay attention to channel events
    if (!IUserLayoutManager.CHANNEL.equals(localEventName)) {
        return null;
    }
    final Tuple<IPortletWindow, StartElement> portletWindowAndElement = this.portletWindowRegistry.getPortletWindow(request, event);
    if (portletWindowAndElement == null) {
        this.logger.warn("No IPortletWindow could be found or created for element: " + event);
        return null;
    }
    // Lookup the portlet window for the layout node
    final IPortletWindow portletWindow = portletWindowAndElement.first;
    // Create the attributes
    final Collection<Attribute> attributes = new LinkedList<Attribute>();
    // Add window state data
    final WindowState windowState = getWindowState(request, portletWindow);
    final Attribute windowStateAttribute = xmlEventFactory.createAttribute("windowState", windowState.toString());
    attributes.add(windowStateAttribute);
    // Add portlet mode data
    final PortletMode portletMode = portletWindow.getPortletMode();
    final Attribute portletModeAttribute = xmlEventFactory.createAttribute("portletMode", portletMode.toString());
    attributes.add(portletModeAttribute);
    return attributes.iterator();
}
Also used : StartElement(javax.xml.stream.events.StartElement) WindowState(javax.portlet.WindowState) Attribute(javax.xml.stream.events.Attribute) QName(javax.xml.namespace.QName) IPortletWindow(org.apereo.portal.portlet.om.IPortletWindow) LinkedList(java.util.LinkedList) PortletMode(javax.portlet.PortletMode)

Example 10 with PortletMode

use of javax.portlet.PortletMode in project uPortal by Jasig.

the class PortletDelegationDispatcherImpl method setupDelegateRequestInfo.

protected void setupDelegateRequestInfo(HttpServletRequest request, DelegationRequest delegationRequest) {
    if (delegationRequest == null) {
        return;
    }
    final DelegateState delegateState = delegationRequest.getDelegateState();
    if (delegateState != null) {
        final PortletMode portletMode = delegateState.getPortletMode();
        if (portletMode != null) {
            this.portletWindow.setPortletMode(portletMode);
        }
        final WindowState windowState = delegateState.getWindowState();
        if (windowState != null) {
            this.portletWindow.setWindowState(windowState);
        }
    }
    final IPortletWindowId portletWindowId = this.portletWindow.getPortletWindowId();
    // Store the DelegationRequest so it can be accessed elsewhere
    this.portletDelegationManager.setDelegationRequest(request, portletWindowId, delegationRequest);
}
Also used : WindowState(javax.portlet.WindowState) DelegateState(org.apereo.portal.api.portlet.DelegateState) PortletMode(javax.portlet.PortletMode) IPortletWindowId(org.apereo.portal.portlet.om.IPortletWindowId)

Aggregations

PortletMode (javax.portlet.PortletMode)12 WindowState (javax.portlet.WindowState)11 IPortletWindowId (org.apereo.portal.portlet.om.IPortletWindowId)8 IPortletWindow (org.apereo.portal.portlet.om.IPortletWindow)6 List (java.util.List)3 LinkedList (java.util.LinkedList)2 Map (java.util.Map)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 DelegateState (org.apereo.portal.api.portlet.DelegateState)2 DelegationRequest (org.apereo.portal.api.portlet.DelegationRequest)2 IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)2 IPortletEntity (org.apereo.portal.portlet.om.IPortletEntity)2 IPerson (org.apereo.portal.security.IPerson)2 ImmutableList (com.google.common.collect.ImmutableList)1 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 LinkedHashMap (java.util.LinkedHashMap)1 PortletSession (javax.portlet.PortletSession)1 RenderRequest (javax.portlet.RenderRequest)1