litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-2492 restrict IndexController by requested actions. Remove the page-restriction code from FreemarkerHttpServlet, letting VitroHttpServlet handle it.

Browse source
This commit is contained in:
j2blake 2011-04-21 16:19:54 +00:00
parent 38601a6cb0
commit 4077d66d1b
2 changed files with 4 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
View file

@ -18,7 +18,6 @@ import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean; import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean;
import edu.cornell.mannlib.vitro.webapp.beans.DisplayMessage; import edu.cornell.mannlib.vitro.webapp.beans.DisplayMessage;
import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.beans.Portal;
@ -85,15 +84,7 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
Configuration config = getConfig(vreq); Configuration config = getConfig(vreq);
vreq.setAttribute("freemarkerConfig", config); vreq.setAttribute("freemarkerConfig", config);
ResponseValues responseValues; ResponseValues responseValues = processRequest(vreq);
// This method does a redirect if the required login level is not met, so just return.
if (requiredLoginLevelNotFound(request, response)) {
return;
} else {
responseValues = processRequest(vreq);
}
doResponse(vreq, response, responseValues); doResponse(vreq, response, responseValues);
} catch (TemplateProcessingException e) { } catch (TemplateProcessingException e) {
@ -114,24 +105,6 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
return loader.getConfig(vreq); return loader.getConfig(vreq);
} }
private boolean requiredLoginLevelNotFound(HttpServletRequest request, HttpServletResponse response) {
int requiredLoginLevel = requiredLoginLevel();
// checkLoginStatus() does a redirect if the user is not logged in.
if (requiredLoginLevel > LoginStatusBean.ANYBODY && !checkLoginStatus(request, response, requiredLoginLevel)) {
return true;
}
return false;
}
protected int requiredLoginLevel() {
// By default, user does not need to be logged in to view pages.
// Subclasses that require login to process their page will override to return the required login level.
// NB This method can't be static, because then the superclass method gets called rather than
// the subclass method. For the same reason, it can't refer to a static or instance field
// REQUIRES_LOGIN_LEVEL which is overridden in the subclass.
return LoginStatusBean.ANYBODY;
}
// Subclasses will override // Subclasses will override
protected ResponseValues processRequest(VitroRequest vreq) { protected ResponseValues processRequest(VitroRequest vreq) {
return null; return null;

11
webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java
View file

@ -8,13 +8,13 @@ import java.util.Map;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ExceptionResponseValues; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ExceptionResponseValues;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
import edu.cornell.mannlib.vitro.webapp.search.IndexingException;
import edu.cornell.mannlib.vitro.webapp.search.indexing.IndexBuilder; import edu.cornell.mannlib.vitro.webapp.search.indexing.IndexBuilder;
/** /**
@ -29,6 +29,7 @@ import edu.cornell.mannlib.vitro.webapp.search.indexing.IndexBuilder;
* *
* @author bdc34 * @author bdc34
*/ */
@RequiresAuthorizationFor(UseMiscellaneousAdminPages.class)
public class IndexController extends FreemarkerHttpServlet { public class IndexController extends FreemarkerHttpServlet {
private static final Log log = LogFactory.getLog(IndexController.class); private static final Log log = LogFactory.getLog(IndexController.class);
@ -38,12 +39,6 @@ public class IndexController extends FreemarkerHttpServlet {
return "Full Search Index Rebuild"; return "Full Search Index Rebuild";
} }
@Override
protected int requiredLoginLevel() {
// User must be logged in to view this page.
return LoginStatusBean.DBA;
}
@Override @Override
protected ResponseValues processRequest(VitroRequest vreq) { protected ResponseValues processRequest(VitroRequest vreq) {
Map<String, Object> body = new HashMap<String, Object>(); Map<String, Object> body = new HashMap<String, Object>();