Search in sources :

Example 61 with ServiceException

use of org.broadleafcommerce.common.exception.ServiceException in project BroadleafCommerce by BroadleafCommerce.

the class SecurityFilter method doFilter.

@Override
public void doFilter(ServletRequest baseRequest, ServletResponse baseResponse, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) baseRequest;
    HttpServletResponse response = (HttpServletResponse) baseResponse;
    boolean excludedRequestFound = false;
    if (excludedRequestPatterns != null && excludedRequestPatterns.size() > 0) {
        for (String pattern : excludedRequestPatterns) {
            RequestMatcher matcher = new AntPathRequestMatcher(pattern);
            if (matcher.matches(request)) {
                excludedRequestFound = true;
                break;
            }
        }
    }
    // We only validate CSRF tokens on POST
    if (request.getMethod().equals("POST") && !excludedRequestFound) {
        String requestToken = request.getParameter(exploitProtectionService.getCsrfTokenParameter());
        try {
            exploitProtectionService.compareToken(requestToken);
        } catch (ServiceException e) {
            throw new ServletException(e);
        }
    }
    if (staleStateProtectionService.isEnabled()) {
        // Catch attempts to update form data from a stale page (i.e. a important state change has taken place for this session)
        if (request.getMethod().equals("POST") && !excludedRequestFound) {
            String requestToken = request.getParameter(staleStateProtectionService.getStateVersionTokenParameter());
            try {
                staleStateProtectionService.compareToken(requestToken);
            } catch (StaleStateServiceException e) {
                throw new ServletException(e);
            }
        }
    }
    chain.doFilter(request, response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) StaleStateServiceException(org.broadleafcommerce.common.security.service.StaleStateServiceException) ServiceException(org.broadleafcommerce.common.exception.ServiceException) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) HttpServletResponse(javax.servlet.http.HttpServletResponse) StaleStateServiceException(org.broadleafcommerce.common.security.service.StaleStateServiceException)

Example 62 with ServiceException

use of org.broadleafcommerce.common.exception.ServiceException in project BroadleafCommerce by BroadleafCommerce.

the class ExploitProtectionServiceImpl method getCSRFToken.

@Override
public String getCSRFToken() throws ServiceException {
    // If using any request wrapper (e.g. Spring Session) on site, we'll need to return the decorated instance.
    HttpServletRequest request = BroadleafRequestContext.getBroadleafRequestContext().getRequest();
    if (request == null) {
        // in the case of the admin, the brc is not used, so fallback to Spring's request context holder
        request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
    }
    if (BLCRequestUtils.isOKtoUseSession(new ServletWebRequest(request))) {
        HttpSession session = request.getSession();
        String token = (String) session.getAttribute(CSRFTOKEN);
        if (StringUtils.isEmpty(token)) {
            try {
                token = RandomGenerator.generateRandomId("SHA1PRNG", 32);
            } catch (NoSuchAlgorithmException e) {
                LOG.error("Unable to generate random number", e);
                throw new ServiceException("Unable to generate random number", e);
            }
            session.setAttribute(CSRFTOKEN, token);
        }
        return token;
    }
    return null;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServiceException(org.broadleafcommerce.common.exception.ServiceException) HttpSession(javax.servlet.http.HttpSession) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ServletWebRequest(org.springframework.web.context.request.ServletWebRequest)

Example 63 with ServiceException

use of org.broadleafcommerce.common.exception.ServiceException in project BroadleafCommerce by BroadleafCommerce.

the class AdminPermissionCustomPersistenceHandler method update.

@Override
public Entity update(PersistencePackage persistencePackage, DynamicEntityDao dynamicEntityDao, RecordHelper helper) throws ServiceException {
    Entity entity = checkPermissionName(persistencePackage);
    try {
        PersistencePerspective persistencePerspective = persistencePackage.getPersistencePerspective();
        Map<String, FieldMetadata> adminProperties = helper.getSimpleMergedProperties(AdminPermission.class.getName(), persistencePerspective);
        Object primaryKey = helper.getPrimaryKey(entity, adminProperties);
        AdminPermission adminInstance = (AdminPermission) dynamicEntityDao.retrieve(Class.forName(entity.getType()[0]), primaryKey);
        adminInstance = (AdminPermission) helper.createPopulatedInstance(adminInstance, entity, adminProperties, false);
        adminInstance = dynamicEntityDao.merge(adminInstance);
        Entity adminEntity = helper.getRecord(adminProperties, adminInstance, null, null);
        return adminEntity;
    } catch (Exception e) {
        throw new ServiceException("Unable to update entity for " + entity.getType()[0], e);
    }
}
Also used : Entity(org.broadleafcommerce.openadmin.dto.Entity) FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata) PersistencePerspective(org.broadleafcommerce.openadmin.dto.PersistencePerspective) ServiceException(org.broadleafcommerce.common.exception.ServiceException) AdminPermission(org.broadleafcommerce.openadmin.server.security.domain.AdminPermission) CriteriaTransferObject(org.broadleafcommerce.openadmin.dto.CriteriaTransferObject) ServiceException(org.broadleafcommerce.common.exception.ServiceException)

Example 64 with ServiceException

use of org.broadleafcommerce.common.exception.ServiceException in project BroadleafCommerce by BroadleafCommerce.

the class AdminPermissionCustomPersistenceHandler method add.

@Override
public Entity add(PersistencePackage persistencePackage, DynamicEntityDao dynamicEntityDao, RecordHelper helper) throws ServiceException {
    if (persistencePackage.getEntity().findProperty("id") != null && !StringUtils.isEmpty(persistencePackage.getEntity().findProperty("id").getValue())) {
        return update(persistencePackage, dynamicEntityDao, helper);
    }
    Entity entity = checkPermissionName(persistencePackage);
    try {
        PersistencePerspective persistencePerspective = persistencePackage.getPersistencePerspective();
        AdminPermission adminInstance = (AdminPermission) Class.forName(entity.getType()[0]).newInstance();
        Map<String, FieldMetadata> adminProperties = helper.getSimpleMergedProperties(AdminPermission.class.getName(), persistencePerspective);
        adminInstance = (AdminPermission) helper.createPopulatedInstance(adminInstance, entity, adminProperties, false);
        adminInstance = dynamicEntityDao.merge(adminInstance);
        Entity adminEntity = helper.getRecord(adminProperties, adminInstance, null, null);
        return adminEntity;
    } catch (Exception e) {
        throw new ServiceException("Unable to add entity for " + entity.getType()[0], e);
    }
}
Also used : Entity(org.broadleafcommerce.openadmin.dto.Entity) FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata) PersistencePerspective(org.broadleafcommerce.openadmin.dto.PersistencePerspective) ServiceException(org.broadleafcommerce.common.exception.ServiceException) AdminPermission(org.broadleafcommerce.openadmin.server.security.domain.AdminPermission) ServiceException(org.broadleafcommerce.common.exception.ServiceException)

Example 65 with ServiceException

use of org.broadleafcommerce.common.exception.ServiceException in project BroadleafCommerce by BroadleafCommerce.

the class AdminUserCustomPersistenceHandler method update.

@Override
public Entity update(PersistencePackage persistencePackage, DynamicEntityDao dynamicEntityDao, RecordHelper helper) throws ServiceException {
    Entity entity = persistencePackage.getEntity();
    try {
        PersistencePerspective persistencePerspective = persistencePackage.getPersistencePerspective();
        Map<String, FieldMetadata> adminProperties = helper.getSimpleMergedProperties(AdminUser.class.getName(), persistencePerspective);
        Object primaryKey = helper.getPrimaryKey(entity, adminProperties);
        AdminUser adminInstance = (AdminUser) dynamicEntityDao.retrieve(Class.forName(entity.getType()[0]), primaryKey);
        Entity errorEntity = validateLegalUsernameAndEmail(entity, adminInstance, false);
        if (errorEntity != null) {
            return errorEntity;
        }
        String passwordBefore = adminInstance.getPassword();
        adminInstance.setPassword(null);
        adminInstance = (AdminUser) helper.createPopulatedInstance(adminInstance, entity, adminProperties, false);
        Property passwordProperty = entity.getPMap().get("password");
        if (passwordProperty != null) {
            if (StringUtils.isNotEmpty(passwordProperty.getValue())) {
                adminInstance.setUnencodedPassword(passwordProperty.getValue());
                adminInstance.setPassword(null);
            } else {
                adminInstance.setPassword(passwordBefore);
            }
        }
        validateUserUpdateSecurity(persistencePackage, adminInstance);
        adminInstance = adminSecurityService.saveAdminUser(adminInstance);
        Entity adminEntity = helper.getRecord(adminProperties, adminInstance, null, null);
        return adminEntity;
    } catch (Exception e) {
        throw new ServiceException("Unable to update entity for " + entity.getType()[0], e);
    }
}
Also used : Entity(org.broadleafcommerce.openadmin.dto.Entity) FieldMetadata(org.broadleafcommerce.openadmin.dto.FieldMetadata) PersistencePerspective(org.broadleafcommerce.openadmin.dto.PersistencePerspective) ServiceException(org.broadleafcommerce.common.exception.ServiceException) AdminUser(org.broadleafcommerce.openadmin.server.security.domain.AdminUser) BLCSystemProperty(org.broadleafcommerce.common.util.BLCSystemProperty) Property(org.broadleafcommerce.openadmin.dto.Property) ServiceException(org.broadleafcommerce.common.exception.ServiceException) ValidationException(org.broadleafcommerce.openadmin.server.service.ValidationException)

Aggregations

ServiceException (org.broadleafcommerce.common.exception.ServiceException)77 Entity (org.broadleafcommerce.openadmin.dto.Entity)46 FieldMetadata (org.broadleafcommerce.openadmin.dto.FieldMetadata)44 PersistencePerspective (org.broadleafcommerce.openadmin.dto.PersistencePerspective)39 BasicFieldMetadata (org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)25 InvocationTargetException (java.lang.reflect.InvocationTargetException)19 SecurityServiceException (org.broadleafcommerce.common.exception.SecurityServiceException)17 ValidationException (org.broadleafcommerce.openadmin.server.service.ValidationException)16 Serializable (java.io.Serializable)15 DynamicResultSet (org.broadleafcommerce.openadmin.dto.DynamicResultSet)14 CriteriaTransferObject (org.broadleafcommerce.openadmin.dto.CriteriaTransferObject)13 Property (org.broadleafcommerce.openadmin.dto.Property)12 ArrayList (java.util.ArrayList)11 HashMap (java.util.HashMap)11 Map (java.util.Map)11 AdminMainEntity (org.broadleafcommerce.common.admin.domain.AdminMainEntity)9 ForeignKey (org.broadleafcommerce.openadmin.dto.ForeignKey)9 StreamCapableTransactionalOperationAdapter (org.broadleafcommerce.common.util.StreamCapableTransactionalOperationAdapter)6 Sku (org.broadleafcommerce.core.catalog.domain.Sku)6 ClassMetadata (org.broadleafcommerce.openadmin.dto.ClassMetadata)6