Example 56 with ServiceException
use of org.broadleafcommerce.common.exception.ServiceException in project BroadleafCommerce by BroadleafCommerce.
the class IndexFieldCustomPersistenceHandler method remove.
@Override
public void remove(PersistencePackage persistencePackage, DynamicEntityDao dynamicEntityDao, RecordHelper helper) throws ServiceException {
Entity entity = persistencePackage.getEntity();
try {
PersistencePerspective persistencePerspective = persistencePackage.getPersistencePerspective();
Map<String, FieldMetadata> adminProperties = helper.getSimpleMergedProperties(IndexField.class.getName(), persistencePerspective);
Object primaryKey = helper.getPrimaryKey(entity, adminProperties);
Serializable instance = dynamicEntityDao.retrieve(Class.forName(entity.getType()[0]), primaryKey);
if (instance instanceof Status) {
((Status) instance).setArchived('Y');
dynamicEntityDao.merge(instance);
return;
}
} catch (Exception ex) {
throw new ServiceException("Unable to perform remove for entity: " + entity.getType()[0], ex);
}
super.remove(persistencePackage, dynamicEntityDao, helper);
}
Also used :
Status(org.broadleafcommerce.common.persistence.Status)
Entity(org.broadleafcommerce.openadmin.dto.Entity)
Serializable(java.io.Serializable)
FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata)
PersistencePerspective(org.broadleafcommerce.openadmin.dto.PersistencePerspective)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
CriteriaTransferObject(org.broadleafcommerce.openadmin.dto.CriteriaTransferObject)
IndexField(org.broadleafcommerce.core.search.domain.IndexField)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
Example 57 with ServiceException
use of org.broadleafcommerce.common.exception.ServiceException in project BroadleafCommerce by BroadleafCommerce.
the class IndexFieldCustomPersistenceHandler method add.
@Override
public Entity add(PersistencePackage persistencePackage, DynamicEntityDao dynamicEntityDao, RecordHelper helper) throws ServiceException {
Entity entity = persistencePackage.getEntity();
try {
PersistencePerspective persistencePerspective = persistencePackage.getPersistencePerspective();
IndexField adminInstance = (IndexField) Class.forName(entity.getType()[0]).newInstance();
Map<String, FieldMetadata> adminProperties = helper.getSimpleMergedProperties(IndexField.class.getName(), persistencePerspective);
return getEntity(persistencePackage, dynamicEntityDao, helper, entity, adminProperties, adminInstance);
} catch (Exception e) {
throw new ServiceException("Unable to perform add for entity: " + IndexField.class.getName(), e);
}
}
Also used :
Entity(org.broadleafcommerce.openadmin.dto.Entity)
FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata)
PersistencePerspective(org.broadleafcommerce.openadmin.dto.PersistencePerspective)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
IndexField(org.broadleafcommerce.core.search.domain.IndexField)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
Example 58 with ServiceException
use of org.broadleafcommerce.common.exception.ServiceException in project BroadleafCommerce by BroadleafCommerce.
the class FormBuilderServiceImpl method setReadOnlyState.
/**
* The given <b>entityForm</b> is marked as readonly for the following cases:
* <ol>
* <li>All of the properties from <b>cmd</b> are readonly</b></li>
* <li>The user does not have the security to {@link EntityOperationType#UPDATE} the given class name represented by
* the <b>entityForm</b> (determined by {@link #getSecurityClassname(EntityForm, ClassMetadata)})</li>
* <li>The user does not have the security necessary to modify the given <b>entity</b> according to the
* {@link RowLevelSecurityService#canUpdate(AdminUser, Entity)}</li>
* </ol>
*
* @param entityForm the form being generated
* @param cmd the metatadata used to build the <b>entityForm</b> for the <b>entity</b>
* @param entity the entity being edited
* @see {@link SecurityVerifier#securityCheck(String, EntityOperationType)}
* @see {@link #getSecurityClassname(EntityForm, ClassMetadata)}
* @see {@link RowLevelSecurityService#canUpdate(AdminUser, Entity)}
*/
protected void setReadOnlyState(EntityForm entityForm, ClassMetadata cmd, Entity entity) {
boolean readOnly = true;
// If all of the fields are read only, we'll mark the form as such
for (Property property : cmd.getProperties()) {
FieldMetadata fieldMetadata = property.getMetadata();
if (fieldMetadata instanceof BasicFieldMetadata) {
readOnly = ((BasicFieldMetadata) fieldMetadata).getReadOnly() != null && ((BasicFieldMetadata) fieldMetadata).getReadOnly();
if (!readOnly) {
break;
}
} else {
readOnly = ((CollectionMetadata) fieldMetadata).isMutable();
if (!readOnly) {
break;
}
}
}
if (!readOnly) {
// If the user does not have edit permissions, we will go ahead and make the form read only to prevent confusion
try {
String securityEntityClassname = getSecurityClassname(entityForm, cmd);
adminRemoteSecurityService.securityCheck(securityEntityClassname, EntityOperationType.UPDATE);
} catch (ServiceException e) {
if (e instanceof SecurityServiceException) {
readOnly = true;
}
}
}
// are not readonly, then check the row-level security
if (!readOnly) {
readOnly = !rowLevelSecurityService.canUpdate(adminRemoteSecurityService.getPersistentAdminUser(), entity);
}
if (readOnly) {
entityForm.setReadOnly();
// If someone has replaced RowLevelSecurityService, check here to make sure the replacement implements the expected interface
if (rowLevelSecurityService instanceof ExceptionAwareRowLevelSecurityProvider) {
EntityFormModifierConfiguration entityFormModifierConfiguration = ((ExceptionAwareRowLevelSecurityProvider) rowLevelSecurityService).getUpdateDenialExceptions();
for (EntityFormModifierData<EntityFormModifierDataPoint> data : entityFormModifierConfiguration.getData()) {
for (EntityFormModifier modifier : entityFormModifierConfiguration.getModifier()) {
if (modifier.isQualified(data.getModifierType())) {
modifier.modifyEntityForm(new EntityFormModifierRequest().withEntityForm(entityForm).withConfiguration(data).withCurrentUser(adminRemoteSecurityService.getPersistentAdminUser()).withEntity(entity).withRowLevelSecurityService(rowLevelSecurityService));
}
}
}
}
}
}
Also used :
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata)
BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)
EntityFormModifierDataPoint(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierDataPoint)
EntityFormModifier(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifier)
EntityFormModifierConfiguration(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierConfiguration)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
BasicFieldMetadata(org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)
EntityFormModifierRequest(org.broadleafcommerce.openadmin.server.security.service.EntityFormModifierRequest)
ExceptionAwareRowLevelSecurityProvider(org.broadleafcommerce.openadmin.server.security.service.ExceptionAwareRowLevelSecurityProvider)
Property(org.broadleafcommerce.openadmin.dto.Property)
Example 59 with ServiceException
use of org.broadleafcommerce.common.exception.ServiceException in project BroadleafCommerce by BroadleafCommerce.
the class AdminSecurityFilter method doFilter.
@Override
public void doFilter(ServletRequest baseRequest, ServletResponse baseResponse, FilterChain chain) throws IOException, ServletException {
try {
super.doFilter(baseRequest, baseResponse, chain);
} catch (ServletException e) {
if (e.getCause() instanceof StaleStateServiceException) {
LOG.debug("Stale state detected", e);
((HttpServletResponse) baseResponse).setStatus(HttpServletResponse.SC_CONFLICT);
baseResponse.getWriter().write("Stale State Detected\n");
baseResponse.getWriter().write(e.getMessage() + "\n");
} else if (e.getCause() instanceof ServiceException) {
HttpServletRequest baseHttpRequest = (HttpServletRequest) baseRequest;
// if authentication is null and CSRF token is invalid, must be session time out
if (SecurityContextHolder.getContext().getAuthentication() == null && failureHandler != null) {
baseHttpRequest.setAttribute("sessionTimeout", true);
failureHandler.onAuthenticationFailure((HttpServletRequest) baseRequest, (HttpServletResponse) baseResponse, new SessionAuthenticationException("Session Time Out"));
} else {
throw e;
}
} else {
throw e;
}
}
}
Also used :
ServletException(javax.servlet.ServletException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SessionAuthenticationException(org.springframework.security.web.authentication.session.SessionAuthenticationException)
StaleStateServiceException(org.broadleafcommerce.common.security.service.StaleStateServiceException)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
StaleStateServiceException(org.broadleafcommerce.common.security.service.StaleStateServiceException)
Example 60 with ServiceException
use of org.broadleafcommerce.common.exception.ServiceException in project BroadleafCommerce by BroadleafCommerce.
the class CsrfFilter method doFilter.
@Override
public void doFilter(ServletRequest baseRequest, ServletResponse baseResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) baseRequest;
HttpServletResponse response = (HttpServletResponse) baseResponse;
boolean excludedRequestFound = false;
if (excludedRequestPatterns != null && excludedRequestPatterns.size() > 0) {
for (String pattern : excludedRequestPatterns) {
RequestMatcher matcher = new AntPathRequestMatcher(pattern);
if (matcher.matches(request)) {
excludedRequestFound = true;
break;
}
}
}
// We only validate CSRF tokens on POST
if (request.getMethod().equals("POST") && !excludedRequestFound) {
String requestToken = request.getParameter(exploitProtectionService.getCsrfTokenParameter());
try {
exploitProtectionService.compareToken(requestToken);
} catch (ServiceException e) {
throw new ServletException(e);
}
}
chain.doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
ServiceException(org.broadleafcommerce.common.exception.ServiceException)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Aggregations
ServiceException (org.broadleafcommerce.common.exception.ServiceException)77
Entity (org.broadleafcommerce.openadmin.dto.Entity)46
FieldMetadata (org.broadleafcommerce.openadmin.dto.FieldMetadata)44
PersistencePerspective (org.broadleafcommerce.openadmin.dto.PersistencePerspective)39
BasicFieldMetadata (org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)25
InvocationTargetException (java.lang.reflect.InvocationTargetException)19
SecurityServiceException (org.broadleafcommerce.common.exception.SecurityServiceException)17
ValidationException (org.broadleafcommerce.openadmin.server.service.ValidationException)16
Serializable (java.io.Serializable)15
DynamicResultSet (org.broadleafcommerce.openadmin.dto.DynamicResultSet)14
CriteriaTransferObject (org.broadleafcommerce.openadmin.dto.CriteriaTransferObject)13
Property (org.broadleafcommerce.openadmin.dto.Property)12
ArrayList (java.util.ArrayList)11
HashMap (java.util.HashMap)11
Map (java.util.Map)11
AdminMainEntity (org.broadleafcommerce.common.admin.domain.AdminMainEntity)9
ForeignKey (org.broadleafcommerce.openadmin.dto.ForeignKey)9
StreamCapableTransactionalOperationAdapter (org.broadleafcommerce.common.util.StreamCapableTransactionalOperationAdapter)6
Sku (org.broadleafcommerce.core.catalog.domain.Sku)6
ClassMetadata (org.broadleafcommerce.openadmin.dto.ClassMetadata)6
