protected void checkActionBeanInvocation(ContainerRequestContext requestContext, PageAction pageAction) { Method handler = resourceInfo.getResourceMethod(); List<PageInstance> pageInstancePath = new ArrayList<PageInstance>(); PageInstance last = pageAction.getPageInstance(); while(last != null) { pageInstancePath.add(0, last); last = last.getParent(); } Dispatch dispatch = new Dispatch(pageInstancePath.toArray(new PageInstance[pageInstancePath.size()])); HttpServletRequest request = ElementsThreadLocals.getHttpServletRequest(); if(!SecurityLogic.isAllowed(request, dispatch, pageAction, handler)) { Response.Status status = SecurityUtils.getSubject().isAuthenticated() ? Response.Status.FORBIDDEN : Response.Status.UNAUTHORIZED; requestContext.abortWith(Response.status(status).build()); } else if(!ButtonsLogic.doGuardsPass(pageAction, handler)) { requestContext.abortWith( Response.status(Response.Status.CONFLICT) .entity("The action couldn't be invoked, a guard did not pass") .build()); } else { logger.debug("Portofino-specific security check passed"); } }
public static boolean isEmbedded(PageAction pageAction) { PageInstance parent = pageAction.getPageInstance().getParent(); if(parent == null) { return false; //Root page } PageAction parentActionBean = parent.getActionBean(); if(parentActionBean == null) { return false; } String parentPath = parentActionBean.getContext().getActionPath(); String myPath = pageAction.getContext().getActionPath(); return !StringUtils.equals(parentPath, myPath); } }
protected void preparePage(ContainerRequestContext requestContext, Object resource) { if(resource instanceof PageAction) { PageAction pageAction = (PageAction) resource; HttpServletRequest request = ElementsThreadLocals.getHttpServletRequest(); request.setAttribute(StripesConstants.REQ_ATTR_ACTION_BEAN, pageAction); if(!pageAction.getPageInstance().isPrepared()) { ElementsActionBeanContext context = new ElementsActionBeanContext(); context.setRequest(request); context.setResponse(response); context.setServletContext(request.getServletContext()); context.setEventName(""); String path = requestContext.getUriInfo().getPath(); if(!path.startsWith("/")) { path = "/" + path; } context.setActionPath(path); //TODO pageAction.setContext(context); Resolution resolution = pageAction.preparePage(); if(resolution != null) { requestContext.abortWith(Response.serverError().entity(resolution).build()); } } } }