Search in sources :

Example 1 with IApplicationObjectService

use of org.cerberus.crud.service.IApplicationObjectService in project cerberus-source by cerberustesting.

the class UpdateApplicationObject method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    Answer ans = new Answer();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    String charset = request.getCharacterEncoding();
    response.setContentType("application/json");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    Map<String, String> fileData = new HashMap<String, String>();
    FileItem file = null;
    FileItemFactory factory = new DiskFileItemFactory();
    ServletFileUpload upload = new ServletFileUpload(factory);
    try {
        List<FileItem> fields = upload.parseRequest(request);
        Iterator<FileItem> it = fields.iterator();
        if (!it.hasNext()) {
            return;
        }
        while (it.hasNext()) {
            FileItem fileItem = it.next();
            boolean isFormField = fileItem.isFormField();
            if (isFormField) {
                fileData.put(fileItem.getFieldName(), fileItem.getString("UTF-8"));
            } else {
                file = fileItem;
            }
        }
    } catch (FileUploadException e) {
        e.printStackTrace();
    }
    /**
     * Parsing and securing all required parameters.
     */
    // Parameter that are already controled by GUI (no need to decode) --> We SECURE them
    // Parameter that needs to be secured --> We SECURE+DECODE them
    String application = ParameterParserUtil.parseStringParamAndDecode(fileData.get("application"), null, charset);
    String object = ParameterParserUtil.parseStringParamAndDecode(fileData.get("object"), null, charset);
    String value = ParameterParserUtil.parseStringParam(fileData.get("value"), null);
    String usrmodif = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getRemoteUser(), "", charset);
    String datemodif = new Timestamp(new java.util.Date().getTime()).toString();
    // Parameter that we cannot secure as we need the html --> We DECODE them
    // Getting list of application from JSON Call
    // Prepare the final answer.
    MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK);
    Answer finalAnswer = new Answer(msg1);
    /**
     * Checking all constrains before calling the services.
     */
    if (StringUtil.isNullOrEmpty(application)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Update").replace("%REASON%", "Application name (applicationobject) is missing."));
        ans.setResultMessage(msg);
    } else if (StringUtil.isNullOrEmpty(object)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Update").replace("%REASON%", "Object name (applicationobject) is missing."));
        ans.setResultMessage(msg);
    } else {
        /**
         * All data seems cleans so we can call the services.
         */
        IApplicationObjectService applicationObjectService = appContext.getBean(IApplicationObjectService.class);
        AnswerItem resp = applicationObjectService.readByKey(application, object);
        if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
            /**
             * Object could not be found. We stop here and report the error.
             */
            finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) resp);
        } else {
            /**
             * The service was able to perform the query and confirm the
             * object exist, then we can update it.
             */
            ApplicationObject applicationData = (ApplicationObject) resp.getItem();
            String fileName = applicationData.getScreenShotFileName();
            if (file != null) {
                ans = applicationObjectService.uploadFile(applicationData.getID(), file);
                if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                    fileName = file.getName();
                }
            }
            applicationData.setValue(value);
            applicationData.setScreenShotFileName(fileName);
            applicationData.setUsrModif(usrmodif);
            applicationData.setDateModif(datemodif);
            ans = applicationObjectService.update(applicationData.getApplication(), applicationData.getObject(), applicationData);
            finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
            if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                /**
                 * Update was successful. Adding Log entry.
                 */
                ILogEventService logEventService = appContext.getBean(LogEventService.class);
                logEventService.createForPrivateCalls("/UpdateApplication", "UPDATE", "Updated Application : ['" + application + "']", request);
            }
            finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
        }
    }
    /**
     * Formating and returning the json result.
     */
    jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", finalAnswer.getResultMessage().getDescription());
    response.getWriter().print(jsonResponse);
    response.getWriter().flush();
}
Also used : MessageEvent(org.cerberus.engine.entity.MessageEvent) ApplicationObject(org.cerberus.crud.entity.ApplicationObject) ILogEventService(org.cerberus.crud.service.ILogEventService) LogEventService(org.cerberus.crud.service.impl.LogEventService) IApplicationObjectService(org.cerberus.crud.service.IApplicationObjectService) DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory) Timestamp(java.sql.Timestamp) AnswerItem(org.cerberus.util.answer.AnswerItem) FileItemFactory(org.apache.commons.fileupload.FileItemFactory) DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory) Answer(org.cerberus.util.answer.Answer) FileItem(org.apache.commons.fileupload.FileItem) ApplicationContext(org.springframework.context.ApplicationContext) ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload) JSONObject(org.json.JSONObject) java.util(java.util) ILogEventService(org.cerberus.crud.service.ILogEventService) FileUploadException(org.apache.commons.fileupload.FileUploadException)

Example 2 with IApplicationObjectService

use of org.cerberus.crud.service.IApplicationObjectService in project cerberus-source by cerberustesting.

the class DeleteApplicationObject method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    Answer ans = new Answer();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    response.setContentType("application/json");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    /**
     * Parsing and securing all required parameters.
     */
    String application = policy.sanitize(request.getParameter("application"));
    String object = policy.sanitize(request.getParameter("object"));
    /**
     * Checking all constrains before calling the services.
     */
    if (StringUtil.isNullOrEmpty(application)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Delete").replace("%REASON%", "Application name is missing!"));
        ans.setResultMessage(msg);
    } else if (StringUtil.isNullOrEmpty(object)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Delete").replace("%REASON%", "Object name is missing!"));
        ans.setResultMessage(msg);
    } else {
        /**
         * All data seems cleans so we can call the services.
         */
        ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
        IApplicationObjectService applicationObjectService = appContext.getBean(IApplicationObjectService.class);
        AnswerItem resp = applicationObjectService.readByKey(application, object);
        if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
            /**
             * Object could not be found. We stop here and report the error.
             */
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Delete").replace("%REASON%", "Application Object does not exist."));
            ans.setResultMessage(msg);
        } else {
            /**
             * The service was able to perform the query and confirm the
             * object exist, then we can delete it.
             */
            ApplicationObject applicationData = (ApplicationObject) resp.getItem();
            ans = applicationObjectService.delete(applicationData);
            if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                /**
                 * Delete was successful. Adding Log entry.
                 */
                ILogEventService logEventService = appContext.getBean(LogEventService.class);
                logEventService.createForPrivateCalls("/DeleteApplication", "DELETE", "Delete Application Object: ['" + application + "','" + object + "']", request);
            }
        }
    }
    /**
     * Formating and returning the json result.
     */
    jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", ans.getResultMessage().getDescription());
    response.getWriter().print(jsonResponse.toString());
    response.getWriter().flush();
}
Also used : Answer(org.cerberus.util.answer.Answer) ApplicationContext(org.springframework.context.ApplicationContext) JSONObject(org.json.JSONObject) PolicyFactory(org.owasp.html.PolicyFactory) MessageEvent(org.cerberus.engine.entity.MessageEvent) ApplicationObject(org.cerberus.crud.entity.ApplicationObject) ILogEventService(org.cerberus.crud.service.ILogEventService) LogEventService(org.cerberus.crud.service.impl.LogEventService) IApplicationObjectService(org.cerberus.crud.service.IApplicationObjectService) ILogEventService(org.cerberus.crud.service.ILogEventService) AnswerItem(org.cerberus.util.answer.AnswerItem)

Example 3 with IApplicationObjectService

use of org.cerberus.crud.service.IApplicationObjectService in project cerberus-source by cerberustesting.

the class ReadApplicationObjectImage method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 * @throws CerberusException
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
    String charset = request.getCharacterEncoding();
    String application = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("application"), "", charset);
    String object = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("object"), "", charset);
    int width = (!StringUtils.isEmpty(request.getParameter("w"))) ? Integer.valueOf(request.getParameter("w")) : -1;
    int height = (!StringUtils.isEmpty(request.getParameter("h"))) ? Integer.valueOf(request.getParameter("h")) : -1;
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    IApplicationObjectService applicationObjectService = appContext.getBean(IApplicationObjectService.class);
    BufferedImage image = applicationObjectService.readImageByKey(application, object);
    BufferedImage b;
    if (image != null) {
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        /**
         * If width and height not defined, get image in real size
         */
        if (width == -1 && height == -1) {
            b = image;
        } else {
            ResampleOp rop = new ResampleOp(DimensionConstrain.createMaxDimension(width, height, true));
            rop.setNumberOfThreads(4);
            b = rop.filter(image, null);
        }
        ImageIO.write(b, "png", baos);
    // byte[] bytesOut = baos.toByteArray();
    } else {
        // create a buffered image
        ByteArrayInputStream bis = new ByteArrayInputStream(imageBytes);
        b = ImageIO.read(bis);
        bis.close();
    }
    SimpleDateFormat sdf = new SimpleDateFormat();
    sdf.setTimeZone(new SimpleTimeZone(0, "GMT"));
    sdf.applyPattern("dd MMM yyyy HH:mm:ss z");
    response.setHeader("Last-Modified", sdf.format(DateUtils.addDays(Calendar.getInstance().getTime(), 2 * 360)));
    response.setHeader("Expires", sdf.format(DateUtils.addDays(Calendar.getInstance().getTime(), 2 * 360)));
    ImageIO.write(b, "png", response.getOutputStream());
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) ByteArrayInputStream(java.io.ByteArrayInputStream) SimpleTimeZone(java.util.SimpleTimeZone) ResampleOp(com.mortennobel.imagescaling.ResampleOp) IApplicationObjectService(org.cerberus.crud.service.IApplicationObjectService) ByteArrayOutputStream(java.io.ByteArrayOutputStream) SimpleDateFormat(java.text.SimpleDateFormat) BufferedImage(java.awt.image.BufferedImage)

Example 4 with IApplicationObjectService

use of org.cerberus.crud.service.IApplicationObjectService in project cerberus-source by cerberustesting.

the class CreateApplicationObject method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 * @throws CerberusException
 * @throws JSONException
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    Answer ans = new Answer();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String charset = request.getCharacterEncoding();
    response.setContentType("application/json");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    Map<String, String> fileData = new HashMap<String, String>();
    FileItem file = null;
    FileItemFactory factory = new DiskFileItemFactory();
    ServletFileUpload upload = new ServletFileUpload(factory);
    try {
        List<FileItem> fields = upload.parseRequest(request);
        Iterator<FileItem> it = fields.iterator();
        if (!it.hasNext()) {
            return;
        }
        while (it.hasNext()) {
            FileItem fileItem = it.next();
            boolean isFormField = fileItem.isFormField();
            if (isFormField) {
                fileData.put(fileItem.getFieldName(), fileItem.getString("UTF-8"));
            } else {
                file = fileItem;
            }
        }
    } catch (FileUploadException e) {
        e.printStackTrace();
    }
    /**
     * Parsing and securing all required parameters.
     */
    // Parameter that are already controled by GUI (no need to decode) --> We SECURE them
    // Parameter that needs to be secured --> We SECURE+DECODE them
    String application = ParameterParserUtil.parseStringParamAndDecode(fileData.get("application"), null, charset);
    String object = ParameterParserUtil.parseStringParamAndDecode(fileData.get("object"), null, charset);
    String value = ParameterParserUtil.parseStringParam(fileData.get("value"), null);
    String usrcreated = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getRemoteUser(), "", charset);
    String datecreated = new Timestamp(new java.util.Date().getTime()).toString();
    String usrmodif = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getRemoteUser(), "", charset);
    String datemodif = new Timestamp(new java.util.Date().getTime()).toString();
    /**
     * Checking all constrains before calling the services.
     */
    if (StringUtil.isNullOrEmpty(application)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Create").replace("%REASON%", "Application name is missing!"));
        ans.setResultMessage(msg);
    } else if (StringUtil.isNullOrEmpty(object)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Create").replace("%REASON%", "Object name is missing!"));
        ans.setResultMessage(msg);
    } else {
        /**
         * All data seems cleans so we can call the services.
         */
        ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
        IApplicationObjectService applicationobjectService = appContext.getBean(IApplicationObjectService.class);
        IFactoryApplicationObject factoryApplicationobject = appContext.getBean(IFactoryApplicationObject.class);
        String fileName = "";
        if (file != null) {
            fileName = file.getName();
        }
        ApplicationObject applicationData = factoryApplicationobject.create(-1, application, object, value, fileName, usrcreated, datecreated, usrmodif, datemodif);
        ans = applicationobjectService.create(applicationData);
        if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
            /**
             * Object created. Adding Log entry.
             */
            ILogEventService logEventService = appContext.getBean(LogEventService.class);
            logEventService.createForPrivateCalls("/CreateApplicationObject", "CREATE", "Create Application Object: ['" + application + "','" + object + "']", request);
            if (file != null) {
                AnswerItem an = applicationobjectService.readByKey(application, object);
                if (an.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && an.getItem() != null) {
                    applicationData = (ApplicationObject) an.getItem();
                    ans = applicationobjectService.uploadFile(applicationData.getID(), file);
                    if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                    }
                }
            }
        }
    }
    /**
     * Formating and returning the json result.
     */
    jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", ans.getResultMessage().getDescription());
    response.getWriter().print(jsonResponse);
    response.getWriter().flush();
}
Also used : IFactoryApplicationObject(org.cerberus.crud.factory.IFactoryApplicationObject) PolicyFactory(org.owasp.html.PolicyFactory) HashMap(java.util.HashMap) MessageEvent(org.cerberus.engine.entity.MessageEvent) ILogEventService(org.cerberus.crud.service.ILogEventService) LogEventService(org.cerberus.crud.service.impl.LogEventService) Timestamp(java.sql.Timestamp) ApplicationContext(org.springframework.context.ApplicationContext) ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload) ILogEventService(org.cerberus.crud.service.ILogEventService) IFactoryApplicationObject(org.cerberus.crud.factory.IFactoryApplicationObject) ApplicationObject(org.cerberus.crud.entity.ApplicationObject) IApplicationObjectService(org.cerberus.crud.service.IApplicationObjectService) DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory) AnswerItem(org.cerberus.util.answer.AnswerItem) FileItemFactory(org.apache.commons.fileupload.FileItemFactory) DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory) Answer(org.cerberus.util.answer.Answer) FileItem(org.apache.commons.fileupload.FileItem) JSONObject(org.json.JSONObject) FileUploadException(org.apache.commons.fileupload.FileUploadException)

Aggregations

IApplicationObjectService (org.cerberus.crud.service.IApplicationObjectService)4 ApplicationContext (org.springframework.context.ApplicationContext)4 ApplicationObject (org.cerberus.crud.entity.ApplicationObject)3 ILogEventService (org.cerberus.crud.service.ILogEventService)3 LogEventService (org.cerberus.crud.service.impl.LogEventService)3 MessageEvent (org.cerberus.engine.entity.MessageEvent)3 Answer (org.cerberus.util.answer.Answer)3 AnswerItem (org.cerberus.util.answer.AnswerItem)3 JSONObject (org.json.JSONObject)3 Timestamp (java.sql.Timestamp)2 FileItem (org.apache.commons.fileupload.FileItem)2 FileItemFactory (org.apache.commons.fileupload.FileItemFactory)2 FileUploadException (org.apache.commons.fileupload.FileUploadException)2 DiskFileItemFactory (org.apache.commons.fileupload.disk.DiskFileItemFactory)2 ServletFileUpload (org.apache.commons.fileupload.servlet.ServletFileUpload)2 PolicyFactory (org.owasp.html.PolicyFactory)2 ResampleOp (com.mortennobel.imagescaling.ResampleOp)1 BufferedImage (java.awt.image.BufferedImage)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1