001 package org.mycore.services.acl;
002
003 import java.io.IOException;
004
005 import javax.servlet.ServletException;
006 import javax.servlet.http.HttpServletRequest;
007 import javax.servlet.http.HttpServletResponse;
008
009 import org.apache.log4j.Logger;
010 import org.jdom.DocType;
011 import org.jdom.Document;
012 import org.jdom.Element;
013
014 import org.mycore.access.MCRAccessManager;
015 import org.mycore.common.MCRConfigurationException;
016 import org.mycore.frontend.MCRWebsiteWriteProtection;
017 import org.mycore.frontend.servlets.MCRServlet;
018 import org.mycore.frontend.servlets.MCRServletJob;
019 import org.mycore.user.MCRUserMgr;
020
021 public class MCRACLEditorServlet_v2 extends MCRServlet {
022
023 private static final long serialVersionUID = 1L;
024
025 private static Logger LOGGER = Logger.getLogger(MCRACLEditorServlet_v2.class);
026
027 protected static final String LOGINSERVLET_URL = "MCRLoginServlet";
028
029 public void init() throws MCRConfigurationException, ServletException {
030 super.init();
031 }
032
033 public void doGetPost(MCRServletJob job) throws Exception {
034 HttpServletRequest request = job.getRequest();
035 HttpServletResponse response = job.getResponse();
036 String mode = request.getParameter("mode");
037
038 verifyAccess(job);
039
040 if (MCRWebsiteWriteProtection.printInfoPageIfNoAccess(request, response, getBaseURL()))
041 return;
042
043 LOGGER.debug("Mode: " + mode);
044
045 String layout = "html";
046
047 boolean mcrWebPage = false;
048 Element answer = null;
049
050 String errorMsg = "The request did not contain a valid mode for this servlet!";
051
052 MCRAclEditor aclEditor = MCRAclEditor.instance();
053 if (mode.equals("getACLEditor")) {
054 answer = aclEditor.getACLEditor(request);
055
056 }
057
058 else if (mode.equals("dataRequest")) {
059 answer = aclEditor.dataRequest(request);
060
061 } else {
062 job.getResponse().sendError(HttpServletResponse.SC_BAD_REQUEST, errorMsg);
063 }
064
065 if (answer.getName().equals("redirect")) {
066 LOGGER.debug("Redirect: " + answer.getText());
067 redirect(response, answer.getText());
068 } else {
069 LOGGER.debug("Normal doLayout!");
070 doLayout(request, response, answer, layout, mcrWebPage);
071 }
072 }
073
074 public void verifyAccess(MCRServletJob job) throws IOException {
075 if (!MCRAccessManager.getAccessImpl().checkPermission("use-aclEditor")) {
076 LOGGER.info("Access denied for userID=" + MCRUserMgr.instance().getCurrentUser().getID());
077 final String queryString = (job.getRequest().getQueryString() != null) ? "?" + job.getRequest().getQueryString() : ":";
078 job.getResponse().sendRedirect(
079 job.getResponse()
080 .encodeRedirectURL(getServletBaseURL() + LOGINSERVLET_URL + "?url=" + job.getRequest().getRequestURL().append(queryString)));
081 }
082 }
083
084 private void redirect(HttpServletResponse response, String url) {
085 if (url == null)
086 url = "";
087
088 if (!url.startsWith("http"))
089 url = getBaseURL() + url;
090
091 try {
092 response.sendRedirect(response.encodeRedirectURL(url));
093 } catch (IOException e) {
094 // TODO Auto-generated catch block
095 e.printStackTrace();
096 }
097 }
098
099 private void doLayout(HttpServletRequest request, HttpServletResponse response, Element elem, String format, boolean mcrWebPage) throws IOException {
100 Document doc = new Document();
101
102 if (mcrWebPage) {
103 Element webPage = new Element("MyCoReWebPage");
104 webPage.addContent(elem);
105 doc.setRootElement(webPage);
106 doc.setDocType(new DocType("MyCoReWebPage"));
107 } else {
108 doc.setRootElement(elem);
109 }
110
111 doLayout(request, response, doc, format);
112 }
113
114 private void doLayout(HttpServletRequest request, HttpServletResponse response, Document doc, String format) throws IOException {
115
116 if (format.equals("xml"))
117 getLayoutService().sendXML(request, response, doc);
118 else
119 getLayoutService().doLayout(request, response, doc);
120 }
121 }