aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java61
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java14
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java335
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java331
4 files changed, 462 insertions, 279 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java
new file mode 100644
index 000000000..0bca3be0d
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class BasicOAActionException extends Exception {
+
+ private String strutsError;
+ private String strutsReturnValue;
+
+ private static final long serialVersionUID = -7989218660771842780L;
+
+ /**
+ *
+ */
+ public BasicOAActionException(String strutsError, String strutsReturnValue) {
+ this.strutsError = strutsError;
+ this.strutsReturnValue = strutsReturnValue;
+ }
+
+ /**
+ * @return the strutsError
+ */
+ public String getStrutsError() {
+ return strutsError;
+ }
+
+ /**
+ * @return the strutsReturnValue
+ */
+ public String getStrutsReturnValue() {
+ return strutsReturnValue;
+ }
+
+
+
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
index 67bd13dd2..9630bc232 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
@@ -54,6 +54,7 @@ public class BasicAction extends ActionSupport implements ServletRequestAware,
protected ConfigurationProvider configuration = null;
protected AuthenticatedUser authUser = null;
protected HttpSession session = null;
+ protected String formID;
protected void populateBasicInformations() throws BasicActionException {
try {
@@ -101,6 +102,19 @@ public class BasicAction extends ActionSupport implements ServletRequestAware,
}
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
new file mode 100644
index 000000000..5db77a515
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -0,0 +1,335 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.struts.action;
+
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
+import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class BasicOAAction extends BasicAction {
+
+ private static final long serialVersionUID = 5676123696807646246L;
+ private final Logger log = Logger.getLogger(BasicOAAction.class);
+
+ protected LinkedHashMap<String, IOnlineApplicationData> formList;
+ protected long oaid = -1;
+
+ private String oaidobj;
+ private boolean newOA;
+
+ /**
+ *
+ */
+ public BasicOAAction() {
+ formList = new LinkedHashMap<String, IOnlineApplicationData>();
+
+ OAGeneralConfig generalOA = new OAGeneralConfig();
+ formList.put(generalOA.getName(), generalOA);
+
+ }
+
+ protected OnlineApplication populateOnlineApplicationFromRequest(LinkedHashMap<String, IOnlineApplicationData> requestedFormList) throws BasicOAActionException{
+ if (!ValidationHelper.validateOAID(oaidobj)) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+
+ }
+ oaid = Long.valueOf(oaidobj);
+
+ UserDatabase userdb = null;
+ OnlineApplication onlineapplication = null;
+
+ if (authUser.isAdmin())
+ onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
+
+ else {
+ userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("error.editoa.mailverification", request),
+ Constants.STRUTS_SUCCESS);
+
+ }
+
+ // TODO: change to direct Database operation
+ List<OnlineApplication> oas = userdb.getOnlineApplication();
+ for (OnlineApplication oa : oas) {
+ if (oa.getHjid() == oaid) {
+ onlineapplication = oa;
+ break;
+ }
+ }
+ if (onlineapplication == null) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+ }
+ }
+
+ List<String> errors = new ArrayList<String>();
+ for (IOnlineApplicationData form : requestedFormList.values()) {
+ List<String> error = form.parse(onlineapplication, authUser, request);
+ if (error != null)
+ errors.addAll(error);
+ }
+ if (errors.size() > 0) {
+ for (String el : errors)
+ addActionError(el);
+ }
+
+ ConfigurationDBUtils.closeSession();
+ session.setAttribute(Constants.SESSION_OAID, oaid);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ newOA = false;
+
+ return onlineapplication;
+
+ }
+
+ protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException{
+ return populateOnlineApplicationFromRequest(formList);
+ }
+
+ protected void populateBasicNewOnlineApplicationInformation() {
+ session.setAttribute(Constants.SESSION_OAID, null);
+
+ setNewOA(true);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null);
+ }
+
+ protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException {
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
+ }
+ } else {
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
+
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("error.editoa.mailverification", request),
+ Constants.STRUTS_SUCCESS);
+ }
+
+ OnlineApplication onlineapplication = null;
+
+ Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID);
+ Long oaid = (long) -1;
+
+ if (oadbid != null) {
+ try {
+ oaid = (Long) oadbid;
+ if (oaid < 0 || oaid > Long.MAX_VALUE) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+ }
+
+ } catch (Throwable t) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+ }
+ }
+
+ // valid DBID and check entry
+ OAGeneralConfig oaGeneralForm = ((OAGeneralConfig)formList.get(new OAGeneralConfig().getName()));
+ String oaidentifier = oaGeneralForm.getIdentifier();
+ if (MiscUtil.isEmpty(oaidentifier)) {
+ log.info("Empty OA identifier");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ } else {
+
+ if (!ValidationHelper.validateURL(oaidentifier)) {
+ log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier);
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
+ new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ } else {
+
+ if (oaid == -1) {
+ onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
+ setNewOA(true);
+ if (onlineapplication != null) {
+ log.info("The OAIdentifier is not unique");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ }
+
+ } else {
+ onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
+ if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) {
+
+ if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) {
+ log.info("The OAIdentifier is not unique");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ }
+ }
+ }
+ }
+ }
+
+ return onlineapplication;
+
+ }
+
+ protected String preProcessDeleteOnlineApplication() throws BasicOAActionException {
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID());
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
+
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID());
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("error.editoa.mailverification", request),
+ Constants.STRUTS_SUCCESS);
+
+ }
+
+ String oaidentifier = getGeneralOA().getIdentifier();
+ if (MiscUtil.isEmpty(oaidentifier)) {
+ log.info("Empty OA identifier");
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ } else {
+ if (ValidationHelper.isValidOAIdentifier(oaidentifier)) {
+ log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
+ new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request),
+ Constants.STRUTS_ERROR_VALIDATION);
+ }
+ }
+
+ return oaidentifier;
+ }
+
+
+ /**
+ * @param oaidobj the oaidobj to set
+ */
+ public void setOaidobj(String oaidobj) {
+ this.oaidobj = oaidobj;
+ }
+
+ /**
+ * @return the newOA
+ */
+ public boolean isNewOA() {
+ return newOA;
+ }
+
+ /**
+ * @param newOA the newOA to set
+ */
+ public void setNewOA(boolean newOA) {
+ this.newOA = newOA;
+ }
+
+ public OAGeneralConfig getGeneralOA() {
+ return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName());
+ }
+
+ public void setGeneralOA(OAGeneralConfig generalOA) {
+ formList.put(generalOA.getName(), generalOA);
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 2cbac64ff..ae1104905 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -27,60 +27,35 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.*;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.validation.TargetValidator;
-import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
-import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.FormularCustomization;
import at.gv.egovernment.moa.id.configuration.data.oa.*;
import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
+import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
-import at.gv.egovernment.moa.id.configuration.helper.StringHelper;
-import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator;
-import at.gv.egovernment.moa.id.configuration.validation.oa.*;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
-import com.opensymphony.xwork2.ActionSupport;
import iaik.utils.URLDecoder;
import org.apache.log4j.Logger;
-import org.apache.struts2.interceptor.ServletRequestAware;
-import org.apache.struts2.interceptor.ServletResponseAware;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import java.io.*;
-import java.math.BigInteger;
-import java.security.cert.CertificateException;
import java.util.*;
-public class EditOAAction extends BasicAction {
+public class EditOAAction extends BasicOAAction {
private final Logger log = Logger.getLogger(EditOAAction.class);
private static final long serialVersionUID = 1L;
- private String oaidobj;
- private boolean newOA;
- private String formID;
-
private boolean isMetaDataRefreshRequired = false;
private String nextPage;
private InputStream stream;
-
- private LinkedHashMap<String, IOnlineApplicationData> formList;
-
- /**
- *
- */
+
public EditOAAction() {
- formList = new LinkedHashMap<String, IOnlineApplicationData>();
-
- OAGeneralConfig generalOA = new OAGeneralConfig();
- formList.put(generalOA.getName(), generalOA);
+ super();
OAAuthenticationData authOA = new OAAuthenticationData();
formList.put(authOA.getName(), authOA);
@@ -112,71 +87,18 @@ public class EditOAAction extends BasicAction {
public String inital() {
try {
populateBasicInformations();
+
+ populateOnlineApplicationFromRequest();
+ return Constants.STRUTS_OA_EDIT;
+
} catch (BasicActionException e) {
return Constants.STRUTS_ERROR;
+ } catch (BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
}
-
- long oaid = -1;
-
- if (!ValidationHelper.validateOAID(oaidobj)) {
- addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
- return Constants.STRUTS_ERROR;
- }
- oaid = Long.valueOf(oaidobj);
-
- UserDatabase userdb = null;
- OnlineApplication onlineapplication = null;
-
- if (authUser.isAdmin())
- onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
-
- else {
- userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
-
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
- log.info("Online-Applikation managemant disabled. Mail address is not verified.");
- addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request));
- return Constants.STRUTS_SUCCESS;
- }
-
- // TODO: change to direct Database operation
- List<OnlineApplication> oas = userdb.getOnlineApplication();
- for (OnlineApplication oa : oas) {
- if (oa.getHjid() == oaid) {
- onlineapplication = oa;
- break;
- }
- }
- if (onlineapplication == null) {
- addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
- return Constants.STRUTS_ERROR;
- }
- }
-
- List<String> errors = new ArrayList<String>();
-
-
- for (IOnlineApplicationData form : formList.values()) {
- List<String> error = form.parse(onlineapplication, authUser, request);
- if (error != null)
- errors.addAll(error);
- }
- if (errors.size() > 0) {
- for (String el : errors)
- addActionError(el);
- }
-
- ConfigurationDBUtils.closeSession();
- session.setAttribute(Constants.SESSION_OAID, oaid);
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- newOA = false;
-
- return Constants.STRUTS_OA_EDIT;
}
public String newOA() {
@@ -185,14 +107,13 @@ public class EditOAAction extends BasicAction {
try {
populateBasicInformations();
+ populateBasicNewOnlineApplicationInformation();
+
} catch (BasicActionException e) {
return Constants.STRUTS_ERROR;
}
-
- session.setAttribute(Constants.SESSION_OAID, null);
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
-
+
UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
@@ -200,106 +121,37 @@ public class EditOAAction extends BasicAction {
addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request));
return Constants.STRUTS_SUCCESS;
}
-
- newOA = true;
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null);
+
session.setAttribute(Constants.SESSION_OAUTH20SECRET, ((OAOAuth20Config)formList.get(new OAOAuth20Config().getName())).getClientSecret());
+
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
return Constants.STRUTS_OA_EDIT;
}
public String saveOA() {
+
+ OnlineApplication onlineapplication= null;
+
try {
populateBasicInformations();
+ onlineapplication = preProcessSaveOnlineApplication();
+
} catch (BasicActionException e) {
return Constants.STRUTS_ERROR;
+ } catch (BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
}
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
- log.info("Online-Applikation managemant disabled. Mail address is not verified.");
- addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request));
- return Constants.STRUTS_SUCCESS;
- }
-
- OnlineApplication onlineapplication = null;
List<String> errors = new ArrayList<String>();
-
- Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID);
- Long oaid = (long) -1;
-
- if (oadbid != null) {
- try {
- oaid = (Long) oadbid;
- if (oaid < 0 || oaid > Long.MAX_VALUE) {
- addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
- return Constants.STRUTS_ERROR;
- }
-
- } catch (Throwable t) {
- addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
- return Constants.STRUTS_ERROR;
- }
- }
-
- // valid DBID and check entry
- OAGeneralConfig oaGeneralForm = ((OAGeneralConfig)formList.get(new OAGeneralConfig().getName()));
- String oaidentifier = oaGeneralForm.getIdentifier();
- if (MiscUtil.isEmpty(oaidentifier)) {
- log.info("Empty OA identifier");
- errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request));
-
- } else {
-
- if (!ValidationHelper.validateURL(oaidentifier)) {
- log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier);
- errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
- new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request));
- } else {
-
- if (oaid == -1) {
- onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
- newOA = true;
- if (onlineapplication != null) {
- log.info("The OAIdentifier is not unique");
- errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request));
- }
-
- } else {
- onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
- if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) {
-
- if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) {
- log.info("The OAIdentifier is not unique");
- errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request));
- }
- }
- }
- }
- }
-
+
//validate forms
for (IOnlineApplicationData form : formList.values())
- errors.addAll(form.validate(oaGeneralForm, authUser, request));
+ errors.addAll(form.validate(getGeneralOA(), authUser, request));
// Do not allow SSO in combination with special BKUSelection features
if (getSsoOA().isUseSSO() && (getFormOA().isOnlyMandateAllowed() || !getFormOA().isShowMandateLoginButton())) {
@@ -308,7 +160,7 @@ public class EditOAAction extends BasicAction {
}
if (errors.size() > 0) {
- log.info("OAConfiguration with ID " + oaGeneralForm.getIdentifier() + " has some errors.");
+ log.info("OAConfiguration with ID " + getGeneralOA().getIdentifier() + " has some errors.");
for (String el : errors)
addActionError(el);
@@ -317,9 +169,7 @@ public class EditOAAction extends BasicAction {
return Constants.STRUTS_ERROR_VALIDATION;
} else {
-
- boolean newentry = false;
-
+
if (onlineapplication == null) {
onlineapplication = new OnlineApplication();
onlineapplication.setIsNew(true);
@@ -333,7 +183,7 @@ public class EditOAAction extends BasicAction {
} else {
onlineapplication.setIsNew(false);
- if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(oaGeneralForm.getIdentifier())) {
+ if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA().getIdentifier())) {
onlineapplication.setIsAdminRequired(true);
onlineapplication.setIsActive(false);
@@ -343,12 +193,13 @@ public class EditOAAction extends BasicAction {
}
if ((onlineapplication.isIsAdminRequired() == null)
- || (authUser.isAdmin() && oaGeneralForm.isActive() && onlineapplication.isIsAdminRequired())) {
+ || (authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired())) {
onlineapplication.setIsAdminRequired(false);
isMetaDataRefreshRequired = true;
- if (onlineapplication.getHjid() != null)
+ UserDatabase userdb = null;
+ if (onlineapplication.getHjid() != null)
userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid());
if (userdb != null && !userdb.isIsAdmin()) {
@@ -414,7 +265,7 @@ public class EditOAAction extends BasicAction {
if (openUsers != null) numusers = openUsers.size();
try {
- addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", oaGeneralForm.getIdentifier(), request));
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", getGeneralOA().getIdentifier(), request));
if (numusers > 0 || numoas > 0) MailHelper.sendAdminMail(numoas, numusers);
@@ -423,7 +274,7 @@ public class EditOAAction extends BasicAction {
}
} else
- addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", oaGeneralForm.getIdentifier(), request));
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", getGeneralOA().getIdentifier(), request));
//remove session attributes
session.setAttribute(Constants.SESSION_OAID, null);
@@ -462,65 +313,30 @@ public class EditOAAction extends BasicAction {
}
public String deleteOA() {
+ String oaidentifier = null;
try {
populateBasicInformations();
+
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String) {
+ nextPage = (String) nextPageAttr;
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+ }
+
+ oaidentifier = preProcessDeleteOnlineApplication();
+
} catch (BasicActionException e) {
return Constants.STRUTS_ERROR;
+ } catch (BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
}
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
- if (nextPageAttr != null && nextPageAttr instanceof String) {
- nextPage = (String) nextPageAttr;
-
- } else {
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
- }
-
- UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
- log.info("Online-Applikation managemant disabled. Mail address is not verified.");
- addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request));
- return Constants.STRUTS_SUCCESS;
- }
-
- String oaidentifier = getGeneralOA().getIdentifier();
- if (MiscUtil.isEmpty(oaidentifier)) {
- log.info("Empty OA identifier");
- addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request));
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- } else {
- if (ValidationHelper.isValidOAIdentifier(oaidentifier)) {
- log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);
- addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
- new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request));
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
- }
- }
-
OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
request.getSession().setAttribute(Constants.SESSION_OAID, null);
@@ -715,14 +531,6 @@ public class EditOAAction extends BasicAction {
formList.put(generalOA.getName(), generalOA);
}
- public OAGeneralConfig getGeneralOA() {
- return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName());
- }
-
- public void setGeneralOA(OAGeneralConfig generalOA) {
- formList.put(generalOA.getName(), generalOA);
- }
-
public OAPVP2Config getPvp2OA() {
return (OAPVP2Config) formList.get(new OAPVP2Config().getName());
}
@@ -756,27 +564,6 @@ public class EditOAAction extends BasicAction {
}
/**
- * @param oaidobj the oaidobj to set
- */
- public void setOaidobj(String oaidobj) {
- this.oaidobj = oaidobj;
- }
-
- /**
- * @return the newOA
- */
- public boolean isNewOA() {
- return newOA;
- }
-
- /**
- * @param newOA the newOA to set
- */
- public void setNewOA(boolean newOA) {
- this.newOA = newOA;
- }
-
- /**
* @return the nextPage
*/
public String getNextPage() {
@@ -784,20 +571,6 @@ public class EditOAAction extends BasicAction {
}
/**
- * @return the formID
- */
- public String getFormID() {
- return formID;
- }
-
- /**
- * @param formID the formID to set
- */
- public void setFormID(String formID) {
- this.formID = formID;
- }
-
- /**
* @return the formOA
*/
public FormularCustomization getFormOA() {