From 30fa59cf5e4c8eb1c7fc9038577eb42edc2b1d40 Mon Sep 17 00:00:00 2001 From: jeb228 Date: Mon, 29 Nov 2010 22:36:19 +0000 Subject: [PATCH] NIHVIVO-1379 If a user is logged in but not authorized to view a page, send them to a page with an explanation. --- webapp/config/web.xml | 4 ++ .../vitro/webapp/controller/Controllers.java | 1 + .../webapp/controller/VitroHttpServlet.java | 46 ++++++++++++------- .../freemarker/EmptyController.java | 8 ++-- .../web/jsptags/ConfirmLoginStatus.java | 10 +--- .../body/insufficientAuthorization.ftl | 14 ++++++ 6 files changed, 56 insertions(+), 27 deletions(-) create mode 100644 webapp/web/templates/freemarker/body/insufficientAuthorization.ftl diff --git a/webapp/config/web.xml b/webapp/config/web.xml index fb949432a..a2e1a07b0 100644 --- a/webapp/config/web.xml +++ b/webapp/config/web.xml @@ -395,6 +395,10 @@ EmptyController /login + + EmptyController + /insufficientAuthorization + RevisionInfoController diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/Controllers.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/Controllers.java index a357c1d37..7a2122bfe 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/Controllers.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/Controllers.java @@ -44,6 +44,7 @@ public class Controllers { public static final String LOGIN_JSP = "/login"; public static final String LOGOUT_JSP = "/logout"; + public static final String INSUFFICIENT_AUTHORIZATION = "/insufficientAuthorization"; public static final String BASIC_JSP = "/templates/page/basicPage.jsp"; public static final String DEBUG_JSP = "/templates/page/debug.jsp"; diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java index e88cf406d..6c8b45dbe 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java @@ -75,7 +75,7 @@ public class VitroHttpServlet extends HttpServlet { // ---------------------------------------------------------------------- /** - * If not logged in, redirect them to the appropriate page. + * If not logged in, redirect them to the login page. */ public static boolean checkLoginStatus(HttpServletRequest request, HttpServletResponse response) { @@ -83,39 +83,48 @@ public class VitroHttpServlet extends HttpServlet { if (LoginStatusBean.getBean(request).isLoggedIn()) { return true; } else { - try { - redirectToLoginPage(request, response); - } catch (IOException ioe) { - log.error("checkLoginStatus() could not redirect to login page"); - } + redirectToLoginPage(request, response); return false; } } /** - * If not logged in at the minimum level or higher, redirect them to the appropriate page. + * If not logged in at the required level, redirect them to the appropriate page. */ public static boolean checkLoginStatus(HttpServletRequest request, HttpServletResponse response, int minimumLevel) { LogoutRedirector.recordRestrictedPageUri(request); if (LoginStatusBean.getBean(request).isLoggedInAtLeast(minimumLevel)) { return true; + } else if (LoginStatusBean.getBean(request).isLoggedIn()) { + redirectToInsufficientAuthorizationPage(request, response); + return false; } else { - try { - redirectToLoginPage(request, response); - } catch (IOException ioe) { - log.error("checkLoginStatus() could not redirect to login page"); - } + redirectToLoginPage(request, response); return false; } } /** - * Not adequately logged in. Send them to the login page, and then back to - * the page that invoked this. + * Logged in, but with insufficent authorization. Send them to the + * corresponding page. They won't be coming back. + */ + public static void redirectToInsufficientAuthorizationPage( + HttpServletRequest request, HttpServletResponse response) { + try { + response.sendRedirect(request.getContextPath() + + Controllers.INSUFFICIENT_AUTHORIZATION); + } catch (IOException e) { + log.error("Could not redirect to insufficient authorization page."); + } + } + + /** + * Not logged in. Send them to the login page, and then back to the page + * that invoked this. */ public static void redirectToLoginPage(HttpServletRequest request, - HttpServletResponse response) throws IOException { + HttpServletResponse response) { String postLoginRequest; String queryString = request.getQueryString(); @@ -128,7 +137,12 @@ public class VitroHttpServlet extends HttpServlet { LoginRedirector.setReturnUrlFromForcedLogin(request, postLoginRequest); String loginPage = request.getContextPath() + Controllers.LOGIN; - response.sendRedirect(loginPage); + + try { + response.sendRedirect(loginPage); + } catch (IOException ioe) { + log.error("Could not redirect to login page"); + } } /** diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/EmptyController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/EmptyController.java index f02f4b6a5..010092211 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/EmptyController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/EmptyController.java @@ -8,10 +8,7 @@ import java.util.Map; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; -import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet.ResponseValues; -import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet.TemplateResponseValues; /* * Servlet that only specifies a template, without putting any data @@ -25,12 +22,17 @@ public class EmptyController extends FreemarkerHttpServlet { private static final Map urlsToTemplates = new HashMap(){ { put("/login", "login.ftl"); + put("/insufficientAuthorization", "insufficientAuthorization.ftl"); } }; protected ResponseValues processRequest(VitroRequest vreq) { String requestedUrl = vreq.getServletPath(); String templateName = urlsToTemplates.get(requestedUrl); + + log.debug("requestedUrl='" + requestedUrl + "', templateName='" + + templateName + "'"); + return new TemplateResponseValues(templateName); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmLoginStatus.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmLoginStatus.java index a52db7175..ce63bfbbc 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmLoginStatus.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmLoginStatus.java @@ -96,14 +96,8 @@ public class ConfirmLoginStatus extends BodyTagSupport { } private int redirectAndSkipPage() throws JspException { - try { - VitroHttpServlet.redirectToLoginPage(getRequest(), getResponse()); - return SKIP_PAGE; - } catch (IOException ioe) { - throw new JspException( - " could not redirect to login page", - ioe); - } + VitroHttpServlet.redirectToLoginPage(getRequest(), getResponse()); + return SKIP_PAGE; } private HttpServletRequest getRequest() { diff --git a/webapp/web/templates/freemarker/body/insufficientAuthorization.ftl b/webapp/web/templates/freemarker/body/insufficientAuthorization.ftl new file mode 100644 index 000000000..d523c91de --- /dev/null +++ b/webapp/web/templates/freemarker/body/insufficientAuthorization.ftl @@ -0,0 +1,14 @@ +<#-- $This file is distributed under the terms of the license in /doc/license.txt$ --> + +<#-- Template for the insufficient authorization page --> + +
+

Insufficient Authorization

+ +

+ You are not authorized to view that page. +

+ +
+ Continue +