litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-1379 If a user is logged in but not authorized to view a page, send them to a page with an explanation.

Browse source
This commit is contained in:
jeb228 2010-11-29 22:36:19 +00:00
parent ec2c390152
commit 30fa59cf5e
6 changed files with 56 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

4
webapp/config/web.xml
View file

@ -395,6 +395,10 @@
<servlet-name>EmptyController</servlet-name> <servlet-name>EmptyController</servlet-name>
<url-pattern>/login</url-pattern> <url-pattern>/login</url-pattern>
</servlet-mapping> </servlet-mapping>
<servlet-mapping>
<servlet-name>EmptyController</servlet-name>
<url-pattern>/insufficientAuthorization</url-pattern>
</servlet-mapping>
<servlet> <servlet>
<servlet-name>RevisionInfoController</servlet-name> <servlet-name>RevisionInfoController</servlet-name>

1
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/Controllers.java
View file

@ -44,6 +44,7 @@ public class Controllers {
public static final String LOGIN_JSP = "/login"; public static final String LOGIN_JSP = "/login";
public static final String LOGOUT_JSP = "/logout"; public static final String LOGOUT_JSP = "/logout";
public static final String INSUFFICIENT_AUTHORIZATION = "/insufficientAuthorization";
public static final String BASIC_JSP = "/templates/page/basicPage.jsp"; public static final String BASIC_JSP = "/templates/page/basicPage.jsp";
public static final String DEBUG_JSP = "/templates/page/debug.jsp"; public static final String DEBUG_JSP = "/templates/page/debug.jsp";

46
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java
View file

@ -75,7 +75,7 @@ public class VitroHttpServlet extends HttpServlet {
// ---------------------------------------------------------------------- // ----------------------------------------------------------------------
/** /**
* If not logged in, redirect them to the appropriate page. * If not logged in, redirect them to the login page.
*/ */
public static boolean checkLoginStatus(HttpServletRequest request, public static boolean checkLoginStatus(HttpServletRequest request,
HttpServletResponse response) { HttpServletResponse response) {
@ -83,39 +83,48 @@ public class VitroHttpServlet extends HttpServlet {
if (LoginStatusBean.getBean(request).isLoggedIn()) { if (LoginStatusBean.getBean(request).isLoggedIn()) {
return true; return true;
} else { } else {
try { redirectToLoginPage(request, response);
redirectToLoginPage(request, response);
} catch (IOException ioe) {
log.error("checkLoginStatus() could not redirect to login page");
}
return false; return false;
} }
} }
/** /**
* If not logged in at the minimum level or higher, redirect them to the appropriate page. * If not logged in at the required level, redirect them to the appropriate page.
*/ */
public static boolean checkLoginStatus(HttpServletRequest request, public static boolean checkLoginStatus(HttpServletRequest request,
HttpServletResponse response, int minimumLevel) { HttpServletResponse response, int minimumLevel) {
LogoutRedirector.recordRestrictedPageUri(request); LogoutRedirector.recordRestrictedPageUri(request);
if (LoginStatusBean.getBean(request).isLoggedInAtLeast(minimumLevel)) { if (LoginStatusBean.getBean(request).isLoggedInAtLeast(minimumLevel)) {
return true; return true;
} else if (LoginStatusBean.getBean(request).isLoggedIn()) {
redirectToInsufficientAuthorizationPage(request, response);
return false;
} else { } else {
try { redirectToLoginPage(request, response);
redirectToLoginPage(request, response);
} catch (IOException ioe) {
log.error("checkLoginStatus() could not redirect to login page");
}
return false; return false;
} }
} }
/** /**
* Not adequately logged in. Send them to the login page, and then back to * Logged in, but with insufficent authorization. Send them to the
* the page that invoked this. * corresponding page. They won't be coming back.
*/
public static void redirectToInsufficientAuthorizationPage(
HttpServletRequest request, HttpServletResponse response) {
try {
response.sendRedirect(request.getContextPath()
+ Controllers.INSUFFICIENT_AUTHORIZATION);
} catch (IOException e) {
log.error("Could not redirect to insufficient authorization page.");
}
}
/**
* Not logged in. Send them to the login page, and then back to the page
* that invoked this.
*/ */
public static void redirectToLoginPage(HttpServletRequest request, public static void redirectToLoginPage(HttpServletRequest request,
HttpServletResponse response) throws IOException { HttpServletResponse response) {
String postLoginRequest; String postLoginRequest;
String queryString = request.getQueryString(); String queryString = request.getQueryString();
@ -128,7 +137,12 @@ public class VitroHttpServlet extends HttpServlet {
LoginRedirector.setReturnUrlFromForcedLogin(request, postLoginRequest); LoginRedirector.setReturnUrlFromForcedLogin(request, postLoginRequest);
String loginPage = request.getContextPath() + Controllers.LOGIN; String loginPage = request.getContextPath() + Controllers.LOGIN;
response.sendRedirect(loginPage);
try {
response.sendRedirect(loginPage);
} catch (IOException ioe) {
log.error("Could not redirect to login page");
}
} }
/** /**

8
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/EmptyController.java
View file

@ -8,10 +8,7 @@ import java.util.Map;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet.ResponseValues;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet.TemplateResponseValues;
/* /*
* Servlet that only specifies a template, without putting any data * Servlet that only specifies a template, without putting any data
@ -25,12 +22,17 @@ public class EmptyController extends FreemarkerHttpServlet {
private static final Map<String, String> urlsToTemplates = new HashMap<String, String>(){ private static final Map<String, String> urlsToTemplates = new HashMap<String, String>(){
{ {
put("/login", "login.ftl"); put("/login", "login.ftl");
put("/insufficientAuthorization", "insufficientAuthorization.ftl");
} }
}; };
protected ResponseValues processRequest(VitroRequest vreq) { protected ResponseValues processRequest(VitroRequest vreq) {
String requestedUrl = vreq.getServletPath(); String requestedUrl = vreq.getServletPath();
String templateName = urlsToTemplates.get(requestedUrl); String templateName = urlsToTemplates.get(requestedUrl);
log.debug("requestedUrl='" + requestedUrl + "', templateName='"
+ templateName + "'");
return new TemplateResponseValues(templateName); return new TemplateResponseValues(templateName);
} }
} }

10
webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmLoginStatus.java
View file

@ -96,14 +96,8 @@ public class ConfirmLoginStatus extends BodyTagSupport {
} }
private int redirectAndSkipPage() throws JspException { private int redirectAndSkipPage() throws JspException {
try { VitroHttpServlet.redirectToLoginPage(getRequest(), getResponse());
VitroHttpServlet.redirectToLoginPage(getRequest(), getResponse()); return SKIP_PAGE;
return SKIP_PAGE;
} catch (IOException ioe) {
throw new JspException(
"<vitro:confirmLoginStatus> could not redirect to login page",
ioe);
}
} }
private HttpServletRequest getRequest() { private HttpServletRequest getRequest() {

14
webapp/web/templates/freemarker/body/insufficientAuthorization.ftl Normal file
View file

@ -0,0 +1,14 @@
<#-- $This file is distributed under the terms of the license in /doc/license.txt$ -->
<#-- Template for the insufficient authorization page -->
<section role="region">
<h2>Insufficient Authorization</h2>
<p>
You are not authorized to view that page.
</p>
<br/>
<a href="${urls.home}">Continue</a>
</section>