NIHVIVO-2492 restrict Ajax controllers by UseBasicAjaxControllers
This commit is contained in:
j2blake
parent
a49554db8f
commit
4654ec7354
9 changed files with 38 additions and 55 deletions
|
|
@ -15,6 +15,7 @@ import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServlet;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
|
|
@ -28,7 +29,6 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A collection of static methods to help determine whether requested actions
|
* A collection of static methods to help determine whether requested actions
|
||||||
|
|
@ -76,8 +76,8 @@ public class PolicyHelper {
|
||||||
/**
|
/**
|
||||||
* Does this servlet require authorization?
|
* Does this servlet require authorization?
|
||||||
*/
|
*/
|
||||||
public static boolean isServletRestricted(VitroHttpServlet servlet) {
|
public static boolean isServletRestricted(HttpServlet servlet) {
|
||||||
Class<? extends VitroHttpServlet> servletClass = servlet.getClass();
|
Class<? extends HttpServlet> servletClass = servlet.getClass();
|
||||||
try {
|
try {
|
||||||
return !ActionClauses.forServletClass(servletClass).isEmpty();
|
return !ActionClauses.forServletClass(servletClass).isEmpty();
|
||||||
} catch (PolicyHelperException e) {
|
} catch (PolicyHelperException e) {
|
||||||
|
|
@ -90,7 +90,7 @@ public class PolicyHelper {
|
||||||
* user by the current policies?
|
* user by the current policies?
|
||||||
*/
|
*/
|
||||||
public static boolean isAuthorizedForServlet(HttpServletRequest req,
|
public static boolean isAuthorizedForServlet(HttpServletRequest req,
|
||||||
VitroHttpServlet servlet) {
|
HttpServlet servlet) {
|
||||||
return isAuthorizedForServlet(req, servlet.getClass());
|
return isAuthorizedForServlet(req, servlet.getClass());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -99,7 +99,7 @@ public class PolicyHelper {
|
||||||
* current user by the current policies?
|
* current user by the current policies?
|
||||||
*/
|
*/
|
||||||
public static boolean isAuthorizedForServlet(HttpServletRequest req,
|
public static boolean isAuthorizedForServlet(HttpServletRequest req,
|
||||||
Class<? extends VitroHttpServlet> servletClass) {
|
Class<? extends HttpServlet> servletClass) {
|
||||||
try {
|
try {
|
||||||
return isAuthorizedForActionClauses(req,
|
return isAuthorizedForActionClauses(req,
|
||||||
ActionClauses.forServletClass(servletClass));
|
ActionClauses.forServletClass(servletClass));
|
||||||
|
|
@ -197,7 +197,7 @@ public class PolicyHelper {
|
||||||
*/
|
*/
|
||||||
private static class ActionClauses {
|
private static class ActionClauses {
|
||||||
static ActionClauses forServletClass(
|
static ActionClauses forServletClass(
|
||||||
Class<? extends VitroHttpServlet> servletClass)
|
Class<? extends HttpServlet> servletClass)
|
||||||
throws PolicyHelperException {
|
throws PolicyHelperException {
|
||||||
return new ActionClauses(
|
return new ActionClauses(
|
||||||
servletClass.getAnnotation(RequiresAuthorizationFor.class));
|
servletClass.getAnnotation(RequiresAuthorizationFor.class));
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseIndividualEditorPages;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseIndividualEditorPages;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMenuEditorPages;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMenuEditorPages;
|
||||||
|
|
@ -83,6 +84,9 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
|
||||||
} else if (whatToAuth instanceof SeeRevisionInfo) {
|
} else if (whatToAuth instanceof SeeRevisionInfo) {
|
||||||
result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole);
|
result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole);
|
||||||
|
|
||||||
|
} else if (whatToAuth instanceof UseBasicAjaxControllers) {
|
||||||
|
result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
result = defaultDecision("Unrecognized action");
|
result = defaultDecision("Unrecognized action");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,11 @@
|
||||||
|
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
|
||||||
|
|
||||||
|
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
|
||||||
|
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||||
|
|
||||||
|
/** Should we allow the user to use the basic Ajax controllers? */
|
||||||
|
public class UseBasicAjaxControllers extends RequestedAction implements
|
||||||
|
UsePagesRequestedAction {
|
||||||
|
// no fields
|
||||||
|
}
|
||||||
|
|
@ -9,7 +9,6 @@ import java.io.IOException;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
|
|
@ -26,7 +25,8 @@ import com.hp.hpl.jena.query.ResultSetFormatter;
|
||||||
import com.hp.hpl.jena.query.Syntax;
|
import com.hp.hpl.jena.query.Syntax;
|
||||||
import com.hp.hpl.jena.rdf.model.Model;
|
import com.hp.hpl.jena.rdf.model.Model;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -35,6 +35,7 @@ import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||||
*
|
*
|
||||||
* The result is delivered in JSON format.
|
* The result is delivered in JSON format.
|
||||||
*/
|
*/
|
||||||
|
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
|
||||||
public class SparqlQueryAjaxController extends VitroAjaxController {
|
public class SparqlQueryAjaxController extends VitroAjaxController {
|
||||||
private static final Log log = LogFactory
|
private static final Log log = LogFactory
|
||||||
.getLog(SparqlQueryAjaxController.class);
|
.getLog(SparqlQueryAjaxController.class);
|
||||||
|
|
@ -42,14 +43,6 @@ public class SparqlQueryAjaxController extends VitroAjaxController {
|
||||||
private static final String PARAMETER_QUERY = "query";
|
private static final String PARAMETER_QUERY = "query";
|
||||||
private static final String RESPONSE_MIME_TYPE = "application/javascript";
|
private static final String RESPONSE_MIME_TYPE = "application/javascript";
|
||||||
|
|
||||||
/**
|
|
||||||
* If you are logged in, you can use this servlet.
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
protected boolean testIsAuthorized(HttpServletRequest request) {
|
|
||||||
return LoginStatusBean.getBean(request).isLoggedIn();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doRequest(VitroRequest vreq, HttpServletResponse response)
|
protected void doRequest(VitroRequest vreq, HttpServletResponse response)
|
||||||
throws ServletException, IOException {
|
throws ServletException, IOException {
|
||||||
|
|
|
||||||
|
|
@ -15,14 +15,11 @@ import javax.servlet.http.HttpServletResponse;
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerConfigurationLoader;
|
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerConfigurationLoader;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.TemplateProcessingHelper;
|
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.TemplateProcessingHelper.TemplateProcessingException;
|
|
||||||
import edu.cornell.mannlib.vitro.webapp.search.controller.AutocompleteController;
|
|
||||||
import freemarker.template.Configuration;
|
import freemarker.template.Configuration;
|
||||||
import freemarker.template.Template;
|
import freemarker.template.Template;
|
||||||
import freemarker.template.TemplateException;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A base class for servlets that handle AJAX requests.
|
* A base class for servlets that handle AJAX requests.
|
||||||
|
|
@ -30,12 +27,6 @@ import freemarker.template.TemplateException;
|
||||||
public abstract class VitroAjaxController extends HttpServlet {
|
public abstract class VitroAjaxController extends HttpServlet {
|
||||||
|
|
||||||
private static final Log log = LogFactory.getLog(VitroAjaxController.class);
|
private static final Log log = LogFactory.getLog(VitroAjaxController.class);
|
||||||
|
|
||||||
/**
|
|
||||||
* Sub-classes must implement this method to verify that the user is
|
|
||||||
* authorized to execute this request.
|
|
||||||
*/
|
|
||||||
protected abstract boolean testIsAuthorized(HttpServletRequest request);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sub-classes must implement this method to handle both GET and POST
|
* Sub-classes must implement this method to handle both GET and POST
|
||||||
|
|
@ -51,7 +42,7 @@ public abstract class VitroAjaxController extends HttpServlet {
|
||||||
protected final void doGet(HttpServletRequest req, HttpServletResponse resp)
|
protected final void doGet(HttpServletRequest req, HttpServletResponse resp)
|
||||||
throws ServletException, IOException {
|
throws ServletException, IOException {
|
||||||
VitroRequest vreq = new VitroRequest(req);
|
VitroRequest vreq = new VitroRequest(req);
|
||||||
if (testIsAuthorized(vreq)) {
|
if (PolicyHelper.isAuthorizedForServlet(vreq, this)) {
|
||||||
doRequest(vreq, resp);
|
doRequest(vreq, resp);
|
||||||
} else {
|
} else {
|
||||||
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Not authorized");
|
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Not authorized");
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
package edu.cornell.mannlib.vitro.webapp.controller.edit;
|
package edu.cornell.mannlib.vitro.webapp.controller.edit;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import org.apache.commons.httpclient.HttpStatus;
|
import org.apache.commons.httpclient.HttpStatus;
|
||||||
|
|
@ -10,23 +9,20 @@ import org.apache.commons.lang.StringUtils;
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
|
import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
|
||||||
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
||||||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||||
|
|
||||||
|
|
||||||
|
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
|
||||||
public class PrimitiveDelete extends VitroAjaxController {
|
public class PrimitiveDelete extends VitroAjaxController {
|
||||||
|
|
||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
private static final Log log = LogFactory.getLog(PrimitiveDelete.class);
|
private static final Log log = LogFactory.getLog(PrimitiveDelete.class);
|
||||||
|
|
||||||
@Override
|
|
||||||
protected boolean testIsAuthorized(HttpServletRequest request) {
|
|
||||||
return LoginStatusBean.getBean(request).isLoggedIn();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doRequest(VitroRequest vreq, HttpServletResponse response) {
|
protected void doRequest(VitroRequest vreq, HttpServletResponse response) {
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -21,21 +21,19 @@ import com.hp.hpl.jena.rdf.model.Model;
|
||||||
import com.hp.hpl.jena.shared.Lock;
|
import com.hp.hpl.jena.shared.Lock;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
|
import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
|
||||||
import edu.cornell.mannlib.vitro.webapp.dao.jena.DependentResourceDeleteJena;
|
import edu.cornell.mannlib.vitro.webapp.dao.jena.DependentResourceDeleteJena;
|
||||||
import edu.cornell.mannlib.vitro.webapp.dao.jena.event.EditEvent;
|
import edu.cornell.mannlib.vitro.webapp.dao.jena.event.EditEvent;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.EditN3Utils;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.EditN3Utils;
|
||||||
|
|
||||||
|
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
|
||||||
public class PrimitiveRdfEdit extends VitroAjaxController {
|
public class PrimitiveRdfEdit extends VitroAjaxController {
|
||||||
|
|
||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
@Override
|
|
||||||
protected boolean testIsAuthorized(HttpServletRequest request) {
|
|
||||||
return LoginStatusBean.getBean(request).isLoggedIn();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doRequest(VitroRequest vreq,
|
protected void doRequest(VitroRequest vreq,
|
||||||
HttpServletResponse response) throws ServletException, IOException {
|
HttpServletResponse response) throws ServletException, IOException {
|
||||||
|
|
|
||||||
|
|
@ -2,14 +2,14 @@
|
||||||
|
|
||||||
package edu.cornell.mannlib.vitro.webapp.controller.edit;
|
package edu.cornell.mannlib.vitro.webapp.controller.edit;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import org.apache.commons.httpclient.HttpStatus;
|
import org.apache.commons.httpclient.HttpStatus;
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
|
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
|
import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
|
||||||
|
|
@ -24,6 +24,7 @@ import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||||
* @author rjy7
|
* @author rjy7
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
|
||||||
public class ReorderController extends VitroAjaxController {
|
public class ReorderController extends VitroAjaxController {
|
||||||
|
|
||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
@ -32,12 +33,6 @@ public class ReorderController extends VitroAjaxController {
|
||||||
private static String RANK_PREDICATE_PARAMETER_NAME = "predicate";
|
private static String RANK_PREDICATE_PARAMETER_NAME = "predicate";
|
||||||
private static String INDIVIDUAL_PREDICATE_PARAMETER_NAME = "individuals";
|
private static String INDIVIDUAL_PREDICATE_PARAMETER_NAME = "individuals";
|
||||||
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected boolean testIsAuthorized(HttpServletRequest request) {
|
|
||||||
return LoginStatusBean.getBean(request).isLoggedIn();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doRequest(VitroRequest vreq, HttpServletResponse response) {
|
protected void doRequest(VitroRequest vreq, HttpServletResponse response) {
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,8 @@ import org.json.JSONArray;
|
||||||
|
|
||||||
import com.hp.hpl.jena.sparql.lib.org.json.JSONObject;
|
import com.hp.hpl.jena.sparql.lib.org.json.JSONObject;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
|
import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
|
||||||
import edu.cornell.mannlib.vitro.webapp.flags.PortalFlag;
|
import edu.cornell.mannlib.vitro.webapp.flags.PortalFlag;
|
||||||
|
|
@ -46,7 +47,7 @@ import edu.cornell.mannlib.vitro.webapp.search.lucene.LuceneSetup;
|
||||||
* AutocompleteController generates autocomplete content
|
* AutocompleteController generates autocomplete content
|
||||||
* through a Lucene search.
|
* through a Lucene search.
|
||||||
*/
|
*/
|
||||||
|
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
|
||||||
public class AutocompleteController extends VitroAjaxController {
|
public class AutocompleteController extends VitroAjaxController {
|
||||||
|
|
||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
@ -59,12 +60,6 @@ public class AutocompleteController extends VitroAjaxController {
|
||||||
String NORESULT_MSG = "";
|
String NORESULT_MSG = "";
|
||||||
private int defaultMaxSearchSize= 1000;
|
private int defaultMaxSearchSize= 1000;
|
||||||
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected boolean testIsAuthorized(HttpServletRequest request) {
|
|
||||||
return LoginStatusBean.getBean(request).isLoggedIn();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doRequest(VitroRequest vreq, HttpServletResponse response)
|
protected void doRequest(VitroRequest vreq, HttpServletResponse response)
|
||||||
throws IOException, ServletException {
|
throws IOException, ServletException {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue