JBoss Portal SVN: r12740 - modules/authorization/trunk/policy-server.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-01-30 17:45:52 -0500 (Fri, 30 Jan 2009)
New Revision: 12740
Modified:
modules/authorization/trunk/policy-server/
Log:
refactoring/creating the 'policy-server' component
Property changes on: modules/authorization/trunk/policy-server
___________________________________________________________________
Name: svn:ignore
+ target
15 years, 3 months
- 1
- 0
JBoss Portal SVN: r12739 - in modules/authorization/trunk: decision-point and 16 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-01-30 17:44:56 -0500 (Fri, 30 Jan 2009)
New Revision: 12739
Added:
modules/authorization/trunk/policy-server/
modules/authorization/trunk/policy-server/pom.xml
modules/authorization/trunk/policy-server/src/
modules/authorization/trunk/policy-server/src/main/
modules/authorization/trunk/policy-server/src/main/java/
modules/authorization/trunk/policy-server/src/main/java/org/
modules/authorization/trunk/policy-server/src/main/java/org/jboss/
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/
modules/authorization/trunk/policy-server/src/main/resources/
modules/authorization/trunk/policy-server/src/test/
modules/authorization/trunk/policy-server/src/test/java/
modules/authorization/trunk/policy-server/src/test/resources/
Removed:
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/pap/
modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/server/
Modified:
modules/authorization/trunk/.classpath
modules/authorization/trunk/decision-point/pom.xml
modules/authorization/trunk/decision-point/src/main/java/org/jboss/security/authz/decision/PolicyDecisionPoint.java
modules/authorization/trunk/http-profile/pom.xml
modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyDeployer.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/EmbeddedBootstrap.java
modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/Server.java
modules/authorization/trunk/pom.xml
Log:
refactoring/creating the 'policy-server' component
Modified: modules/authorization/trunk/.classpath
===================================================================
--- modules/authorization/trunk/.classpath 2009-01-30 22:08:26 UTC (rev 12738)
+++ modules/authorization/trunk/.classpath 2009-01-30 22:44:56 UTC (rev 12739)
@@ -24,6 +24,10 @@
<classpathentry kind="src" path="http-profile/src/main/resources"/>
<classpathentry kind="src" path="http-profile/src/test/java"/>
<classpathentry kind="src" path="http-profile/src/test/resources"/>
+ <classpathentry kind="src" path="policy-server/src/main/java"/>
+ <classpathentry kind="src" path="policy-server/src/main/resources"/>
+ <classpathentry kind="src" path="policy-server/src/test/java"/>
+ <classpathentry kind="src" path="policy-server/src/test/resources"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
<classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/>
Modified: modules/authorization/trunk/decision-point/pom.xml
===================================================================
--- modules/authorization/trunk/decision-point/pom.xml 2009-01-30 22:08:26 UTC (rev 12738)
+++ modules/authorization/trunk/decision-point/pom.xml 2009-01-30 22:44:56 UTC (rev 12739)
@@ -19,6 +19,11 @@
<artifactId>jboss-authz-common</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-enforcement</artifactId>
+ <version>${project.version}</version>
+ </dependency>
<!-- jboss xacml -->
<dependency>
Modified: modules/authorization/trunk/decision-point/src/main/java/org/jboss/security/authz/decision/PolicyDecisionPoint.java
===================================================================
--- modules/authorization/trunk/decision-point/src/main/java/org/jboss/security/authz/decision/PolicyDecisionPoint.java 2009-01-30 22:08:26 UTC (rev 12738)
+++ modules/authorization/trunk/decision-point/src/main/java/org/jboss/security/authz/decision/PolicyDecisionPoint.java 2009-01-30 22:44:56 UTC (rev 12739)
@@ -21,6 +21,9 @@
*/
package org.jboss.security.authz.decision;
+import org.jboss.security.authz.enforcement.Request;
+import org.jboss.security.authz.enforcement.Response;
+
/**
* This component processes all incoming Authorization requests and responds with a response
*
@@ -47,4 +50,32 @@
}
//-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Makes an Authorization Decision
+ *
+ * This method is used when the PolicyDecisionPoint runs in-memory with the Application from which the native Enforcement components issue Authorization requests
+ *
+ * @param request Authorization Request
+ * @return response which contains the Authorization Decision
+ */
+ public Response evaluate(Request request)
+ {
+ Response response = new Response();
+ return response;
+ }
+
+ /**
+ * Makes an Authorization Decision
+ *
+ * This method is used when the PolicyDecisionPoint is accessed over the network by sending it the appropriate request in XML format
+ * The XML format used is compliant with the XACML spec
+ *
+ * @param xml
+ * @return response in xml format confirming to the XACML spec
+ */
+ public String evaluate(String xml)
+ {
+ String responseXml = null;
+ return responseXml;
+ }
}
Modified: modules/authorization/trunk/http-profile/pom.xml
===================================================================
--- modules/authorization/trunk/http-profile/pom.xml 2009-01-30 22:08:26 UTC (rev 12738)
+++ modules/authorization/trunk/http-profile/pom.xml 2009-01-30 22:44:56 UTC (rev 12739)
@@ -42,11 +42,18 @@
<artifactId>junit</artifactId>
</dependency>
- <dependency>
+ <dependency>
<groupId>org.jboss.microcontainer</groupId>
<artifactId>jboss-kernel</artifactId>
<scope>test</scope>
- </dependency>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-policy-server</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
Modified: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyDeployer.java
===================================================================
--- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyDeployer.java 2009-01-30 22:08:26 UTC (rev 12738)
+++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/provisioning/TestHttpPolicyDeployer.java 2009-01-30 22:44:56 UTC (rev 12739)
@@ -27,8 +27,8 @@
import org.apache.log4j.Logger;
import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.policy.server.Server;
import org.jboss.security.authz.provisioning.policy.PolicyDeployer;
-import org.jboss.security.authz.provisioning.server.Server;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
Added: modules/authorization/trunk/policy-server/pom.xml
===================================================================
--- modules/authorization/trunk/policy-server/pom.xml (rev 0)
+++ modules/authorization/trunk/policy-server/pom.xml 2009-01-30 22:44:56 UTC (rev 12739)
@@ -0,0 +1,83 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-parent</artifactId>
+ <version>trunk-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-authz-policy-server</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Authorization Policy Server</name>
+ <url>http://www.jboss.org</url>
+ <description>The Central Authorization Policy Server</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-provisioning</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security.authz</groupId>
+ <artifactId>jboss-authz-decision-point</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <!-- jboss xacml -->
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-xacml</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-sunxacml</artifactId>
+ </dependency>
+
+ <!-- sun jaxb -->
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-impl</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-xjc</artifactId>
+ </dependency>
+
+ <!-- jboss microcontainer -->
+ <dependency>
+ <groupId>org.jboss.microcontainer</groupId>
+ <artifactId>jboss-kernel</artifactId>
+ </dependency>
+
+ <!-- junit -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.3.1</version>
+ <configuration>
+ <includes>
+ </includes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Copied: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server (from rev 12729, modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/server)
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/EmbeddedBootstrap.java
===================================================================
--- modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/server/EmbeddedBootstrap.java 2009-01-30 17:46:15 UTC (rev 12729)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/EmbeddedBootstrap.java 2009-01-30 22:44:56 UTC (rev 12739)
@@ -20,7 +20,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
* 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
******************************************************************************/
-package org.jboss.security.authz.provisioning.server;
+package org.jboss.security.authz.policy.server;
import java.net.URL;
Modified: modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/Server.java
===================================================================
--- modules/authorization/trunk/provisioning/src/main/java/org/jboss/security/authz/provisioning/server/Server.java 2009-01-30 17:46:15 UTC (rev 12729)
+++ modules/authorization/trunk/policy-server/src/main/java/org/jboss/security/authz/policy/server/Server.java 2009-01-30 22:44:56 UTC (rev 12739)
@@ -20,7 +20,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
* 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
******************************************************************************/
-package org.jboss.security.authz.provisioning.server;
+package org.jboss.security.authz.policy.server;
import java.net.URL;
Modified: modules/authorization/trunk/pom.xml
===================================================================
--- modules/authorization/trunk/pom.xml 2009-01-30 22:08:26 UTC (rev 12738)
+++ modules/authorization/trunk/pom.xml 2009-01-30 22:44:56 UTC (rev 12739)
@@ -15,6 +15,7 @@
<module>decision-point</module>
<module>enforcement</module>
<module>provisioning</module>
+ <module>policy-server</module>
<module>http-profile</module>
<!--
<module>security-console</module>
15 years, 3 months
- 1
- 0
JBoss Portal SVN: r12738 - branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin.
by portal-commits@lists.jboss.org
Author: chris.laprun(a)jboss.com
Date: 2009-01-30 17:08:26 -0500 (Fri, 30 Jan 2009)
New Revision: 12738
Modified:
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
Log:
- Should fix several potential XSS opportunities.
Modified: branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
--- branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-01-30 22:05:36 UTC (rev 12737)
+++ branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-01-30 22:08:26 UTC (rev 12738)
@@ -1,6 +1,6 @@
/******************************************************************************
* JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * Copyright 2009, Red Hat Middleware, LLC, and individual *
* contributors as indicated by the @authors tag. See the *
* copyright.txt in the distribution for a full listing of *
* individual contributors. *
@@ -20,6 +20,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
* 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
******************************************************************************/
+
package org.jboss.portal.core.cms.ui.admin;
import org.apache.commons.fileupload.FileItem;
@@ -32,6 +33,7 @@
import org.jboss.portal.cms.impl.ContentImpl;
import org.jboss.portal.cms.impl.FileImpl;
import org.jboss.portal.cms.impl.FolderImpl;
+import org.jboss.portal.cms.impl.jcr.JCRCMS;
import org.jboss.portal.cms.model.Content;
import org.jboss.portal.cms.model.File;
import org.jboss.portal.cms.model.Folder;
@@ -44,9 +46,9 @@
import org.jboss.portal.cms.util.NodeUtil;
import org.jboss.portal.cms.workflow.ApprovePublish;
import org.jboss.portal.cms.workflow.CMSWorkflowUtil;
-import org.jboss.portal.cms.impl.jcr.JCRCMS;
-import org.jboss.portal.core.cms.ui.Util;
+import org.jboss.portal.common.util.ParameterValidation;
import org.jboss.portal.core.cms.command.StreamContentCommand;
+import org.jboss.portal.core.cms.ui.Util;
import org.jboss.portal.core.controller.ControllerContext;
import org.jboss.portal.identity.AnonymousRole;
import org.jboss.portal.identity.IdentityException;
@@ -77,7 +79,8 @@
import javax.portlet.PortletSession;
import javax.portlet.UnavailableException;
import java.io.IOException;
-import java.io.InputStream;
+import java.text.Format;
+import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
@@ -85,11 +88,10 @@
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
+import java.util.ResourceBundle;
import java.util.Set;
import java.util.Vector;
-import java.util.ResourceBundle;
-import java.text.SimpleDateFormat;
-import java.text.Format;
+import java.util.regex.Pattern;
/**
* @author <a href="mailto:roy@jboss.org">Roy Russo</a>
@@ -105,6 +107,8 @@
private ApprovePublish approvePublish;
private AuthorizationManager authorizationManager;
private ResourceBundle resources = null;
+ private static final Pattern CHECK_FOR_XSS_PATTERN = Pattern.compile("^[<>\\(\\)=]");
+ private static final String SLASH = "/";
public void init() throws PortletException
@@ -136,22 +140,22 @@
throw new PortletException("Authorization Service not found");
}
- this.initializeApprovePublishWorkflow();
+ this.initializeApprovePublishWorkflow();
}
-
+
/**
- *
+ *
*/
public void init(PortletConfig config) throws PortletException
{
super.init(config);
-
+
//Get the Resource Bundle for this Portlet
this.resources = config.getResourceBundle(Locale.getDefault());
}
/**
- *
+ *
*/
protected void doView(final JBossRenderRequest rReq, final JBossRenderResponse rRes)
throws PortletException, IOException, UnavailableException
@@ -161,8 +165,8 @@
String datePattern = bundle.getString(CMSAdminConstants.CMS_DATE_PATTERN);
Format dateFormat = new SimpleDateFormat(datePattern, rReq.getLocale());
rReq.setAttribute(CMSAdminConstants.DATE_FORMAT, dateFormat);
-
-
+
+
//check and make sure the CMSAdminPortlet is accessible to the current user
if (!this.isPortletAccessible(rReq))
{
@@ -202,38 +206,46 @@
{
throw new PortletException(e);
}
- }
+ }
}
-
- /**
- *
- * @param renderResponse
- * @throws IOException
- */
+
+ /** @throws IOException */
private void showAccessDeniedScreen(JBossRenderRequest rReq, JBossRenderResponse rRes) throws IOException, PortletException
{
- try
- {
- String sPath = rReq.getParameter("path");
- String sOp = rReq.getParameter("returnOp");
-
-
- rRes.setContentType("text/html");
- rReq.setAttribute("path", sPath);
- rReq.setAttribute("returnOp", sOp);
- javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/accessdenied.jsp");
- prd.include(rReq, rRes);
- }
- catch(Exception e)
- {
- throw new PortletException(e);
- }
+ try
+ {
+ String sPath = rReq.getParameter("path");
+ String sOp = rReq.getParameter("returnOp");
+
+
+ rRes.setContentType("text/html");
+ rReq.setAttribute("path", sPath);
+ rReq.setAttribute("returnOp", sOp);
+ javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/accessdenied.jsp");
+ prd.include(rReq, rRes);
+ }
+ catch (Exception e)
+ {
+ throw new PortletException(e);
+ }
}
private void internalDoView(JBossRenderRequest rReq, JBossRenderResponse rRes)
throws CMSException, PortletException, IOException
{
String op = rReq.getParameter("op");
+ String sPath = rReq.getParameter("path");
+ if (sPath != null)
+ {
+ sPath = ParameterValidation.sanitizeFromPattern(sPath, CHECK_FOR_XSS_PATTERN, SLASH);
+ }
+
+ String sNavPath = rReq.getParameter("navpath");
+ if (sNavPath != null)
+ {
+ sNavPath = ParameterValidation.sanitizeFromPattern(sNavPath, CHECK_FOR_XSS_PATTERN, SLASH);
+ }
+
if (op == null)
{
op = CMSAdminConstants.OP_MAIN;
@@ -241,21 +253,19 @@
if (CMSAdminConstants.OP_MAIN.equals(op)) // list page.
{
- String sPath = rReq.getParameter("path");
if (sPath == null)
{
- sPath = "/";
+ sPath = SLASH;
}
-
-
+
JCRCMS.enableUISecurityFilter();
Command listCMD = CMSService.getCommandFactory().createFolderGetListCommand(sPath);
Folder mainFolder = (Folder)CMSService.execute(listCMD);
-
+
List folders = new ArrayList();
List files = new ArrayList();
-
- if(mainFolder != null)
+
+ if (mainFolder != null)
{
folders = mainFolder.getFolders();
files = mainFolder.getFiles();
@@ -263,15 +273,15 @@
else
{
Object messages = rReq.getPortletSession().getAttribute("messages");
- if(messages == null)
+ if (messages == null)
{
messages = new ArrayList();
rReq.getPortletSession().setAttribute("messages", messages);
}
-
+
((List)messages).add(this.resources.getObject("CMS_MISSING_RESOURCE"));
}
-
+
JCRCMS.disableUISecurityFilter();
rRes.setContentType("text/html");
@@ -290,13 +300,13 @@
{
rReq.setAttribute("manageWorkflowAccessible", new Boolean(false));
}
-
+
//Messages
- if(rReq.getPortletSession().getAttribute("messages") != null)
+ if (rReq.getPortletSession().getAttribute("messages") != null)
{
Object messages = rReq.getPortletSession().getAttribute("messages");
rReq.getPortletSession().removeAttribute("messages");
-
+
rReq.setAttribute("messages", messages);
}
@@ -307,42 +317,42 @@
{
try
{
- String sNavPath = rReq.getParameter("navpath");
-
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("navpath", sNavPath);
-
- String sPath = rReq.getParameter("path");
+
rRes.setContentType("text/html");
rReq.setAttribute("createpath", sPath);
-
- if (rReq.getParameter("error:message") != null)
+
+ String parameter = rReq.getParameter("error:message");
+ if (parameter != null)
{
- rReq.setAttribute("error:message", rReq.getParameter("error:message"));
+ rReq.setAttribute("error:message", parameter);
}
- if (rReq.getParameter("error:newcollectionname") != null)
+ parameter = rReq.getParameter("error:newcollectionname");
+ if (parameter != null)
{
- rReq.setAttribute("error:newcollectionname", rReq.getParameter("error:newcollectionname"));
+ rReq.setAttribute("error:newcollectionname", parameter);
}
- if (rReq.getParameter("error:newcollectiondescription") != null)
+ parameter = rReq.getParameter("error:newcollectiondescription");
+ if (parameter != null)
{
- rReq.setAttribute("error:newcollectiondescription", rReq.getParameter("error:newcollectiondescription"));
+ rReq.setAttribute("error:newcollectiondescription", parameter);
}
-
-
+
+
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/confirmcreatecollection.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
@@ -351,17 +361,15 @@
{
try
{
- String sPath = rReq.getParameter("path");
- String sNavPath = rReq.getParameter("navpath");
-
+
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
@@ -370,15 +378,13 @@
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/upload.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
}
else if (CMSAdminConstants.OP_VIEWFILE.equals(op))
{
- String sPath = rReq.getParameter("path");
-
Command fileGetList = CMSService.getCommandFactory().createFileGetListCommand(sPath);
List contentList = (List)CMSService.execute(fileGetList);
@@ -459,17 +465,15 @@
{
try
{
- String sPath = rReq.getParameter("path");
- String sNavPath = rReq.getParameter("navpath");
-
+
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
@@ -477,7 +481,7 @@
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/uploadarchive.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
@@ -486,18 +490,16 @@
{
try
{
- String sPath = rReq.getParameter("path");
- String sNavPath = rReq.getParameter("navpath");
String sType = rReq.getParameter("type");
-
+
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
@@ -506,7 +508,7 @@
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/confirmcopy.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
@@ -515,18 +517,16 @@
{
try
{
- String sPath = rReq.getParameter("path");
- String sNavPath = rReq.getParameter("navpath");
String sType = rReq.getParameter("type");
-
+
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
@@ -535,14 +535,13 @@
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/confirmmove.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
}
else if (CMSAdminConstants.OP_CONFIRMDELETE.equals(op))
{
- String sPath = rReq.getParameter("path");
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/confirmdelete.jsp");
@@ -550,18 +549,16 @@
}
else if (CMSAdminConstants.OP_EDIT_BINARY.equals(op))
{
- String sPath = rReq.getParameter("path");
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
- rReq.setAttribute("language", rReq.getParameter("language"));
+ String language = rReq.getParameter("language");
+ ParameterValidation.sanitizeFromPattern(language, CHECK_FOR_XSS_PATTERN, "en");
+ rReq.setAttribute("language", language);
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/editbinary.jsp");
prd.include(rReq, rRes);
}
- else
- if (CMSAdminConstants.OP_CREATENEWTEXT.equals(op) || CMSAdminConstants.OP_CREATEFILE_VALIDATION_ERROR.equals(op))
+ else if (CMSAdminConstants.OP_CREATENEWTEXT.equals(op) || CMSAdminConstants.OP_CREATEFILE_VALIDATION_ERROR.equals(op))
{
- String sPath = rReq.getParameter("path");
-
// get Base for editor
StringBuffer sbUrl = new StringBuffer();
sbUrl.append(rReq.getScheme());
@@ -588,32 +585,38 @@
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
- rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, "/"));
+ rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, SLASH));
//If a validation error occurred, re-populate data already submitted
- if (rReq.getParameter("error:content") != null)
+ String parameter = rReq.getParameter("error:content");
+ if (parameter != null)
{
- rReq.setAttribute("error:content", rReq.getParameter("error:content"));
+ rReq.setAttribute("error:content", parameter);
}
- if (rReq.getParameter("error:description") != null)
+ parameter = rReq.getParameter("error:description");
+ if (parameter != null)
{
- rReq.setAttribute("error:description", rReq.getParameter("error:description"));
+ rReq.setAttribute("error:description", parameter);
}
- if (rReq.getParameter("error:title") != null)
+ parameter = rReq.getParameter("error:title");
+ if (parameter != null)
{
- rReq.setAttribute("error:title", rReq.getParameter("error:title"));
+ rReq.setAttribute("error:title", parameter);
}
- if (rReq.getParameter("error:language") != null)
+ parameter = rReq.getParameter("error:language");
+ if (parameter != null)
{
- rReq.setAttribute("error:language", rReq.getParameter("error:language"));
+ rReq.setAttribute("error:language", parameter);
}
- if (rReq.getParameter("error:filename") != null)
+ parameter = rReq.getParameter("error:filename");
+ if (parameter != null)
{
- rReq.setAttribute("error:filename", rReq.getParameter("error:filename"));
+ rReq.setAttribute("error:filename", parameter);
}
- if (rReq.getParameter("error:message") != null)
+ parameter = rReq.getParameter("error:message");
+ if (parameter != null)
{
- rReq.setAttribute("error:message", rReq.getParameter("error:message"));
+ rReq.setAttribute("error:message", parameter);
}
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/create.jsp");
@@ -621,8 +624,9 @@
}
else if (CMSAdminConstants.OP_EDIT.equals(op))
{
- String sPath = rReq.getParameter("path");
String sLanguage = rReq.getParameter("language");
+ ParameterValidation.sanitizeFromPattern(sLanguage, CHECK_FOR_XSS_PATTERN, "en");
+
String sVersion = rReq.getParameter("version");
StringBuffer sbUrl = new StringBuffer();
@@ -651,7 +655,7 @@
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
- rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, "/"));
+ rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, SLASH));
Command getCommand;
@@ -680,17 +684,14 @@
{
try
{
- String sPath = rReq.getParameter("path");
- String sNavPath = rReq.getParameter("navpath");
-
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
@@ -698,15 +699,15 @@
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/exportarchive.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
}
else if (CMSAdminConstants.OP_EXPORTARCHIVE_PICKUP.equals(op))
{
- String sPath = rReq.getParameter("path");
String sPickupFile = rReq.getParameter("filepath");
+ ParameterValidation.sanitizeFromPattern(sPickupFile, CHECK_FOR_XSS_PATTERN, SLASH);
rRes.setContentType("text/html");
PortletRequestDispatcher prd = null;
@@ -725,7 +726,6 @@
}
else if (CMSAdminConstants.OP_CONFIRMSECURE.equals(op))
{
- String sPath = rReq.getParameter("path");
String sConfirm = rReq.getParameter("confirm");
String returnOp = rReq.getParameter("returnOp");
@@ -786,13 +786,11 @@
else if (CMSAdminConstants.OP_VIEWPENDING.equals(op))
{
boolean isWorkflowManagementAccessible = this.isWorkflowManagementAccessible(rReq);
- if(!isWorkflowManagementAccessible)
+ if (!isWorkflowManagementAccessible)
{
this.showAccessDeniedScreen(rReq, rRes);
return;
}
-
- String sPath = rReq.getParameter("path");
if (this.getApprovePublish() != null)
{
@@ -809,30 +807,29 @@
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
-
+
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/pending_items.jsp");
prd.include(rReq, rRes);
}
else if (CMSAdminConstants.OP_VIEWPENDINGPREVIEW.equals(op))
{
String processId = rReq.getParameter("pid");
- String path = rReq.getParameter("path");
String contentPath = rReq.getParameter("contentPath");
-
+
boolean isWorkflowManagementAccessible = this.isWorkflowManagementAccessible(rReq);
- if(!isWorkflowManagementAccessible)
+ if (!isWorkflowManagementAccessible)
{
this.showAccessDeniedScreen(rReq, rRes);
return;
}
-
- boolean hasWriteAccess = this.hasWriteAccess(rReq, path);
- if(!hasWriteAccess)
+
+ boolean hasWriteAccess = this.hasWriteAccess(rReq, sPath);
+ if (!hasWriteAccess)
{
this.showAccessDeniedScreen(rReq, rRes);
return;
}
-
+
if (this.getApprovePublish() != null)
{
try
@@ -845,12 +842,12 @@
rReq.setAttribute("pendingQueue", null);
}
}
-
+
Content pendingContent = CMSWorkflowUtil.getPendingContent(Long.parseLong(processId), contentPath);
String viewableContent = Util.getViewableContent(rReq, rRes, pendingContent.getContentAsString());
-
+
rReq.setAttribute("pendingPreviewContent", viewableContent);
-
+
StringBuffer sbUrl = new StringBuffer();
sbUrl.append(rReq.getScheme());
sbUrl.append("://");
@@ -862,12 +859,12 @@
sbUrl.append(rReq.getServerPort());
}
rRes.setContentType("text/html");
- rReq.setAttribute("currpath", path);
- rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, "/"));
-
+ rReq.setAttribute("currpath", sPath);
+ rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, SLASH));
+
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/pending_items.jsp");
prd.include(rReq, rRes);
- }
+ }
}
public void processAction(final JBossActionRequest aReq, final JBossActionResponse aRes) throws PortletException
@@ -917,7 +914,7 @@
String sFolderDescription = aReq.getParameter("newcollectiondescription");
if (!"".equals(sCreatePath) && !"".equals(sFolderName))
{
- String sNewPath = FileUtil.cleanDoubleSlashes(sCreatePath + "/" + sFolderName);
+ String sNewPath = FileUtil.cleanDoubleSlashes(sCreatePath + SLASH + sFolderName);
Folder folder = new FolderImpl();
folder.setCreationDate(new Date());
@@ -932,9 +929,9 @@
Command saveCMD = CMSService.getCommandFactory().createFolderSaveCommand(folder);
CMSService.execute(saveCMD);
}
- catch(CMSException cme)
+ catch (CMSException cme)
{
- if(cme.hasPathFormatFailure())
+ if (cme.hasPathFormatFailure())
{
//Validation Error occurred
//FileName should not be empty
@@ -944,7 +941,7 @@
//used to remember the data already submitted by the user
aRes.setRenderParameter("error:message", CMSAdminConstants.CMS_FOLDERNAME_INVALID);
aRes.setRenderParameter("error:newcollectionname", aReq.getParameter("newcollectionname"));
- aRes.setRenderParameter("error:newcollectiondescription", aReq.getParameter("newcollectiondescription"));
+ aRes.setRenderParameter("error:newcollectiondescription", aReq.getParameter("newcollectiondescription"));
return;
}
@@ -956,7 +953,7 @@
aRes.setRenderParameter("op", CMSAdminConstants.OP_MAIN);
aRes.setRenderParameter("path", sNewPath);
- }
+ }
else
{
//Validation Error
@@ -966,7 +963,7 @@
//used to remember the data already submitted by the user
aRes.setRenderParameter("error:message", CMSAdminConstants.CMS_FOLDERNAME_INVALID);
aRes.setRenderParameter("error:newcollectionname", aReq.getParameter("newcollectionname"));
- aRes.setRenderParameter("error:newcollectiondescription", aReq.getParameter("newcollectiondescription"));
+ aRes.setRenderParameter("error:newcollectiondescription", aReq.getParameter("newcollectiondescription"));
}
}
else if (CMSAdminConstants.OP_UPLOADCONTENT.equals(op))
@@ -998,7 +995,7 @@
}
else // unix
{
- backslashIndex = sFilename.lastIndexOf("/");
+ backslashIndex = sFilename.lastIndexOf(SLASH);
sFilename = sFilename.substring(backslashIndex + 1);
}
@@ -1016,12 +1013,12 @@
content.setMimeType("application/octet-stream");
}
- String sBasePath = FileUtil.cleanDoubleSlashes(sPath + "/" + sFilename);
+ String sBasePath = FileUtil.cleanDoubleSlashes(sPath + SLASH + sFilename);
file.setBasePath(sBasePath);
content.setTitle(sTitle);
content.setDescription(sDescription);
- content.setBasePath(sBasePath + "/" + new Locale(sLanguage));
+ content.setBasePath(sBasePath + SLASH + new Locale(sLanguage));
content.setBytes(item.get());
file.setContent(new Locale(sLanguage), content);
@@ -1100,26 +1097,26 @@
if (!item.isFormField())
{
byte[] archiveBytes = item.get();
-
+
Command storearchiveCMD = CMSService.getCommandFactory().createAsyncStoreArchiveCommand(sPath, archiveBytes, sLanguage);
-
+
List messages = new ArrayList();
-
+
try
{
- CMSService.execute(storearchiveCMD);
+ CMSService.execute(storearchiveCMD);
messages.add(this.resources.getObject("CMS_MSG_UPLOADARCHIVE_ASYNC"));
}
- catch(CMSException cme)
+ catch (CMSException cme)
{
String messageKey = cme.getMessageKey();
- if(messageKey != null && messageKey.trim().length() > 0)
+ if (messageKey != null && messageKey.trim().length() > 0)
{
messages.add(this.resources.getObject(messageKey));
}
}
-
-
+
+
aReq.getPortletSession().setAttribute("messages", messages);
aRes.setRenderParameter("path", FileUtil.cleanDoubleSlashes(sPath));
@@ -1134,7 +1131,7 @@
else if ("language".equals(fieldName))
{
sLanguage = item.getString(aReq.getCharacterEncoding());
- }
+ }
}
}
}
@@ -1151,27 +1148,27 @@
String sType = aReq.getParameter("type");
if (!"".equals(sTo) && !"".equals(sFrom) && !"".equals(sType))
{
- String sNodeName = sFrom.substring(sFrom.lastIndexOf("/") + 1, sFrom.length());
- sTo = FileUtil.cleanDoubleSlashes(sTo + "/" + sNodeName);
-
+ String sNodeName = sFrom.substring(sFrom.lastIndexOf(SLASH) + 1, sFrom.length());
+ sTo = FileUtil.cleanDoubleSlashes(sTo + SLASH + sNodeName);
+
// check if destination already exists
Command existsCMD = CMSService.getCommandFactory().createItemExistsCommand(sTo);
Boolean bExists = (Boolean)CMSService.execute(existsCMD);
- if (bExists.booleanValue())
- {
- List messages = new ArrayList();
- messages.add(this.resources.getObject("CMS_MSG_DESTINATION_ALREADY_EXISTS"));
- aReq.getPortletSession().setAttribute("messages", messages);
- try
- {
- String sParentPath = NodeUtil.getParentPath(sFrom);
- aRes.setRenderParameter("path", sParentPath);
- }
- catch (Exception e)
- {
+ if (bExists.booleanValue())
+ {
+ List messages = new ArrayList();
+ messages.add(this.resources.getObject("CMS_MSG_DESTINATION_ALREADY_EXISTS"));
+ aReq.getPortletSession().setAttribute("messages", messages);
+ try
+ {
+ String sParentPath = NodeUtil.getParentPath(sFrom);
+ aRes.setRenderParameter("path", sParentPath);
+ }
+ catch (Exception e)
+ {
- }
- return;
+ }
+ return;
}
Command copyCommand = CMSService.getCommandFactory().createCopyCommand(sFrom, sTo);
@@ -1193,7 +1190,7 @@
String sTo = aReq.getParameter("destination");
String sFrom = aReq.getParameter("source");
String sType = aReq.getParameter("type");
-
+
if (sTo.startsWith(sFrom))
{
List messages = new ArrayList();
@@ -1210,33 +1207,33 @@
}
return;
}
-
+
if (!"".equals(sTo) && !"".equals(sFrom) && !"".equals(sType))
{
- String sNodeName = sFrom.substring(sFrom.lastIndexOf("/") + 1, sFrom.length());
- sTo = FileUtil.cleanDoubleSlashes(sTo + "/" + sNodeName);
-
+ String sNodeName = sFrom.substring(sFrom.lastIndexOf(SLASH) + 1, sFrom.length());
+ sTo = FileUtil.cleanDoubleSlashes(sTo + SLASH + sNodeName);
+
// check if destination already exists
Command existsCMD = CMSService.getCommandFactory().createItemExistsCommand(sTo);
Boolean bExists = (Boolean)CMSService.execute(existsCMD);
if (bExists.booleanValue())
- {
- List messages = new ArrayList();
- messages.add(this.resources.getObject("CMS_MSG_DESTINATION_ALREADY_EXISTS"));
- aReq.getPortletSession().setAttribute("messages", messages);
- try
- {
- String sParentPath = NodeUtil.getParentPath(sFrom);
- aRes.setRenderParameter("path", sParentPath);
- }
- catch (Exception e)
- {
+ {
+ List messages = new ArrayList();
+ messages.add(this.resources.getObject("CMS_MSG_DESTINATION_ALREADY_EXISTS"));
+ aReq.getPortletSession().setAttribute("messages", messages);
+ try
+ {
+ String sParentPath = NodeUtil.getParentPath(sFrom);
+ aRes.setRenderParameter("path", sParentPath);
+ }
+ catch (Exception e)
+ {
- }
- return;
+ }
+ return;
}
-
+
Command moveCommand = CMSService.getCommandFactory().createMoveCommand(sFrom, sTo);
CMSService.execute(moveCommand);
if ("fo".equalsIgnoreCase(sType))
@@ -1246,7 +1243,7 @@
else if ("fi".equalsIgnoreCase(sType))
{
aRes.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
- }
+ }
aRes.setRenderParameter("path", sTo);
}
@@ -1298,7 +1295,7 @@
}
else // unix
{
- backslashIndex = sFilename.lastIndexOf("/");
+ backslashIndex = sFilename.lastIndexOf(SLASH);
sFilename = sFilename.substring(backslashIndex + 1);
}
@@ -1319,7 +1316,7 @@
}
content.setTitle(sTitle);
content.setDescription(sDescription);
- content.setBasePath(sBasePath + "/" + sLanguage);
+ content.setBasePath(sBasePath + SLASH + sLanguage);
content.setBytes(item.get());
file.setContent(new Locale(sLanguage), content);
@@ -1396,7 +1393,7 @@
if (!"".equals(sFileName) && !"".equals(sDirectory))
{
String sContent = aReq.getParameter("elm1");
- String sNewFilePath = FileUtil.cleanDoubleSlashes(sDirectory + "/" + sFileName);
+ String sNewFilePath = FileUtil.cleanDoubleSlashes(sDirectory + SLASH + sFileName);
File file = new FileImpl();
Content content = new ContentImpl();
@@ -1417,7 +1414,7 @@
content.setTitle(sTitle);
content.setDescription(sDescription);
- content.setBasePath(sBasePath + "/" + new Locale(sLanguage));
+ content.setBasePath(sBasePath + SLASH + new Locale(sLanguage));
content.setBytes(sContent.getBytes());
file.setContent(new Locale(sLanguage), content);
@@ -1429,9 +1426,9 @@
{
bExists = (Boolean)CMSService.execute(existsCMD);
}
- catch(CMSException cme)
+ catch (CMSException cme)
{
- if(cme.hasPathFormatFailure())
+ if (cme.hasPathFormatFailure())
{
//Validation Error occurred
//FileName should not be empty
@@ -1455,7 +1452,7 @@
throw cme;
}
}
-
+
if (bExists.booleanValue()) // if file exists, update contentNode
{
Command cmdUpdate = CMSService.getCommandFactory().createUpdateFileCommand(file, content, true);
@@ -1505,7 +1502,7 @@
content.setTitle(sTitle);
content.setDescription(sDescription);
- content.setBasePath(sFilePath + "/" + new Locale(sLanguage).getLanguage());
+ content.setBasePath(sFilePath + SLASH + new Locale(sLanguage).getLanguage());
content.setBytes(sContent.getBytes());
file.setContent(new Locale(sLanguage), content);
@@ -1585,11 +1582,11 @@
else if (CMSAdminConstants.OP_APPROVE.equals(op))
{
boolean hasWriteAccess = this.hasWriteAccess(aReq, aReq.getParameter("path"));
- if(!hasWriteAccess)
+ if (!hasWriteAccess)
{
throw new CMSException("Access to this resource is denied");
}
-
+
String sManager = aReq.getUser().getUserName();
String sPID = aReq.getParameter("pid");
try
@@ -1619,11 +1616,11 @@
else if (CMSAdminConstants.OP_DENY.equals(op))
{
boolean hasWriteAccess = this.hasWriteAccess(aReq, aReq.getParameter("path"));
- if(!hasWriteAccess)
+ if (!hasWriteAccess)
{
throw new CMSException("Access to this resource is denied");
}
-
+
String sManager = aReq.getUser().getUserName();
String sPID = aReq.getParameter("pid");
try
@@ -1647,45 +1644,45 @@
}
return;
}
-
+
String filePath = aReq.getParameter("path");
String parentPath = null;
try
{
parentPath = NodeUtil.getParentPath(filePath);
}
- catch(Exception e)
+ catch (Exception e)
{
- parentPath = "/";
+ parentPath = SLASH;
}
-
+
//Check if this file still exists
Command existsCmd = this.CMSService.getCommandFactory().createItemExistsCommand(filePath);
- boolean exists = ((Boolean)this.CMSService.execute(existsCmd)).booleanValue();
- if(exists)
+ boolean exists = ((Boolean)this.CMSService.execute(existsCmd)).booleanValue();
+ if (exists)
{
aRes.setRenderParameter("path", filePath);
aRes.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
}
else
- {
+ {
aRes.setRenderParameter("path", parentPath);
aRes.setRenderParameter("op", CMSAdminConstants.OP_MAIN);
}
}
- else if(CMSAdminConstants.OP_MODIFYANDAPPROVE.equals(op))
+ else if (CMSAdminConstants.OP_MODIFYANDAPPROVE.equals(op))
{
boolean hasWriteAccess = this.hasWriteAccess(aReq, aReq.getParameter("path"));
- if(!hasWriteAccess)
+ if (!hasWriteAccess)
{
throw new CMSException("Access to this resource is denied");
}
-
+
String modifiedContent = aReq.getParameter("elm1");
String processId = aReq.getParameter("pid");
String path = aReq.getParameter("path");
String sManager = aReq.getUser().getUserName();
-
+
try
{
//Apply this modifiedContent instead of the one published by the original author
@@ -1707,7 +1704,7 @@
aRes.setRenderParameter("op", from);
}
return;
- }
+ }
aRes.setRenderParameter("path", path);
aRes.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
}
@@ -1717,13 +1714,13 @@
String language = aReq.getParameter("language");
String version = aReq.getParameter("version");
- //Perform the change in live version here
+ //Perform the change in live version here
Command makeLiveCommand = CMSService.getCommandFactory().createMakeLiveVersionCommand(path, language, version);
CMSService.execute(makeLiveCommand);
aRes.setRenderParameter("path", path);
aRes.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
- }
+ }
}
else
{
@@ -1743,7 +1740,7 @@
{
if (sNavPath == null)
{
- sNavPath = "/";
+ sNavPath = SLASH;
}
Command listCMD = CMSService.getCommandFactory().createFolderGetListCommand(sNavPath);
Folder mainFolder = (Folder)CMSService.execute(listCMD);
@@ -1787,13 +1784,13 @@
(manageUsers == null || manageUsers.length == 0)
)
{
- //remove all direct permissions on this node
+ //remove all direct permissions on this node
String uri = this.authorizationManager.getProvider().getCriteriaURI("path", path);
this.authorizationManager.getProvider().removeSecurityBindings(uri);
return;
}
- //cleanup the old permissions on this node, before new ones are created
+ //cleanup the old permissions on this node, before new ones are created
String uri = this.authorizationManager.getProvider().getCriteriaURI("path", path);
this.authorizationManager.getProvider().removeSecurityBindings(uri);
@@ -1906,11 +1903,11 @@
if (portletRequest.getUserPrincipal() != null)
{
- if(portletRequest.getUserPrincipal().getName().equals(this.authorizationManager.getProvider().getRoot().getUserName()))
+ if (portletRequest.getUserPrincipal().getName().equals(this.authorizationManager.getProvider().getRoot().getUserName()))
{
return true;
}
-
+
//Not the Root User. so now make sure the Portlet is accessible to the User that is logged in
User user = this.userModule.findUserByUserName(portletRequest.getUserPrincipal().getName());
String uri = this.authorizationManager.getProvider().getUserURI(user.getUserName());
@@ -1958,7 +1955,6 @@
}
/**
- *
* @param portletRequest
* @return
*/
@@ -2065,26 +2061,26 @@
this.setApprovePublish(null);
}
}
-
+
private void filterResourceBySecurity(List resources, PortalCMSSecurityContext securityContext)
{
-
+
}
-
+
private boolean hasWriteAccess(PortletRequest request, String path)
{
boolean hasAccess = false;
-
+
User user = null;
- if(request instanceof JBossRenderRequest)
+ if (request instanceof JBossRenderRequest)
{
user = ((JBossRenderRequest)request).getUser();
}
- else if(request instanceof JBossActionRequest)
+ else if (request instanceof JBossActionRequest)
{
user = ((JBossActionRequest)request).getUser();
}
-
+
try
{
user = userModule.findUserById(user.getId());
@@ -2097,11 +2093,11 @@
PortalCMSSecurityContext securityContext = new PortalCMSSecurityContext(user);
File file = new FileImpl();
file.setBasePath(path);
- securityContext.setAttribute("command", CMSService.getCommandFactory().createFileUpdateCommand(file));
+ securityContext.setAttribute("command", CMSService.getCommandFactory().createFileUpdateCommand(file));
PortalPermission cmsPermission = new CMSPermission(securityContext);
hasAccess = this.authorizationManager.checkPermission(cmsPermission);
-
+
return hasAccess;
}
}
\ No newline at end of file
15 years, 3 months
- 1
- 0
JBoss Portal SVN: r12737 - branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin.
by portal-commits@lists.jboss.org
Author: chris.laprun(a)jboss.com
Date: 2009-01-30 17:05:36 -0500 (Fri, 30 Jan 2009)
New Revision: 12737
Modified:
branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
Log:
- Should fix several potential XSS issues.
Modified: branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
--- branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-01-30 19:49:06 UTC (rev 12736)
+++ branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-01-30 22:05:36 UTC (rev 12737)
@@ -1,6 +1,6 @@
/******************************************************************************
* JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * Copyright 2009, Red Hat Middleware, LLC, and individual *
* contributors as indicated by the @authors tag. See the *
* copyright.txt in the distribution for a full listing of *
* individual contributors. *
@@ -32,6 +32,7 @@
import org.jboss.portal.cms.impl.ContentImpl;
import org.jboss.portal.cms.impl.FileImpl;
import org.jboss.portal.cms.impl.FolderImpl;
+import org.jboss.portal.cms.impl.jcr.JCRCMS;
import org.jboss.portal.cms.model.Content;
import org.jboss.portal.cms.model.File;
import org.jboss.portal.cms.model.Folder;
@@ -44,9 +45,9 @@
import org.jboss.portal.cms.util.NodeUtil;
import org.jboss.portal.cms.workflow.ApprovePublish;
import org.jboss.portal.cms.workflow.CMSWorkflowUtil;
-import org.jboss.portal.cms.impl.jcr.JCRCMS;
-import org.jboss.portal.core.cms.ui.Util;
+import org.jboss.portal.common.util.ParameterValidation;
import org.jboss.portal.core.cms.command.StreamContentCommand;
+import org.jboss.portal.core.cms.ui.Util;
import org.jboss.portal.core.controller.ControllerContext;
import org.jboss.portal.identity.AnonymousRole;
import org.jboss.portal.identity.IdentityException;
@@ -77,7 +78,8 @@
import javax.portlet.PortletSession;
import javax.portlet.UnavailableException;
import java.io.IOException;
-import java.io.InputStream;
+import java.text.Format;
+import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
@@ -85,11 +87,10 @@
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
+import java.util.ResourceBundle;
import java.util.Set;
import java.util.Vector;
-import java.util.ResourceBundle;
-import java.text.SimpleDateFormat;
-import java.text.Format;
+import java.util.regex.Pattern;
/**
* @author <a href="mailto:roy@jboss.org">Roy Russo</a>
@@ -105,6 +106,8 @@
private ApprovePublish approvePublish;
private AuthorizationManager authorizationManager;
private ResourceBundle resources = null;
+ private static final Pattern CHECK_FOR_XSS_PATTERN = Pattern.compile("^[<>\\(\\)=]");
+ private static final String SLASH = "/";
public void init() throws PortletException
@@ -136,22 +139,22 @@
throw new PortletException("Authorization Service not found");
}
- this.initializeApprovePublishWorkflow();
+ this.initializeApprovePublishWorkflow();
}
-
+
/**
- *
+ *
*/
public void init(PortletConfig config) throws PortletException
{
super.init(config);
-
+
//Get the Resource Bundle for this Portlet
this.resources = config.getResourceBundle(Locale.getDefault());
}
/**
- *
+ *
*/
protected void doView(final JBossRenderRequest rReq, final JBossRenderResponse rRes)
throws PortletException, IOException, UnavailableException
@@ -161,8 +164,8 @@
String datePattern = bundle.getString(CMSAdminConstants.CMS_DATE_PATTERN);
Format dateFormat = new SimpleDateFormat(datePattern, rReq.getLocale());
rReq.setAttribute(CMSAdminConstants.DATE_FORMAT, dateFormat);
-
-
+
+
//check and make sure the CMSAdminPortlet is accessible to the current user
if (!this.isPortletAccessible(rReq))
{
@@ -202,38 +205,46 @@
{
throw new PortletException(e);
}
- }
+ }
}
-
- /**
- *
- * @param renderResponse
- * @throws IOException
- */
+
+ /** @throws IOException */
private void showAccessDeniedScreen(JBossRenderRequest rReq, JBossRenderResponse rRes) throws IOException, PortletException
{
- try
- {
- String sPath = rReq.getParameter("path");
- String sOp = rReq.getParameter("returnOp");
-
-
- rRes.setContentType("text/html");
- rReq.setAttribute("path", sPath);
- rReq.setAttribute("returnOp", sOp);
- javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/accessdenied.jsp");
- prd.include(rReq, rRes);
- }
- catch(Exception e)
- {
- throw new PortletException(e);
- }
+ try
+ {
+ String sPath = rReq.getParameter("path");
+ String sOp = rReq.getParameter("returnOp");
+
+
+ rRes.setContentType("text/html");
+ rReq.setAttribute("path", sPath);
+ rReq.setAttribute("returnOp", sOp);
+ javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/accessdenied.jsp");
+ prd.include(rReq, rRes);
+ }
+ catch (Exception e)
+ {
+ throw new PortletException(e);
+ }
}
private void internalDoView(JBossRenderRequest rReq, JBossRenderResponse rRes)
throws CMSException, PortletException, IOException
{
String op = rReq.getParameter("op");
+ String sPath = rReq.getParameter("path");
+ if (sPath != null)
+ {
+ sPath = ParameterValidation.sanitizeFromPattern(sPath, CHECK_FOR_XSS_PATTERN, SLASH);
+ }
+
+ String sNavPath = rReq.getParameter("navpath");
+ if (sNavPath != null)
+ {
+ sNavPath = ParameterValidation.sanitizeFromPattern(sNavPath, CHECK_FOR_XSS_PATTERN, SLASH);
+ }
+
if (op == null)
{
op = CMSAdminConstants.OP_MAIN;
@@ -241,21 +252,19 @@
if (CMSAdminConstants.OP_MAIN.equals(op)) // list page.
{
- String sPath = rReq.getParameter("path");
if (sPath == null)
{
- sPath = "/";
+ sPath = SLASH;
}
-
-
+
JCRCMS.enableUISecurityFilter();
Command listCMD = CMSService.getCommandFactory().createFolderGetListCommand(sPath);
Folder mainFolder = (Folder)CMSService.execute(listCMD);
-
+
List folders = new ArrayList();
List files = new ArrayList();
-
- if(mainFolder != null)
+
+ if (mainFolder != null)
{
folders = mainFolder.getFolders();
files = mainFolder.getFiles();
@@ -263,15 +272,15 @@
else
{
Object messages = rReq.getPortletSession().getAttribute("messages");
- if(messages == null)
+ if (messages == null)
{
messages = new ArrayList();
rReq.getPortletSession().setAttribute("messages", messages);
}
-
+
((List)messages).add(this.resources.getObject("CMS_MISSING_RESOURCE"));
}
-
+
JCRCMS.disableUISecurityFilter();
rRes.setContentType("text/html");
@@ -290,13 +299,13 @@
{
rReq.setAttribute("manageWorkflowAccessible", new Boolean(false));
}
-
+
//Messages
- if(rReq.getPortletSession().getAttribute("messages") != null)
+ if (rReq.getPortletSession().getAttribute("messages") != null)
{
Object messages = rReq.getPortletSession().getAttribute("messages");
rReq.getPortletSession().removeAttribute("messages");
-
+
rReq.setAttribute("messages", messages);
}
@@ -307,42 +316,42 @@
{
try
{
- String sNavPath = rReq.getParameter("navpath");
-
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("navpath", sNavPath);
-
- String sPath = rReq.getParameter("path");
+
rRes.setContentType("text/html");
rReq.setAttribute("createpath", sPath);
-
- if (rReq.getParameter("error:message") != null)
+
+ String parameter = rReq.getParameter("error:message");
+ if (parameter != null)
{
- rReq.setAttribute("error:message", rReq.getParameter("error:message"));
+ rReq.setAttribute("error:message", parameter);
}
- if (rReq.getParameter("error:newcollectionname") != null)
+ parameter = rReq.getParameter("error:newcollectionname");
+ if (parameter != null)
{
- rReq.setAttribute("error:newcollectionname", rReq.getParameter("error:newcollectionname"));
+ rReq.setAttribute("error:newcollectionname", parameter);
}
- if (rReq.getParameter("error:newcollectiondescription") != null)
+ parameter = rReq.getParameter("error:newcollectiondescription");
+ if (parameter != null)
{
- rReq.setAttribute("error:newcollectiondescription", rReq.getParameter("error:newcollectiondescription"));
+ rReq.setAttribute("error:newcollectiondescription", parameter);
}
-
-
+
+
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/confirmcreatecollection.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
@@ -351,17 +360,15 @@
{
try
{
- String sPath = rReq.getParameter("path");
- String sNavPath = rReq.getParameter("navpath");
-
+
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
@@ -370,15 +377,13 @@
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/upload.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
}
else if (CMSAdminConstants.OP_VIEWFILE.equals(op))
{
- String sPath = rReq.getParameter("path");
-
Command fileGetList = CMSService.getCommandFactory().createFileGetListCommand(sPath);
List contentList = (List)CMSService.execute(fileGetList);
@@ -459,17 +464,15 @@
{
try
{
- String sPath = rReq.getParameter("path");
- String sNavPath = rReq.getParameter("navpath");
-
+
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
@@ -477,7 +480,7 @@
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/uploadarchive.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
@@ -486,18 +489,16 @@
{
try
{
- String sPath = rReq.getParameter("path");
- String sNavPath = rReq.getParameter("navpath");
String sType = rReq.getParameter("type");
-
+
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
@@ -506,7 +507,7 @@
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/confirmcopy.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
@@ -515,18 +516,16 @@
{
try
{
- String sPath = rReq.getParameter("path");
- String sNavPath = rReq.getParameter("navpath");
String sType = rReq.getParameter("type");
-
+
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
@@ -535,14 +534,13 @@
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/confirmmove.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
}
else if (CMSAdminConstants.OP_CONFIRMDELETE.equals(op))
{
- String sPath = rReq.getParameter("path");
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/confirmdelete.jsp");
@@ -550,18 +548,16 @@
}
else if (CMSAdminConstants.OP_EDIT_BINARY.equals(op))
{
- String sPath = rReq.getParameter("path");
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
- rReq.setAttribute("language", rReq.getParameter("language"));
+ String language = rReq.getParameter("language");
+ ParameterValidation.sanitizeFromPattern(language, CHECK_FOR_XSS_PATTERN, "en");
+ rReq.setAttribute("language", language);
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/editbinary.jsp");
prd.include(rReq, rRes);
}
- else
- if (CMSAdminConstants.OP_CREATENEWTEXT.equals(op) || CMSAdminConstants.OP_CREATEFILE_VALIDATION_ERROR.equals(op))
+ else if (CMSAdminConstants.OP_CREATENEWTEXT.equals(op) || CMSAdminConstants.OP_CREATEFILE_VALIDATION_ERROR.equals(op))
{
- String sPath = rReq.getParameter("path");
-
// get Base for editor
StringBuffer sbUrl = new StringBuffer();
sbUrl.append(rReq.getScheme());
@@ -588,32 +584,38 @@
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
- rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, "/"));
+ rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, SLASH));
//If a validation error occurred, re-populate data already submitted
- if (rReq.getParameter("error:content") != null)
+ String parameter = rReq.getParameter("error:content");
+ if (parameter != null)
{
- rReq.setAttribute("error:content", rReq.getParameter("error:content"));
+ rReq.setAttribute("error:content", parameter);
}
- if (rReq.getParameter("error:description") != null)
+ parameter = rReq.getParameter("error:description");
+ if (parameter != null)
{
- rReq.setAttribute("error:description", rReq.getParameter("error:description"));
+ rReq.setAttribute("error:description", parameter);
}
- if (rReq.getParameter("error:title") != null)
+ parameter = rReq.getParameter("error:title");
+ if (parameter != null)
{
- rReq.setAttribute("error:title", rReq.getParameter("error:title"));
+ rReq.setAttribute("error:title", parameter);
}
- if (rReq.getParameter("error:language") != null)
+ parameter = rReq.getParameter("error:language");
+ if (parameter != null)
{
- rReq.setAttribute("error:language", rReq.getParameter("error:language"));
+ rReq.setAttribute("error:language", parameter);
}
- if (rReq.getParameter("error:filename") != null)
+ parameter = rReq.getParameter("error:filename");
+ if (parameter != null)
{
- rReq.setAttribute("error:filename", rReq.getParameter("error:filename"));
+ rReq.setAttribute("error:filename", parameter);
}
- if (rReq.getParameter("error:message") != null)
+ parameter = rReq.getParameter("error:message");
+ if (parameter != null)
{
- rReq.setAttribute("error:message", rReq.getParameter("error:message"));
+ rReq.setAttribute("error:message", parameter);
}
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/create.jsp");
@@ -621,8 +623,9 @@
}
else if (CMSAdminConstants.OP_EDIT.equals(op))
{
- String sPath = rReq.getParameter("path");
String sLanguage = rReq.getParameter("language");
+ ParameterValidation.sanitizeFromPattern(sLanguage, CHECK_FOR_XSS_PATTERN, "en");
+
String sVersion = rReq.getParameter("version");
StringBuffer sbUrl = new StringBuffer();
@@ -651,7 +654,7 @@
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
- rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, "/"));
+ rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, SLASH));
Command getCommand;
@@ -680,17 +683,14 @@
{
try
{
- String sPath = rReq.getParameter("path");
- String sNavPath = rReq.getParameter("navpath");
-
List folders = this.getFolderList(sNavPath);
- if((folders == null || folders.isEmpty()) &&
- (sNavPath != null && !sNavPath.equals("/")))
+ if ((folders == null || folders.isEmpty()) &&
+ (sNavPath != null && !sNavPath.equals(SLASH)))
{
sNavPath = NodeUtil.getParentPath(sNavPath);
folders = this.getFolderList(sNavPath);
}
-
+
rReq.setAttribute("folders", folders);
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
@@ -698,15 +698,15 @@
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/exportarchive.jsp");
prd.include(rReq, rRes);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new PortletException(e);
}
}
else if (CMSAdminConstants.OP_EXPORTARCHIVE_PICKUP.equals(op))
{
- String sPath = rReq.getParameter("path");
String sPickupFile = rReq.getParameter("filepath");
+ ParameterValidation.sanitizeFromPattern(sPickupFile, CHECK_FOR_XSS_PATTERN, SLASH);
rRes.setContentType("text/html");
PortletRequestDispatcher prd = null;
@@ -725,7 +725,6 @@
}
else if (CMSAdminConstants.OP_CONFIRMSECURE.equals(op))
{
- String sPath = rReq.getParameter("path");
String sConfirm = rReq.getParameter("confirm");
String returnOp = rReq.getParameter("returnOp");
@@ -786,13 +785,11 @@
else if (CMSAdminConstants.OP_VIEWPENDING.equals(op))
{
boolean isWorkflowManagementAccessible = this.isWorkflowManagementAccessible(rReq);
- if(!isWorkflowManagementAccessible)
+ if (!isWorkflowManagementAccessible)
{
this.showAccessDeniedScreen(rReq, rRes);
return;
}
-
- String sPath = rReq.getParameter("path");
if (this.getApprovePublish() != null)
{
@@ -809,30 +806,29 @@
rRes.setContentType("text/html");
rReq.setAttribute("currpath", sPath);
-
+
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/pending_items.jsp");
prd.include(rReq, rRes);
}
else if (CMSAdminConstants.OP_VIEWPENDINGPREVIEW.equals(op))
{
String processId = rReq.getParameter("pid");
- String path = rReq.getParameter("path");
String contentPath = rReq.getParameter("contentPath");
-
+
boolean isWorkflowManagementAccessible = this.isWorkflowManagementAccessible(rReq);
- if(!isWorkflowManagementAccessible)
+ if (!isWorkflowManagementAccessible)
{
this.showAccessDeniedScreen(rReq, rRes);
return;
}
-
- boolean hasWriteAccess = this.hasWriteAccess(rReq, path);
- if(!hasWriteAccess)
+
+ boolean hasWriteAccess = this.hasWriteAccess(rReq, sPath);
+ if (!hasWriteAccess)
{
this.showAccessDeniedScreen(rReq, rRes);
return;
}
-
+
if (this.getApprovePublish() != null)
{
try
@@ -845,12 +841,12 @@
rReq.setAttribute("pendingQueue", null);
}
}
-
+
Content pendingContent = CMSWorkflowUtil.getPendingContent(Long.parseLong(processId), contentPath);
String viewableContent = Util.getViewableContent(rReq, rRes, pendingContent.getContentAsString());
-
+
rReq.setAttribute("pendingPreviewContent", viewableContent);
-
+
StringBuffer sbUrl = new StringBuffer();
sbUrl.append(rReq.getScheme());
sbUrl.append("://");
@@ -862,12 +858,12 @@
sbUrl.append(rReq.getServerPort());
}
rRes.setContentType("text/html");
- rReq.setAttribute("currpath", path);
- rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, "/"));
-
+ rReq.setAttribute("currpath", sPath);
+ rReq.setAttribute("document_base_url", sbUrl.toString() + this.buildURL(rReq, SLASH));
+
javax.portlet.PortletRequestDispatcher prd = getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH + "/pending_items.jsp");
prd.include(rReq, rRes);
- }
+ }
}
public void processAction(final JBossActionRequest aReq, final JBossActionResponse aRes) throws PortletException
@@ -917,7 +913,7 @@
String sFolderDescription = aReq.getParameter("newcollectiondescription");
if (!"".equals(sCreatePath) && !"".equals(sFolderName))
{
- String sNewPath = FileUtil.cleanDoubleSlashes(sCreatePath + "/" + sFolderName);
+ String sNewPath = FileUtil.cleanDoubleSlashes(sCreatePath + SLASH + sFolderName);
Folder folder = new FolderImpl();
folder.setCreationDate(new Date());
@@ -932,9 +928,9 @@
Command saveCMD = CMSService.getCommandFactory().createFolderSaveCommand(folder);
CMSService.execute(saveCMD);
}
- catch(CMSException cme)
+ catch (CMSException cme)
{
- if(cme.hasPathFormatFailure())
+ if (cme.hasPathFormatFailure())
{
//Validation Error occurred
//FileName should not be empty
@@ -944,7 +940,7 @@
//used to remember the data already submitted by the user
aRes.setRenderParameter("error:message", CMSAdminConstants.CMS_FOLDERNAME_INVALID);
aRes.setRenderParameter("error:newcollectionname", aReq.getParameter("newcollectionname"));
- aRes.setRenderParameter("error:newcollectiondescription", aReq.getParameter("newcollectiondescription"));
+ aRes.setRenderParameter("error:newcollectiondescription", aReq.getParameter("newcollectiondescription"));
return;
}
@@ -956,7 +952,7 @@
aRes.setRenderParameter("op", CMSAdminConstants.OP_MAIN);
aRes.setRenderParameter("path", sNewPath);
- }
+ }
else
{
//Validation Error
@@ -966,7 +962,7 @@
//used to remember the data already submitted by the user
aRes.setRenderParameter("error:message", CMSAdminConstants.CMS_FOLDERNAME_INVALID);
aRes.setRenderParameter("error:newcollectionname", aReq.getParameter("newcollectionname"));
- aRes.setRenderParameter("error:newcollectiondescription", aReq.getParameter("newcollectiondescription"));
+ aRes.setRenderParameter("error:newcollectiondescription", aReq.getParameter("newcollectiondescription"));
}
}
else if (CMSAdminConstants.OP_UPLOADCONTENT.equals(op))
@@ -998,7 +994,7 @@
}
else // unix
{
- backslashIndex = sFilename.lastIndexOf("/");
+ backslashIndex = sFilename.lastIndexOf(SLASH);
sFilename = sFilename.substring(backslashIndex + 1);
}
@@ -1016,12 +1012,12 @@
content.setMimeType("application/octet-stream");
}
- String sBasePath = FileUtil.cleanDoubleSlashes(sPath + "/" + sFilename);
+ String sBasePath = FileUtil.cleanDoubleSlashes(sPath + SLASH + sFilename);
file.setBasePath(sBasePath);
content.setTitle(sTitle);
content.setDescription(sDescription);
- content.setBasePath(sBasePath + "/" + new Locale(sLanguage));
+ content.setBasePath(sBasePath + SLASH + new Locale(sLanguage));
content.setBytes(item.get());
file.setContent(new Locale(sLanguage), content);
@@ -1100,26 +1096,26 @@
if (!item.isFormField())
{
byte[] archiveBytes = item.get();
-
+
Command storearchiveCMD = CMSService.getCommandFactory().createAsyncStoreArchiveCommand(sPath, archiveBytes, sLanguage);
-
+
List messages = new ArrayList();
-
+
try
{
- CMSService.execute(storearchiveCMD);
+ CMSService.execute(storearchiveCMD);
messages.add(this.resources.getObject("CMS_MSG_UPLOADARCHIVE_ASYNC"));
}
- catch(CMSException cme)
+ catch (CMSException cme)
{
String messageKey = cme.getMessageKey();
- if(messageKey != null && messageKey.trim().length() > 0)
+ if (messageKey != null && messageKey.trim().length() > 0)
{
messages.add(this.resources.getObject(messageKey));
}
}
-
-
+
+
aReq.getPortletSession().setAttribute("messages", messages);
aRes.setRenderParameter("path", FileUtil.cleanDoubleSlashes(sPath));
@@ -1134,7 +1130,7 @@
else if ("language".equals(fieldName))
{
sLanguage = item.getString(aReq.getCharacterEncoding());
- }
+ }
}
}
}
@@ -1151,27 +1147,27 @@
String sType = aReq.getParameter("type");
if (!"".equals(sTo) && !"".equals(sFrom) && !"".equals(sType))
{
- String sNodeName = sFrom.substring(sFrom.lastIndexOf("/") + 1, sFrom.length());
- sTo = FileUtil.cleanDoubleSlashes(sTo + "/" + sNodeName);
-
+ String sNodeName = sFrom.substring(sFrom.lastIndexOf(SLASH) + 1, sFrom.length());
+ sTo = FileUtil.cleanDoubleSlashes(sTo + SLASH + sNodeName);
+
// check if destination already exists
Command existsCMD = CMSService.getCommandFactory().createItemExistsCommand(sTo);
Boolean bExists = (Boolean)CMSService.execute(existsCMD);
- if (bExists.booleanValue())
- {
- List messages = new ArrayList();
- messages.add(this.resources.getObject("CMS_MSG_DESTINATION_ALREADY_EXISTS"));
- aReq.getPortletSession().setAttribute("messages", messages);
- try
- {
- String sParentPath = NodeUtil.getParentPath(sFrom);
- aRes.setRenderParameter("path", sParentPath);
- }
- catch (Exception e)
- {
+ if (bExists.booleanValue())
+ {
+ List messages = new ArrayList();
+ messages.add(this.resources.getObject("CMS_MSG_DESTINATION_ALREADY_EXISTS"));
+ aReq.getPortletSession().setAttribute("messages", messages);
+ try
+ {
+ String sParentPath = NodeUtil.getParentPath(sFrom);
+ aRes.setRenderParameter("path", sParentPath);
+ }
+ catch (Exception e)
+ {
- }
- return;
+ }
+ return;
}
Command copyCommand = CMSService.getCommandFactory().createCopyCommand(sFrom, sTo);
@@ -1193,7 +1189,7 @@
String sTo = aReq.getParameter("destination");
String sFrom = aReq.getParameter("source");
String sType = aReq.getParameter("type");
-
+
if (sTo.startsWith(sFrom))
{
List messages = new ArrayList();
@@ -1210,33 +1206,33 @@
}
return;
}
-
+
if (!"".equals(sTo) && !"".equals(sFrom) && !"".equals(sType))
{
- String sNodeName = sFrom.substring(sFrom.lastIndexOf("/") + 1, sFrom.length());
- sTo = FileUtil.cleanDoubleSlashes(sTo + "/" + sNodeName);
-
+ String sNodeName = sFrom.substring(sFrom.lastIndexOf(SLASH) + 1, sFrom.length());
+ sTo = FileUtil.cleanDoubleSlashes(sTo + SLASH + sNodeName);
+
// check if destination already exists
Command existsCMD = CMSService.getCommandFactory().createItemExistsCommand(sTo);
Boolean bExists = (Boolean)CMSService.execute(existsCMD);
if (bExists.booleanValue())
- {
- List messages = new ArrayList();
- messages.add(this.resources.getObject("CMS_MSG_DESTINATION_ALREADY_EXISTS"));
- aReq.getPortletSession().setAttribute("messages", messages);
- try
- {
- String sParentPath = NodeUtil.getParentPath(sFrom);
- aRes.setRenderParameter("path", sParentPath);
- }
- catch (Exception e)
- {
+ {
+ List messages = new ArrayList();
+ messages.add(this.resources.getObject("CMS_MSG_DESTINATION_ALREADY_EXISTS"));
+ aReq.getPortletSession().setAttribute("messages", messages);
+ try
+ {
+ String sParentPath = NodeUtil.getParentPath(sFrom);
+ aRes.setRenderParameter("path", sParentPath);
+ }
+ catch (Exception e)
+ {
- }
- return;
+ }
+ return;
}
-
+
Command moveCommand = CMSService.getCommandFactory().createMoveCommand(sFrom, sTo);
CMSService.execute(moveCommand);
if ("fo".equalsIgnoreCase(sType))
@@ -1246,7 +1242,7 @@
else if ("fi".equalsIgnoreCase(sType))
{
aRes.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
- }
+ }
aRes.setRenderParameter("path", sTo);
}
@@ -1298,7 +1294,7 @@
}
else // unix
{
- backslashIndex = sFilename.lastIndexOf("/");
+ backslashIndex = sFilename.lastIndexOf(SLASH);
sFilename = sFilename.substring(backslashIndex + 1);
}
@@ -1319,7 +1315,7 @@
}
content.setTitle(sTitle);
content.setDescription(sDescription);
- content.setBasePath(sBasePath + "/" + sLanguage);
+ content.setBasePath(sBasePath + SLASH + sLanguage);
content.setBytes(item.get());
file.setContent(new Locale(sLanguage), content);
@@ -1396,7 +1392,7 @@
if (!"".equals(sFileName) && !"".equals(sDirectory))
{
String sContent = aReq.getParameter("elm1");
- String sNewFilePath = FileUtil.cleanDoubleSlashes(sDirectory + "/" + sFileName);
+ String sNewFilePath = FileUtil.cleanDoubleSlashes(sDirectory + SLASH + sFileName);
File file = new FileImpl();
Content content = new ContentImpl();
@@ -1417,7 +1413,7 @@
content.setTitle(sTitle);
content.setDescription(sDescription);
- content.setBasePath(sBasePath + "/" + new Locale(sLanguage));
+ content.setBasePath(sBasePath + SLASH + new Locale(sLanguage));
content.setBytes(sContent.getBytes());
file.setContent(new Locale(sLanguage), content);
@@ -1429,9 +1425,9 @@
{
bExists = (Boolean)CMSService.execute(existsCMD);
}
- catch(CMSException cme)
+ catch (CMSException cme)
{
- if(cme.hasPathFormatFailure())
+ if (cme.hasPathFormatFailure())
{
//Validation Error occurred
//FileName should not be empty
@@ -1455,7 +1451,7 @@
throw cme;
}
}
-
+
if (bExists.booleanValue()) // if file exists, update contentNode
{
Command cmdUpdate = CMSService.getCommandFactory().createUpdateFileCommand(file, content, true);
@@ -1505,7 +1501,7 @@
content.setTitle(sTitle);
content.setDescription(sDescription);
- content.setBasePath(sFilePath + "/" + new Locale(sLanguage).getLanguage());
+ content.setBasePath(sFilePath + SLASH + new Locale(sLanguage).getLanguage());
content.setBytes(sContent.getBytes());
file.setContent(new Locale(sLanguage), content);
@@ -1585,11 +1581,11 @@
else if (CMSAdminConstants.OP_APPROVE.equals(op))
{
boolean hasWriteAccess = this.hasWriteAccess(aReq, aReq.getParameter("path"));
- if(!hasWriteAccess)
+ if (!hasWriteAccess)
{
throw new CMSException("Access to this resource is denied");
}
-
+
String sManager = aReq.getUser().getUserName();
String sPID = aReq.getParameter("pid");
try
@@ -1619,11 +1615,11 @@
else if (CMSAdminConstants.OP_DENY.equals(op))
{
boolean hasWriteAccess = this.hasWriteAccess(aReq, aReq.getParameter("path"));
- if(!hasWriteAccess)
+ if (!hasWriteAccess)
{
throw new CMSException("Access to this resource is denied");
}
-
+
String sManager = aReq.getUser().getUserName();
String sPID = aReq.getParameter("pid");
try
@@ -1647,45 +1643,45 @@
}
return;
}
-
+
String filePath = aReq.getParameter("path");
String parentPath = null;
try
{
parentPath = NodeUtil.getParentPath(filePath);
}
- catch(Exception e)
+ catch (Exception e)
{
- parentPath = "/";
+ parentPath = SLASH;
}
-
+
//Check if this file still exists
Command existsCmd = this.CMSService.getCommandFactory().createItemExistsCommand(filePath);
- boolean exists = ((Boolean)this.CMSService.execute(existsCmd)).booleanValue();
- if(exists)
+ boolean exists = ((Boolean)this.CMSService.execute(existsCmd)).booleanValue();
+ if (exists)
{
aRes.setRenderParameter("path", filePath);
aRes.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
}
else
- {
+ {
aRes.setRenderParameter("path", parentPath);
aRes.setRenderParameter("op", CMSAdminConstants.OP_MAIN);
}
}
- else if(CMSAdminConstants.OP_MODIFYANDAPPROVE.equals(op))
+ else if (CMSAdminConstants.OP_MODIFYANDAPPROVE.equals(op))
{
boolean hasWriteAccess = this.hasWriteAccess(aReq, aReq.getParameter("path"));
- if(!hasWriteAccess)
+ if (!hasWriteAccess)
{
throw new CMSException("Access to this resource is denied");
}
-
+
String modifiedContent = aReq.getParameter("elm1");
String processId = aReq.getParameter("pid");
String path = aReq.getParameter("path");
String sManager = aReq.getUser().getUserName();
-
+
try
{
//Apply this modifiedContent instead of the one published by the original author
@@ -1707,7 +1703,7 @@
aRes.setRenderParameter("op", from);
}
return;
- }
+ }
aRes.setRenderParameter("path", path);
aRes.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
}
@@ -1723,7 +1719,7 @@
aRes.setRenderParameter("path", path);
aRes.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
- }
+ }
}
else
{
@@ -1743,7 +1739,7 @@
{
if (sNavPath == null)
{
- sNavPath = "/";
+ sNavPath = SLASH;
}
Command listCMD = CMSService.getCommandFactory().createFolderGetListCommand(sNavPath);
Folder mainFolder = (Folder)CMSService.execute(listCMD);
@@ -1906,11 +1902,11 @@
if (portletRequest.getUserPrincipal() != null)
{
- if(portletRequest.getUserPrincipal().getName().equals(this.authorizationManager.getProvider().getRoot().getUserName()))
+ if (portletRequest.getUserPrincipal().getName().equals(this.authorizationManager.getProvider().getRoot().getUserName()))
{
return true;
}
-
+
//Not the Root User. so now make sure the Portlet is accessible to the User that is logged in
User user = this.userModule.findUserByUserName(portletRequest.getUserPrincipal().getName());
String uri = this.authorizationManager.getProvider().getUserURI(user.getUserName());
@@ -1958,7 +1954,6 @@
}
/**
- *
* @param portletRequest
* @return
*/
@@ -2065,26 +2060,26 @@
this.setApprovePublish(null);
}
}
-
+
private void filterResourceBySecurity(List resources, PortalCMSSecurityContext securityContext)
{
-
+
}
-
+
private boolean hasWriteAccess(PortletRequest request, String path)
{
boolean hasAccess = false;
-
+
User user = null;
- if(request instanceof JBossRenderRequest)
+ if (request instanceof JBossRenderRequest)
{
user = ((JBossRenderRequest)request).getUser();
}
- else if(request instanceof JBossActionRequest)
+ else if (request instanceof JBossActionRequest)
{
user = ((JBossActionRequest)request).getUser();
}
-
+
try
{
user = userModule.findUserById(user.getId());
@@ -2097,11 +2092,11 @@
PortalCMSSecurityContext securityContext = new PortalCMSSecurityContext(user);
File file = new FileImpl();
file.setBasePath(path);
- securityContext.setAttribute("command", CMSService.getCommandFactory().createFileUpdateCommand(file));
+ securityContext.setAttribute("command", CMSService.getCommandFactory().createFileUpdateCommand(file));
PortalPermission cmsPermission = new CMSPermission(securityContext);
hasAccess = this.authorizationManager.checkPermission(cmsPermission);
-
+
return hasAccess;
}
}
\ No newline at end of file
15 years, 3 months
- 1
- 0
JBoss Portal SVN: r12736 - branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/wsrp/consumer.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-01-30 14:49:06 -0500 (Fri, 30 Jan 2009)
New Revision: 12736
Modified:
branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/wsrp/consumer/ProducerSessionInformation.java
Log:
"Fix" the serialization issue
Modified: branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/wsrp/consumer/ProducerSessionInformation.java
===================================================================
--- branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/wsrp/consumer/ProducerSessionInformation.java 2009-01-30 19:47:34 UTC (rev 12735)
+++ branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/wsrp/consumer/ProducerSessionInformation.java 2009-01-30 19:49:06 UTC (rev 12736)
@@ -30,6 +30,7 @@
import org.jboss.portal.wsrp.WSRPConstants;
import org.jboss.portal.wsrp.core.SessionContext;
+import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@@ -43,7 +44,7 @@
* @version $Revision$
* @since 2.4 (May 30, 2006)
*/
-public class ProducerSessionInformation
+public class ProducerSessionInformation implements Serializable
{
private static Logger log = Logger.getLogger(ProducerSessionInformation.class);
@@ -63,7 +64,7 @@
private Cookie[] userCookie;
/** Parent SessionHandler so that session mappings can be updated */
- private SessionHandler parent;
+ private transient SessionHandler parent;
/** The identifier of the Session containing this ProducerSessionInformation */
private String parentSessionId;
@@ -464,7 +465,7 @@
}
}
- private class SessionInfo
+ private class SessionInfo implements Serializable
{
private SessionContext sessionContext;
private long lastInvocationTime;
15 years, 3 months
- 1
- 0
JBoss Portal SVN: r12735 - tags/Enterprise_Portal_Platform_4_3_GA/wsrp/src/main/org/jboss/portal/wsrp/consumer.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-01-30 14:47:34 -0500 (Fri, 30 Jan 2009)
New Revision: 12735
Modified:
tags/Enterprise_Portal_Platform_4_3_GA/wsrp/src/main/org/jboss/portal/wsrp/consumer/ProducerSessionInformation.java
Log:
"Fix" the serialization issue
Modified: tags/Enterprise_Portal_Platform_4_3_GA/wsrp/src/main/org/jboss/portal/wsrp/consumer/ProducerSessionInformation.java
===================================================================
--- tags/Enterprise_Portal_Platform_4_3_GA/wsrp/src/main/org/jboss/portal/wsrp/consumer/ProducerSessionInformation.java 2009-01-30 19:46:24 UTC (rev 12734)
+++ tags/Enterprise_Portal_Platform_4_3_GA/wsrp/src/main/org/jboss/portal/wsrp/consumer/ProducerSessionInformation.java 2009-01-30 19:47:34 UTC (rev 12735)
@@ -30,6 +30,7 @@
import org.jboss.portal.wsrp.WSRPConstants;
import org.jboss.portal.wsrp.core.SessionContext;
+import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@@ -43,7 +44,7 @@
* @version $Revision$
* @since 2.4 (May 30, 2006)
*/
-public class ProducerSessionInformation
+public class ProducerSessionInformation implements Serializable
{
private static Logger log = Logger.getLogger(ProducerSessionInformation.class);
@@ -63,7 +64,7 @@
private Cookie[] userCookie;
/** Parent SessionHandler so that session mappings can be updated */
- private SessionHandler parent;
+ private transient SessionHandler parent;
/** The identifier of the Session containing this ProducerSessionInformation */
private String parentSessionId;
@@ -464,7 +465,7 @@
}
}
- private class SessionInfo
+ private class SessionInfo implements Serializable
{
private SessionContext sessionContext;
private long lastInvocationTime;
15 years, 3 months
- 1
- 0
JBoss Portal SVN: r12734 - in tags/Enterprise_Portal_Platform_4_3_GA: core-identity/src/resources/portal-identity-war/WEB-INF and 1 other directories.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-01-30 14:46:24 -0500 (Fri, 30 Jan 2009)
New Revision: 12734
Modified:
tags/Enterprise_Portal_Platform_4_3_GA/core-identity/src/resources/portal-identity-war/WEB-INF/jboss-portlet.xml
tags/Enterprise_Portal_Platform_4_3_GA/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java
tags/Enterprise_Portal_Platform_4_3_GA/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaRegionRenderer.java
Log:
- Include DnD scripts statically, and remove old RF config from identity
- JBPORTAL-2273: real fix: when we get an OpaqueStateString just transmit it as is since chances are it cannot be interpreted
(unless it was encoded by a Portal producer) and we cannot use the information locally to mix in the public navigational
state anyway.
Modified: tags/Enterprise_Portal_Platform_4_3_GA/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java
===================================================================
--- tags/Enterprise_Portal_Platform_4_3_GA/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java 2009-01-30 19:43:36 UTC (rev 12733)
+++ tags/Enterprise_Portal_Platform_4_3_GA/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java 2009-01-30 19:46:24 UTC (rev 12734)
@@ -1,6 +1,6 @@
/******************************************************************************
* JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * Copyright 2009, Red Hat Middleware, LLC, and individual *
* contributors as indicated by the @authors tag. See the *
* copyright.txt in the distribution for a full listing of *
* individual contributors. *
@@ -86,37 +86,35 @@
StateString state = renderResult.getNavigationalState();
- Map<String, String[]> stringMap;
+ // if we are in the local case, decode the parameters and mix in public navigational state if needed
+ // in the WSRP case, we get an OpaqueStateString that we just pass along as is
if (state instanceof ParametersStateString)
{
- stringMap = ((ParametersStateString)state).getParameters();
- }
- else
- {
- stringMap = StateString.decodeOpaqueValue(state.getStringValue());
- }
- Map<String, String[]> parameters = new HashMap<String, String[]>(stringMap);
+ Map<String, String[]> stringMap = ((ParametersStateString)state).getParameters();
- if (pns != null)
- {
+ Map<String, String[]> parameters = new HashMap<String, String[]>(stringMap);
- //
- for (ParameterInfo parameterInfo : portletInfo.getNavigation().getPublicParameters())
+ if (pns != null)
{
- String key = parameterInfo.getId();
-
//
- String[] values = pns.getParameter(parameterInfo.getName());
-
- //
- if (values != null)
+ for (ParameterInfo parameterInfo : portletInfo.getNavigation().getPublicParameters())
{
- parameters.put(key, values);
+ String key = parameterInfo.getId();
+
+ //
+ String[] values = pns.getParameter(parameterInfo.getName());
+
+ //
+ if (values != null)
+ {
+ parameters.put(key, values);
+ }
}
}
+ state = ParametersStateString.create(parameters);
}
- return new PortletWindowActionResponse(targetId, windowState, mode, ParametersStateString.create(parameters));
+ return new PortletWindowActionResponse(targetId, windowState, mode, state);
}
else
{
Modified: tags/Enterprise_Portal_Platform_4_3_GA/core-identity/src/resources/portal-identity-war/WEB-INF/jboss-portlet.xml
===================================================================
--- tags/Enterprise_Portal_Platform_4_3_GA/core-identity/src/resources/portal-identity-war/WEB-INF/jboss-portlet.xml 2009-01-30 19:43:36 UTC (rev 12733)
+++ tags/Enterprise_Portal_Platform_4_3_GA/core-identity/src/resources/portal-identity-war/WEB-INF/jboss-portlet.xml 2009-01-30 19:46:24 UTC (rev 12734)
@@ -35,9 +35,6 @@
<trans-attribute>Required</trans-attribute>
</transaction>
<header-content>
- <script src="/faces/rfRes/org/ajax4jsf/framework.pack.js" type="text/javascript"></script>
- <script src="/faces/rfRes/org/richfaces/ui.pack.js" type="text/javascript"></script>
- <link rel="stylesheet" type="text/css" href="/faces/rfRes/org/richfaces/skin.xcss"/>
<link rel="stylesheet" type="text/css" href="/style.css" media="screen"/>
</header-content>
<portlet-info>
@@ -56,9 +53,6 @@
<trans-attribute>Required</trans-attribute>
</transaction>
<header-content>
- <script src="/faces/rfRes/org/ajax4jsf/framework.pack.js" type="text/javascript"></script>
- <script src="/faces/rfRes/org/richfaces/ui.pack.js" type="text/javascript"></script>
- <link rel="stylesheet" type="text/css" href="/faces/rfRes/org/richfaces/skin.xcss"/>
<link rel="stylesheet" type="text/css" href="/style.css" media="screen"/>
</header-content>
<portlet-info>
Modified: tags/Enterprise_Portal_Platform_4_3_GA/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaRegionRenderer.java
===================================================================
--- tags/Enterprise_Portal_Platform_4_3_GA/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaRegionRenderer.java 2009-01-30 19:43:36 UTC (rev 12733)
+++ tags/Enterprise_Portal_Platform_4_3_GA/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaRegionRenderer.java 2009-01-30 19:46:24 UTC (rev 12734)
@@ -132,9 +132,16 @@
markup.print("/prototype.js'></script>\n");
markup.print("<script type='text/javascript' src='");
markup.print(jsBase);
- markup.print("/scriptaculous.js?load=effects,dragdrop'></script>\n");
+ markup.print("/scriptaculous.js'></script>\n");
markup.print("<script type='text/javascript' src='");
markup.print(jsBase);
+ markup.print("/effects.js'></script>\n");
+ markup.print("<script type='text/javascript' src='");
+ markup.print(jsBase);
+ markup.print("/dragdrop.js'></script>\n");
+
+ markup.print("<script type='text/javascript' src='");
+ markup.print(jsBase);
markup.print("/dyna.js'></script>\n");
markup.print("<script type='text/javascript'>\n");
15 years, 3 months
- 1
- 0
JBoss Portal SVN: r12733 - branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/controller/portlet.
by portal-commits@lists.jboss.org
Author: chris.laprun(a)jboss.com
Date: 2009-01-30 14:43:36 -0500 (Fri, 30 Jan 2009)
New Revision: 12733
Modified:
branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java
Log:
- JBPORTAL-2273: real fix: when we get an OpaqueStateString just transmit it as is since chances are it cannot be interpreted
(unless it was encoded by a Portal producer) and we cannot use the information locally to mix in the public navigational
state anyway.
Modified: branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java
===================================================================
--- branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java 2009-01-30 19:37:25 UTC (rev 12732)
+++ branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java 2009-01-30 19:43:36 UTC (rev 12733)
@@ -1,6 +1,6 @@
/******************************************************************************
* JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * Copyright 2009, Red Hat Middleware, LLC, and individual *
* contributors as indicated by the @authors tag. See the *
* copyright.txt in the distribution for a full listing of *
* individual contributors. *
@@ -86,37 +86,35 @@
StateString state = renderResult.getNavigationalState();
- Map<String, String[]> stringMap;
+ // if we are in the local case, decode the parameters and mix in public navigational state if needed
+ // in the WSRP case, we get an OpaqueStateString that we just pass along as is
if (state instanceof ParametersStateString)
{
- stringMap = ((ParametersStateString)state).getParameters();
- }
- else
- {
- stringMap = StateString.decodeOpaqueValue(state.getStringValue());
- }
- Map<String, String[]> parameters = new HashMap<String, String[]>(stringMap);
+ Map<String, String[]> stringMap = ((ParametersStateString)state).getParameters();
- if (pns != null)
- {
+ Map<String, String[]> parameters = new HashMap<String, String[]>(stringMap);
- //
- for (ParameterInfo parameterInfo : portletInfo.getNavigation().getPublicParameters())
+ if (pns != null)
{
- String key = parameterInfo.getId();
-
//
- String[] values = pns.getParameter(parameterInfo.getName());
-
- //
- if (values != null)
+ for (ParameterInfo parameterInfo : portletInfo.getNavigation().getPublicParameters())
{
- parameters.put(key, values);
+ String key = parameterInfo.getId();
+
+ //
+ String[] values = pns.getParameter(parameterInfo.getName());
+
+ //
+ if (values != null)
+ {
+ parameters.put(key, values);
+ }
}
}
+ state = ParametersStateString.create(parameters);
}
- return new PortletWindowActionResponse(targetId, windowState, mode, ParametersStateString.create(parameters));
+ return new PortletWindowActionResponse(targetId, windowState, mode, state);
}
else
{
15 years, 3 months
- 1
- 0
JBoss Portal SVN: r12732 - branches/Enterprise_Portal_Platform_4_3/core/src/main/org/jboss/portal/core/controller/portlet.
by portal-commits@lists.jboss.org
Author: chris.laprun(a)jboss.com
Date: 2009-01-30 14:37:25 -0500 (Fri, 30 Jan 2009)
New Revision: 12732
Modified:
branches/Enterprise_Portal_Platform_4_3/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java
Log:
- JBPORTAL-2273: real fix: when we get an OpaqueStateString just transmit it as is since chances are it cannot be interpreted
(unless it was encoded by a Portal producer) and we cannot use the information locally to mix in the public navigational
state anyway.
Modified: branches/Enterprise_Portal_Platform_4_3/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java
===================================================================
--- branches/Enterprise_Portal_Platform_4_3/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java 2009-01-30 18:25:28 UTC (rev 12731)
+++ branches/Enterprise_Portal_Platform_4_3/core/src/main/org/jboss/portal/core/controller/portlet/ControllerResponseFactory.java 2009-01-30 19:37:25 UTC (rev 12732)
@@ -1,6 +1,6 @@
/******************************************************************************
* JBoss, a division of Red Hat *
- * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * Copyright 2009, Red Hat Middleware, LLC, and individual *
* contributors as indicated by the @authors tag. See the *
* copyright.txt in the distribution for a full listing of *
* individual contributors. *
@@ -86,37 +86,35 @@
StateString state = renderResult.getNavigationalState();
- Map<String, String[]> stringMap;
+ // if we are in the local case, decode the parameters and mix in public navigational state if needed
+ // in the WSRP case, we get an OpaqueStateString that we just pass along as is
if (state instanceof ParametersStateString)
{
- stringMap = ((ParametersStateString)state).getParameters();
- }
- else
- {
- stringMap = StateString.decodeOpaqueValue(state.getStringValue());
- }
- Map<String, String[]> parameters = new HashMap<String, String[]>(stringMap);
+ Map<String, String[]> stringMap = ((ParametersStateString)state).getParameters();
- if (pns != null)
- {
+ Map<String, String[]> parameters = new HashMap<String, String[]>(stringMap);
- //
- for (ParameterInfo parameterInfo : portletInfo.getNavigation().getPublicParameters())
+ if (pns != null)
{
- String key = parameterInfo.getId();
-
//
- String[] values = pns.getParameter(parameterInfo.getName());
-
- //
- if (values != null)
+ for (ParameterInfo parameterInfo : portletInfo.getNavigation().getPublicParameters())
{
- parameters.put(key, values);
+ String key = parameterInfo.getId();
+
+ //
+ String[] values = pns.getParameter(parameterInfo.getName());
+
+ //
+ if (values != null)
+ {
+ parameters.put(key, values);
+ }
}
}
+ state = ParametersStateString.create(parameters);
}
- return new PortletWindowActionResponse(targetId, windowState, mode, ParametersStateString.create(parameters));
+ return new PortletWindowActionResponse(targetId, windowState, mode, state);
}
else
{
15 years, 3 months
- 1
- 0
JBoss Portal SVN: r12731 - branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-war/WEB-INF.
by portal-commits@lists.jboss.org
Author: wesleyhales
Date: 2009-01-30 13:25:28 -0500 (Fri, 30 Jan 2009)
New Revision: 12731
Modified:
branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-war/WEB-INF/jboss-portlet.xml
Log:
unneeded Richfaces config
Modified: branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-war/WEB-INF/jboss-portlet.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-war/WEB-INF/jboss-portlet.xml 2009-01-30 18:15:07 UTC (rev 12730)
+++ branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-war/WEB-INF/jboss-portlet.xml 2009-01-30 18:25:28 UTC (rev 12731)
@@ -35,9 +35,6 @@
<trans-attribute>Required</trans-attribute>
</transaction>
<header-content>
- <script src="/faces/rfRes/org/ajax4jsf/framework.pack.js" type="text/javascript"></script>
- <script src="/faces/rfRes/org/richfaces/ui.pack.js" type="text/javascript"></script>
- <link rel="stylesheet" type="text/css" href="/faces/rfRes/org/richfaces/skin.xcss"/>
<link rel="stylesheet" type="text/css" href="/style.css" media="screen"/>
</header-content>
<portlet-info>
@@ -56,9 +53,6 @@
<trans-attribute>Required</trans-attribute>
</transaction>
<header-content>
- <script src="/faces/rfRes/org/ajax4jsf/framework.pack.js" type="text/javascript"></script>
- <script src="/faces/rfRes/org/richfaces/ui.pack.js" type="text/javascript"></script>
- <link rel="stylesheet" type="text/css" href="/faces/rfRes/org/richfaces/skin.xcss"/>
<link rel="stylesheet" type="text/css" href="/style.css" media="screen"/>
</header-content>
<portlet-info>
15 years, 3 months
- 1
- 0