diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java | 115 |
1 files changed, 97 insertions, 18 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index cc613ef7b..9e6e04644 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -6,6 +6,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; @@ -21,10 +22,14 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.MiscUtil; public class ListOAsAction extends ActionSupport implements ServletRequestAware, ServletResponseAware { + private final Logger log = Logger.getLogger(ListOAsAction.class); + private static final long serialVersionUID = 1L; private HttpServletRequest request; @@ -33,10 +38,8 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, private ConfigurationProvider configuration; private List<OAListElement> formOAs; - - private AuthenticatedUser authUser; - + private String friendlyname; public ListOAsAction() throws ConfigurationException { configuration = ConfigurationProvider.getInstance(); @@ -59,32 +62,90 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, UserDatabase authUserDB = ConfigurationDBRead.getUserWithID(authUser.getUserID()); dbOAs = authUserDB.getRegistratedOAs(); } + + addFormOAs(dbOAs); + + return Constants.STRUTS_SUCCESS; + } - formOAs = new ArrayList<OAListElement>(); - if (dbOAs == null) { - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + return Constants.STRUTS_ERROR; + } + + public String searchOAInit() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { + authUser = (AuthenticatedUser) authUserObj; + + formOAs = null; + friendlyname = ""; + + return Constants.STRUTS_SUCCESS; + + } else { + return Constants.STRUTS_REAUTHENTICATE; + } + } + + public String searchOA() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { + authUser = (AuthenticatedUser) authUserObj; + + if (MiscUtil.isEmpty(friendlyname)) { + log.info("SearchOA textfield is empty"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); return Constants.STRUTS_SUCCESS; } else { - for (OnlineApplication dboa : dbOAs) { - OAListElement listoa = new OAListElement(); - listoa.setActive(dboa.isIsActive()); - listoa.setDataBaseID(dboa.getHjid()); - listoa.setOaFriendlyName(dboa.getFriendlyName()); - listoa.setOaIdentifier(dboa.getPublicURLPrefix()); - listoa.setOaType(dboa.getType()); - formOAs.add(listoa); - } + if (ValidationHelper.containsPotentialCSSCharacter(friendlyname, false)) { + log.warn("SearchOA textfield contains potential XSS characters"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request)); + return Constants.STRUTS_SUCCESS; + } } - return Constants.STRUTS_SUCCESS; + List<OnlineApplication> dbOAs = null; - } + if (authUser.isAdmin()) { + dbOAs = ConfigurationDBRead.searchOnlineApplications(friendlyname); + + } else { + dbOAs = ConfigurationDBRead.searchOnlineApplicationsFromUser(authUser.getUserID(), friendlyname); + + } - return Constants.STRUTS_ERROR; + addFormOAs(dbOAs); + + return Constants.STRUTS_SUCCESS; + } + + return Constants.STRUTS_REAUTHENTICATE; } + private void addFormOAs(List<OnlineApplication> dbOAs) { + + formOAs = new ArrayList<OAListElement>(); + if (dbOAs == null) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + for (OnlineApplication dboa : dbOAs) { + OAListElement listoa = new OAListElement(); + listoa.setActive(dboa.isIsActive()); + listoa.setDataBaseID(dboa.getHjid()); + listoa.setOaFriendlyName(dboa.getFriendlyName()); + listoa.setOaIdentifier(dboa.getPublicURLPrefix()); + listoa.setOaType(dboa.getType()); + formOAs.add(listoa); + } + } + } public void setServletResponse(HttpServletResponse arg0) { this.response = arg0; @@ -107,6 +168,24 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, */ public List<OAListElement> getFormOAs() { return formOAs; + } + + + /** + * @return the friendlyname + */ + public String getFriendlyname() { + return friendlyname; + } + + + /** + * @param friendlyname the friendlyname to set + */ + public void setFriendlyname(String friendlyname) { + this.friendlyname = friendlyname; } + + } |