From 8ebf6c4b08a008a96b4ac60167c26b48c30e97ce Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 5 Feb 2020 15:31:09 +0100
Subject: refactor generic error-handling to solve possible invalid
 error-response in SL2.0

---
 .../impl/idp/controller/AbstractController.java    | 120 +++++++++++++--------
 1 file changed, 73 insertions(+), 47 deletions(-)

(limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller')

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
index c09efc37..dd113907 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
@@ -21,16 +21,11 @@ package at.gv.egiz.eaaf.core.impl.idp.controller;
 
 import java.io.IOException;
 
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.text.StringEscapeUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-
 import at.gv.egiz.components.eventlog.api.EventConstants;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IStatusMessenger;
@@ -44,9 +39,17 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
 import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egiz.eaaf.core.impl.utils.ServletUtils;
 
+import org.apache.commons.text.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+
 /**
  * Basic application controller that implements core error-handling.
  *
@@ -142,6 +145,65 @@ public abstract class AbstractController {
       final HttpServletRequest req, final HttpServletResponse resp, IRequest pendingReq)
       throws IOException, EaafException {
 
+    final Pair<IRequest, Throwable> errorToHandle =
+        exractExceptionThatShouldBeLogged(pendingReq, exceptionThrown);
+
+    try {
+      final String errorKey = storeErrorAndGetErrorToken(errorToHandle);
+
+      // build up redirect URL
+      final String redirectUrl = generateErrorRedirectUrl(req, errorKey);
+      resp.setContentType("text/html");
+      resp.setStatus(302);
+
+      resp.addHeader("Location", redirectUrl);
+      log.debug("REDIRECT TO: " + redirectUrl);
+
+      return;
+
+    } catch (final Exception e) {
+      log.warn("Default error-handling FAILED. Exception can not be stored ....", e);
+      log.info("Switch to generic generic backup error-handling ... ");
+      protAuthService.handleErrorNoRedirect(errorToHandle.getSecond(), req, resp, true);
+
+    }
+
+  }
+
+  protected String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey) {
+    String redirectUrl = null;
+    redirectUrl = ServletUtils.getBaseUrl(req);
+    redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?"
+        + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey;
+    return redirectUrl;
+
+  }
+
+  protected String storeErrorAndGetErrorToken(Pair<IRequest, Throwable> errorToHandle) throws EaafException {
+    // log error directly in debug mode
+    if (log.isDebugEnabled()) {
+      log.warn(errorToHandle.getSecond().getMessage(), errorToHandle.getSecond());
+    }
+
+    // put exception into transaction store for redirect
+    final String errorKey = Random.nextLongRandom();
+    if (errorToHandle.getFirst() != null) {
+      revisionsLogger.logEvent(errorToHandle.getFirst(), EventConstants.TRANSACTION_ERROR);
+      transactionStorage.put(errorKey, new ExceptionContainer(errorToHandle.getFirst(), errorToHandle
+          .getSecond()), -1);
+
+    } else {
+      transactionStorage.put(errorKey, new ExceptionContainer(null, errorToHandle.getSecond()), -1);
+
+    }
+
+    return errorKey;
+
+  }
+
+  @Nonnull
+  protected Pair<IRequest, Throwable> exractExceptionThatShouldBeLogged(
+      @Nullable IRequest pendingReq, @Nonnull Throwable exceptionThrown) {
     Throwable loggedException = null;
     final Throwable extractedException =
         extractOriginalExceptionFromProcessException(exceptionThrown);
@@ -155,8 +217,10 @@ public abstract class AbstractController {
     } else if (exceptionThrown instanceof PendingReqIdValidationException) {
       log.trace(
           "Find pendingRequestId validation exception. Looking for invalid pending-request ... ");
+
       if (((PendingReqIdValidationException) exceptionThrown).getInvalidPendingReq() != null) {
         pendingReq = ((PendingReqIdValidationException) exceptionThrown).getInvalidPendingReq();
+
       }
 
     }
@@ -164,49 +228,11 @@ public abstract class AbstractController {
     // use TaskExecutionException directly, if no Original Exeception is included
     if (loggedException == null) {
       loggedException = exceptionThrown;
-    }
-
-    try {
-      // switch to protocol-finalize method to generate a protocol-specific error
-      // message
-
-      // log error directly in debug mode
-      if (log.isDebugEnabled()) {
-        log.warn(loggedException.getMessage(), loggedException);
-      }
-
-      // put exception into transaction store for redirect
-      final String key = Random.nextLongRandom();
-      if (pendingReq != null) {
-        revisionsLogger.logEvent(pendingReq, EventConstants.TRANSACTION_ERROR);
-        transactionStorage.put(key, new ExceptionContainer(pendingReq, loggedException), -1);
-
-      } else {
-        transactionStorage.put(key, new ExceptionContainer(null, loggedException), -1);
-
-      }
-
-      // build up redirect URL
-      String redirectUrl = null;
-      redirectUrl = ServletUtils.getBaseUrl(req);
-      redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?"
-          + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + key;
-
-      resp.setContentType("text/html");
-      resp.setStatus(302);
-
-      resp.addHeader("Location", redirectUrl);
-      log.debug("REDIRECT TO: " + redirectUrl);
-
-      return;
-
-    } catch (final Exception e) {
-      log.warn("Default error-handling FAILED. Exception can not be stored ....", e);
-      log.info("Switch to generic generic backup error-handling ... ");
-      protAuthService.handleErrorNoRedirect(loggedException, req, resp, true);
 
     }
 
+    return Pair.newInstance(pendingReq, loggedException);
+
   }
 
   /**
-- 
cgit v1.2.3