Example 1 with IApplicationObjectService
use of org.cerberus.crud.service.IApplicationObjectService in project cerberus-source by cerberustesting.
the class UpdateApplicationObject method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
String charset = request.getCharacterEncoding();
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
Map<String, String> fileData = new HashMap<String, String>();
FileItem file = null;
FileItemFactory factory = new DiskFileItemFactory();
ServletFileUpload upload = new ServletFileUpload(factory);
try {
List<FileItem> fields = upload.parseRequest(request);
Iterator<FileItem> it = fields.iterator();
if (!it.hasNext()) {
return;
}
while (it.hasNext()) {
FileItem fileItem = it.next();
boolean isFormField = fileItem.isFormField();
if (isFormField) {
fileData.put(fileItem.getFieldName(), fileItem.getString("UTF-8"));
} else {
file = fileItem;
}
}
} catch (FileUploadException e) {
e.printStackTrace();
}
/**
* Parsing and securing all required parameters.
*/
// Parameter that are already controled by GUI (no need to decode) --> We SECURE them
// Parameter that needs to be secured --> We SECURE+DECODE them
String application = ParameterParserUtil.parseStringParamAndDecode(fileData.get("application"), null, charset);
String object = ParameterParserUtil.parseStringParamAndDecode(fileData.get("object"), null, charset);
String value = ParameterParserUtil.parseStringParam(fileData.get("value"), null);
String usrmodif = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getRemoteUser(), "", charset);
String datemodif = new Timestamp(new java.util.Date().getTime()).toString();
// Parameter that we cannot secure as we need the html --> We DECODE them
// Getting list of application from JSON Call
// Prepare the final answer.
MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK);
Answer finalAnswer = new Answer(msg1);
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(application)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Update").replace("%REASON%", "Application name (applicationobject) is missing."));
ans.setResultMessage(msg);
} else if (StringUtil.isNullOrEmpty(object)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Update").replace("%REASON%", "Object name (applicationobject) is missing."));
ans.setResultMessage(msg);
} else {
/**
* All data seems cleans so we can call the services.
*/
IApplicationObjectService applicationObjectService = appContext.getBean(IApplicationObjectService.class);
AnswerItem resp = applicationObjectService.readByKey(application, object);
if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
/**
* Object could not be found. We stop here and report the error.
*/
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) resp);
} else {
/**
* The service was able to perform the query and confirm the
* object exist, then we can update it.
*/
ApplicationObject applicationData = (ApplicationObject) resp.getItem();
String fileName = applicationData.getScreenShotFileName();
if (file != null) {
ans = applicationObjectService.uploadFile(applicationData.getID(), file);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
fileName = file.getName();
}
}
applicationData.setValue(value);
applicationData.setScreenShotFileName(fileName);
applicationData.setUsrModif(usrmodif);
applicationData.setDateModif(datemodif);
ans = applicationObjectService.update(applicationData.getApplication(), applicationData.getObject(), applicationData);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Update was successful. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/UpdateApplication", "UPDATE", "Updated Application : ['" + application + "']", request);
}
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", finalAnswer.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Also used :
MessageEvent(org.cerberus.engine.entity.MessageEvent)
ApplicationObject(org.cerberus.crud.entity.ApplicationObject)
ILogEventService(org.cerberus.crud.service.ILogEventService)
LogEventService(org.cerberus.crud.service.impl.LogEventService)
IApplicationObjectService(org.cerberus.crud.service.IApplicationObjectService)
DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory)
Timestamp(java.sql.Timestamp)
AnswerItem(org.cerberus.util.answer.AnswerItem)
FileItemFactory(org.apache.commons.fileupload.FileItemFactory)
DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory)
Answer(org.cerberus.util.answer.Answer)
FileItem(org.apache.commons.fileupload.FileItem)
ApplicationContext(org.springframework.context.ApplicationContext)
ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload)
JSONObject(org.json.JSONObject)
java.util(java.util)
ILogEventService(org.cerberus.crud.service.ILogEventService)
FileUploadException(org.apache.commons.fileupload.FileUploadException)
Example 2 with IApplicationObjectService
use of org.cerberus.crud.service.IApplicationObjectService in project cerberus-source by cerberustesting.
the class DeleteApplicationObject method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
String application = policy.sanitize(request.getParameter("application"));
String object = policy.sanitize(request.getParameter("object"));
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(application)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Delete").replace("%REASON%", "Application name is missing!"));
ans.setResultMessage(msg);
} else if (StringUtil.isNullOrEmpty(object)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Delete").replace("%REASON%", "Object name is missing!"));
ans.setResultMessage(msg);
} else {
/**
* All data seems cleans so we can call the services.
*/
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IApplicationObjectService applicationObjectService = appContext.getBean(IApplicationObjectService.class);
AnswerItem resp = applicationObjectService.readByKey(application, object);
if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
/**
* Object could not be found. We stop here and report the error.
*/
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Delete").replace("%REASON%", "Application Object does not exist."));
ans.setResultMessage(msg);
} else {
/**
* The service was able to perform the query and confirm the
* object exist, then we can delete it.
*/
ApplicationObject applicationData = (ApplicationObject) resp.getItem();
ans = applicationObjectService.delete(applicationData);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Delete was successful. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/DeleteApplication", "DELETE", "Delete Application Object: ['" + application + "','" + object + "']", request);
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", ans.getResultMessage().getDescription());
response.getWriter().print(jsonResponse.toString());
response.getWriter().flush();
}
Also used :
Answer(org.cerberus.util.answer.Answer)
ApplicationContext(org.springframework.context.ApplicationContext)
JSONObject(org.json.JSONObject)
PolicyFactory(org.owasp.html.PolicyFactory)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
ApplicationObject(org.cerberus.crud.entity.ApplicationObject)
ILogEventService(org.cerberus.crud.service.ILogEventService)
LogEventService(org.cerberus.crud.service.impl.LogEventService)
IApplicationObjectService(org.cerberus.crud.service.IApplicationObjectService)
ILogEventService(org.cerberus.crud.service.ILogEventService)
AnswerItem(org.cerberus.util.answer.AnswerItem)
Example 3 with IApplicationObjectService
use of org.cerberus.crud.service.IApplicationObjectService in project cerberus-source by cerberustesting.
the class ReadApplicationObjectImage method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
String charset = request.getCharacterEncoding();
String application = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("application"), "", charset);
String object = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("object"), "", charset);
int width = (!StringUtils.isEmpty(request.getParameter("w"))) ? Integer.valueOf(request.getParameter("w")) : -1;
int height = (!StringUtils.isEmpty(request.getParameter("h"))) ? Integer.valueOf(request.getParameter("h")) : -1;
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IApplicationObjectService applicationObjectService = appContext.getBean(IApplicationObjectService.class);
BufferedImage image = applicationObjectService.readImageByKey(application, object);
BufferedImage b;
if (image != null) {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
/**
* If width and height not defined, get image in real size
*/
if (width == -1 && height == -1) {
b = image;
} else {
ResampleOp rop = new ResampleOp(DimensionConstrain.createMaxDimension(width, height, true));
rop.setNumberOfThreads(4);
b = rop.filter(image, null);
}
ImageIO.write(b, "png", baos);
// byte[] bytesOut = baos.toByteArray();
} else {
// create a buffered image
ByteArrayInputStream bis = new ByteArrayInputStream(imageBytes);
b = ImageIO.read(bis);
bis.close();
}
SimpleDateFormat sdf = new SimpleDateFormat();
sdf.setTimeZone(new SimpleTimeZone(0, "GMT"));
sdf.applyPattern("dd MMM yyyy HH:mm:ss z");
response.setHeader("Last-Modified", sdf.format(DateUtils.addDays(Calendar.getInstance().getTime(), 2 * 360)));
response.setHeader("Expires", sdf.format(DateUtils.addDays(Calendar.getInstance().getTime(), 2 * 360)));
ImageIO.write(b, "png", response.getOutputStream());
}
Also used :
ApplicationContext(org.springframework.context.ApplicationContext)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SimpleTimeZone(java.util.SimpleTimeZone)
ResampleOp(com.mortennobel.imagescaling.ResampleOp)
IApplicationObjectService(org.cerberus.crud.service.IApplicationObjectService)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SimpleDateFormat(java.text.SimpleDateFormat)
BufferedImage(java.awt.image.BufferedImage)
Example 4 with IApplicationObjectService
use of org.cerberus.crud.service.IApplicationObjectService in project cerberus-source by cerberustesting.
the class CreateApplicationObject method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws CerberusException
* @throws JSONException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String charset = request.getCharacterEncoding();
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
Map<String, String> fileData = new HashMap<String, String>();
FileItem file = null;
FileItemFactory factory = new DiskFileItemFactory();
ServletFileUpload upload = new ServletFileUpload(factory);
try {
List<FileItem> fields = upload.parseRequest(request);
Iterator<FileItem> it = fields.iterator();
if (!it.hasNext()) {
return;
}
while (it.hasNext()) {
FileItem fileItem = it.next();
boolean isFormField = fileItem.isFormField();
if (isFormField) {
fileData.put(fileItem.getFieldName(), fileItem.getString("UTF-8"));
} else {
file = fileItem;
}
}
} catch (FileUploadException e) {
e.printStackTrace();
}
/**
* Parsing and securing all required parameters.
*/
// Parameter that are already controled by GUI (no need to decode) --> We SECURE them
// Parameter that needs to be secured --> We SECURE+DECODE them
String application = ParameterParserUtil.parseStringParamAndDecode(fileData.get("application"), null, charset);
String object = ParameterParserUtil.parseStringParamAndDecode(fileData.get("object"), null, charset);
String value = ParameterParserUtil.parseStringParam(fileData.get("value"), null);
String usrcreated = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getRemoteUser(), "", charset);
String datecreated = new Timestamp(new java.util.Date().getTime()).toString();
String usrmodif = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getRemoteUser(), "", charset);
String datemodif = new Timestamp(new java.util.Date().getTime()).toString();
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(application)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Create").replace("%REASON%", "Application name is missing!"));
ans.setResultMessage(msg);
} else if (StringUtil.isNullOrEmpty(object)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Create").replace("%REASON%", "Object name is missing!"));
ans.setResultMessage(msg);
} else {
/**
* All data seems cleans so we can call the services.
*/
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IApplicationObjectService applicationobjectService = appContext.getBean(IApplicationObjectService.class);
IFactoryApplicationObject factoryApplicationobject = appContext.getBean(IFactoryApplicationObject.class);
String fileName = "";
if (file != null) {
fileName = file.getName();
}
ApplicationObject applicationData = factoryApplicationobject.create(-1, application, object, value, fileName, usrcreated, datecreated, usrmodif, datemodif);
ans = applicationobjectService.create(applicationData);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Object created. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/CreateApplicationObject", "CREATE", "Create Application Object: ['" + application + "','" + object + "']", request);
if (file != null) {
AnswerItem an = applicationobjectService.readByKey(application, object);
if (an.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && an.getItem() != null) {
applicationData = (ApplicationObject) an.getItem();
ans = applicationobjectService.uploadFile(applicationData.getID(), file);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
}
}
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", ans.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Also used :
IFactoryApplicationObject(org.cerberus.crud.factory.IFactoryApplicationObject)
PolicyFactory(org.owasp.html.PolicyFactory)
HashMap(java.util.HashMap)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
ILogEventService(org.cerberus.crud.service.ILogEventService)
LogEventService(org.cerberus.crud.service.impl.LogEventService)
Timestamp(java.sql.Timestamp)
ApplicationContext(org.springframework.context.ApplicationContext)
ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload)
ILogEventService(org.cerberus.crud.service.ILogEventService)
IFactoryApplicationObject(org.cerberus.crud.factory.IFactoryApplicationObject)
ApplicationObject(org.cerberus.crud.entity.ApplicationObject)
IApplicationObjectService(org.cerberus.crud.service.IApplicationObjectService)
DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory)
AnswerItem(org.cerberus.util.answer.AnswerItem)
FileItemFactory(org.apache.commons.fileupload.FileItemFactory)
DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory)
Answer(org.cerberus.util.answer.Answer)
FileItem(org.apache.commons.fileupload.FileItem)
JSONObject(org.json.JSONObject)
FileUploadException(org.apache.commons.fileupload.FileUploadException)
Aggregations
IApplicationObjectService (org.cerberus.crud.service.IApplicationObjectService)4
ApplicationContext (org.springframework.context.ApplicationContext)4
ApplicationObject (org.cerberus.crud.entity.ApplicationObject)3
ILogEventService (org.cerberus.crud.service.ILogEventService)3
LogEventService (org.cerberus.crud.service.impl.LogEventService)3
MessageEvent (org.cerberus.engine.entity.MessageEvent)3
Answer (org.cerberus.util.answer.Answer)3
AnswerItem (org.cerberus.util.answer.AnswerItem)3
JSONObject (org.json.JSONObject)3
Timestamp (java.sql.Timestamp)2
FileItem (org.apache.commons.fileupload.FileItem)2
FileItemFactory (org.apache.commons.fileupload.FileItemFactory)2
FileUploadException (org.apache.commons.fileupload.FileUploadException)2
DiskFileItemFactory (org.apache.commons.fileupload.disk.DiskFileItemFactory)2
ServletFileUpload (org.apache.commons.fileupload.servlet.ServletFileUpload)2
PolicyFactory (org.owasp.html.PolicyFactory)2
ResampleOp (com.mortennobel.imagescaling.ResampleOp)1
BufferedImage (java.awt.image.BufferedImage)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
