Example 1 with HaltFilterChainException
use of org.broadleafcommerce.common.web.exception.HaltFilterChainException in project BroadleafCommerce by BroadleafCommerce.
the class BroadleafRequestProcessor method process.
@Override
public void process(WebRequest request) {
BroadleafRequestContext brc = new BroadleafRequestContext();
brc.getAdditionalProperties().putAll(entityExtensionManagers);
Site site = siteResolver.resolveSite(request);
brc.setNonPersistentSite(site);
brc.setWebRequest(request);
if (site == null) {
brc.setIgnoreSite(true);
}
brc.setAdmin(false);
if (siteStrictValidateProductionChanges) {
brc.setValidateProductionChangesState(ValidateProductionChangesState.SITE);
} else {
brc.setValidateProductionChangesState(ValidateProductionChangesState.UNDEFINED);
}
BroadleafRequestContext.setBroadleafRequestContext(brc);
Locale locale = localeResolver.resolveLocale(request);
brc.setLocale(locale);
TimeZone timeZone = broadleafTimeZoneResolver.resolveTimeZone(request);
BroadleafRequestedCurrencyDto currencyDto = currencyResolver.resolveCurrency(request);
// Assumes BroadleafProcess
RequestDTO requestDTO = (RequestDTO) request.getAttribute(REQUEST_DTO_PARAM_NAME, WebRequest.SCOPE_REQUEST);
if (requestDTO == null) {
requestDTO = new RequestDTOImpl(request);
}
SandBox currentSandbox = sandboxResolver.resolveSandBox(request, site);
// When a user elects to switch his sandbox, we want to invalidate the current session. We'll then redirect the
// user to the current URL so that the configured filters trigger again appropriately.
Boolean reprocessRequest = (Boolean) request.getAttribute(BroadleafRequestProcessor.REPROCESS_PARAM_NAME, WebRequest.SCOPE_REQUEST);
if (reprocessRequest != null && reprocessRequest) {
LOG.debug("Reprocessing request");
if (request instanceof ServletWebRequest) {
HttpServletRequest hsr = ((ServletWebRequest) request).getRequest();
clearBroadleafSessionAttrs(request);
StringBuffer url = hsr.getRequestURL();
HttpServletResponse response = ((ServletWebRequest) request).getResponse();
try {
if (!isUrlValid(url.toString())) {
LOG.error("SECURITY FAILURE Bad redirect location: " + StringUtil.sanitize(url.toString()));
response.sendError(403);
return;
}
String sandboxId = hsr.getParameter(SANDBOX_ID_PARAM);
if (isSandboxIdValid(sandboxId)) {
String queryString = "?" + SANDBOX_ID_PARAM + "=" + sandboxId;
url.append(queryString);
}
response.sendRedirect(url.toString());
} catch (IOException e) {
throw new RuntimeException(e);
}
throw new HaltFilterChainException("Reprocess required, redirecting user");
}
}
if (!siteDisableSandboxPreview && currentSandbox != null) {
SandBoxContext previewSandBoxContext = new SandBoxContext();
previewSandBoxContext.setSandBoxId(currentSandbox.getId());
previewSandBoxContext.setPreviewMode(true);
SandBoxContext.setSandBoxContext(previewSandBoxContext);
}
if (currencyDto != null) {
brc.setBroadleafCurrency(currencyDto.getCurrencyToUse());
brc.setRequestedBroadleafCurrency(currencyDto.getRequestedCurrency());
}
// is used in a different session that it was initiated in. see QA#2576
if (currentSandbox != null && currentSandbox.getChildSandBoxes() != null) {
currentSandbox.getChildSandBoxes().size();
}
brc.setSandBox(currentSandbox);
brc.setDeployBehavior(deployBehaviorUtil.isProductionSandBoxMode() ? DeployBehavior.CLONE_PARENT : DeployBehavior.OVERWRITE_PARENT);
// Note that this must happen after the request context is set up as resolving a theme is dependent on site
Theme theme = themeResolver.resolveTheme(request);
brc.setTheme(theme);
brc.setMessageSource(messageSource);
brc.setTimeZone(timeZone);
brc.setRequestDTO(requestDTO);
Map<String, Object> ruleMap = (Map<String, Object>) request.getAttribute("blRuleMap", WebRequest.SCOPE_REQUEST);
if (ruleMap == null) {
LOG.trace("Creating ruleMap and adding in Locale.");
ruleMap = new HashMap<String, Object>();
request.setAttribute("blRuleMap", ruleMap, WebRequest.SCOPE_REQUEST);
} else {
LOG.trace("Using pre-existing ruleMap - added by non standard BLC process.");
}
ruleMap.put("locale", locale);
String adminUserId = request.getParameter(BroadleafRequestFilter.ADMIN_USER_ID_PARAM_NAME);
if (StringUtils.isNotBlank(adminUserId)) {
// TODO: Add token logic to secure the admin user id
brc.setAdminUserId(Long.parseLong(adminUserId));
}
}
Also used :
Site(org.broadleafcommerce.common.site.domain.Site)
Locale(org.broadleafcommerce.common.locale.domain.Locale)
SandBox(org.broadleafcommerce.common.sandbox.domain.SandBox)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
BroadleafRequestedCurrencyDto(org.broadleafcommerce.common.currency.domain.BroadleafRequestedCurrencyDto)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
TimeZone(java.util.TimeZone)
RequestDTOImpl(org.broadleafcommerce.common.RequestDTOImpl)
HaltFilterChainException(org.broadleafcommerce.common.web.exception.HaltFilterChainException)
RequestDTO(org.broadleafcommerce.common.RequestDTO)
Theme(org.broadleafcommerce.common.site.domain.Theme)
ServletWebRequest(org.springframework.web.context.request.ServletWebRequest)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 2 with HaltFilterChainException
use of org.broadleafcommerce.common.web.exception.HaltFilterChainException in project BroadleafCommerce by BroadleafCommerce.
the class BroadleafRequestFilter method doFilterInternalUnlessIgnored.
@Override
protected void doFilterInternalUnlessIgnored(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
if (!shouldProcessURL(request, request.getRequestURI())) {
if (LOG.isTraceEnabled()) {
LOG.trace(String.format("%s not processing URL %s", getClass().getName(), request.getRequestURI()));
}
filterChain.doFilter(request, response);
return;
}
if (LOG.isTraceEnabled()) {
String requestURIWithoutContext;
if (request.getContextPath() != null) {
requestURIWithoutContext = request.getRequestURI().substring(request.getContextPath().length());
} else {
requestURIWithoutContext = request.getRequestURI();
}
// Remove JSESSION-ID or other modifiers
int pos = requestURIWithoutContext.indexOf(";");
if (pos >= 0) {
requestURIWithoutContext = requestURIWithoutContext.substring(0, pos);
}
LOG.trace("Process URL Filter Begin " + requestURIWithoutContext);
}
if (request.getAttribute(REQUEST_DTO_PARAM_NAME) == null) {
request.setAttribute(REQUEST_DTO_PARAM_NAME, new RequestDTOImpl(request));
}
try {
requestProcessor.process(new ServletWebRequest(request, response));
filterChain.doFilter(request, response);
} catch (HaltFilterChainException e) {
return;
} catch (SiteNotFoundException e) {
LOG.warn("Could not resolve a site for the given request, returning not found");
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
} finally {
requestProcessor.postProcess(new ServletWebRequest(request, response));
}
}
Also used :
RequestDTOImpl(org.broadleafcommerce.common.RequestDTOImpl)
HaltFilterChainException(org.broadleafcommerce.common.web.exception.HaltFilterChainException)
ServletWebRequest(org.springframework.web.context.request.ServletWebRequest)
SiteNotFoundException(org.broadleafcommerce.common.exception.SiteNotFoundException)
Aggregations
RequestDTOImpl (org.broadleafcommerce.common.RequestDTOImpl)2
HaltFilterChainException (org.broadleafcommerce.common.web.exception.HaltFilterChainException)2
ServletWebRequest (org.springframework.web.context.request.ServletWebRequest)2
IOException (java.io.IOException)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
TimeZone (java.util.TimeZone)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
RequestDTO (org.broadleafcommerce.common.RequestDTO)1
BroadleafRequestedCurrencyDto (org.broadleafcommerce.common.currency.domain.BroadleafRequestedCurrencyDto)1
SiteNotFoundException (org.broadleafcommerce.common.exception.SiteNotFoundException)1
Locale (org.broadleafcommerce.common.locale.domain.Locale)1
SandBox (org.broadleafcommerce.common.sandbox.domain.SandBox)1
Site (org.broadleafcommerce.common.site.domain.Site)1
Theme (org.broadleafcommerce.common.site.domain.Theme)1
