List of usage examples for org.springframework.web.context.request ServletWebRequest ServletWebRequest
public ServletWebRequest(HttpServletRequest request)
From source file:org.broadleafcommerce.common.security.service.ExploitProtectionServiceImpl.java
@Override public String getCSRFToken() throws ServiceException { HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()) .getRequest();//from w w w .jav a 2 s .co m if (BLCRequestUtils.isOKtoUseSession(new ServletWebRequest(request))) { HttpSession session = request.getSession(); String token = (String) session.getAttribute(CSRFTOKEN); if (StringUtils.isEmpty(token)) { try { token = RandomGenerator.generateRandomId("SHA1PRNG", 32); } catch (NoSuchAlgorithmException e) { LOG.error("Unable to generate random number", e); throw new ServiceException("Unable to generate random number", e); } session.setAttribute(CSRFTOKEN, token); } return token; } return null; }
From source file:org.broadleafcommerce.common.security.service.StaleStateProtectionServiceImpl.java
@Override public String getStateVersionToken() { HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()) .getRequest();//ww w. jav a 2 s .c om if (BLCRequestUtils.isOKtoUseSession(new ServletWebRequest(request))) { HttpSession session = request.getSession(); String token = (String) session.getAttribute(STATEVERSIONTOKEN); if (StringUtils.isEmpty(token)) { try { token = RandomGenerator.generateRandomId("SHA1PRNG", 32); } catch (NoSuchAlgorithmException e) { LOG.error("Unable to generate random number", e); throw new RuntimeException("Unable to generate random number", e); } session.setAttribute(STATEVERSIONTOKEN, token); } return token; } return null; }
From source file:org.broadleafcommerce.common.security.service.StaleStateProtectionServiceImpl.java
@Override public void invalidateState() { HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()) .getRequest();/*from w w w. j a va 2 s . co m*/ if (BLCRequestUtils.isOKtoUseSession(new ServletWebRequest(request))) { HttpSession session = request.getSession(); session.removeAttribute(STATEVERSIONTOKEN); } }
From source file:org.broadleafcommerce.common.web.BroadleafCurrencyResolverImpl.java
/** * Responsible for returning the currency to use for the current request. *///from ww w.ja va2 s.co m @Override public BroadleafRequestedCurrencyDto resolveCurrency(HttpServletRequest request) { return resolveCurrency(new ServletWebRequest(request)); }
From source file:org.broadleafcommerce.common.web.BroadleafLocaleResolverImpl.java
@Override public Locale resolveLocale(HttpServletRequest request) { return resolveLocale(new ServletWebRequest(request)); }
From source file:org.broadleafcommerce.common.web.BroadleafSandBoxResolverImpl.java
/** * Determines the current sandbox based on other parameters on the request such as * the blSandBoxId parameters. /*from w w w . j a va2 s . c o m*/ * * If the {@link #getSandBoxPreviewEnabled()}, then this method will not return a user * SandBox. * */ @Override public SandBox resolveSandBox(HttpServletRequest request, Site site) { return resolveSandBox(new ServletWebRequest(request), site); }
From source file:org.broadleafcommerce.common.web.resource.BroadleafResourceHttpRequestHandler.java
protected void establishThinRequestContext() { BroadleafRequestContext oldBrc = BroadleafRequestContext.getBroadleafRequestContext(); if (oldBrc == null || oldBrc.getSite() == null || oldBrc.getTheme() == null) { // Resolving sites and sandboxes is often dependent on having a security context present in the request. // For example, resolving a sandbox requires the current user to have the BLC_ADMIN_USER in his Authentication. // For performance reasons, we do not go through the entire Spring Security filter chain on requests // for resources like JavaScript and CSS files. However, when theming is enabled, we potentially have to // resolve a specific version of the theme for a sandbox so that we can replace variables appropriately. This // then depends on the sandbox being resolved, which requires the Authentication object to be present. // We will grab the Authentication object associated with this user's session and set it on the // SecurityContextHolder since Spring Security will be bypassed. HttpServletRequest req = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()) .getRequest();//from w ww . jav a 2 s . c om HttpSession session = req.getSession(false); SecurityContext ctx = readSecurityContextFromSession(session); if (ctx != null) { SecurityContextHolder.setContext(ctx); } BroadleafRequestContext newBrc = new BroadleafRequestContext(); if (!isGlobalAdmin(req)) { ServletWebRequest swr = new ServletWebRequest(req); newBrc.setSite(siteResolver.resolveSite(swr, true)); newBrc.setSandBox(sbResolver.resolveSandBox(swr, newBrc.getSite())); BroadleafRequestContext.setBroadleafRequestContext(newBrc); newBrc.setTheme(themeResolver.resolveTheme(swr)); } } }
From source file:org.broadleafcommerce.core.web.controller.account.BroadleafLoginController.java
/** * Looks up the passed in username and sends an email to the address on file with a * reset password token. // w w w . ja v a 2 s .c o m * * Returns error codes for invalid username. * * @param username * @param request * @param model * @return the return view */ public String processForgotPassword(String username, HttpServletRequest request, Model model) { GenericResponse errorResponse = customerService.sendForgotPasswordNotification(username, getResetPasswordUrl(request)); if (errorResponse.getHasErrors()) { String errorCode = errorResponse.getErrorCodesList().get(0); model.addAttribute("errorCode", errorCode); return getForgotPasswordView(); } else { if (BLCRequestUtils.isOKtoUseSession(new ServletWebRequest(request))) { request.getSession(true).setAttribute("forgot_password_username", username); } return getForgotPasswordSuccessView(); } }
From source file:org.broadleafcommerce.core.web.controller.account.BroadleafLoginController.java
/** * Initializes the reset password by ensuring that the passed in token URL * parameter initializes the hidden form field. * /*from w ww .j a v a 2s . co m*/ * Also, if the reset password request is in the same session as the * forgotPassword request, the username will auto-populate * * @param request * @return the return view */ public ResetPasswordForm initResetPasswordForm(HttpServletRequest request) { ResetPasswordForm resetPasswordForm = new ResetPasswordForm(); String username = null; if (BLCRequestUtils.isOKtoUseSession(new ServletWebRequest(request))) { username = (String) request.getSession(true).getAttribute("forgot_password_username"); } String token = request.getParameter("token"); resetPasswordForm.setToken(token); resetPasswordForm.setUsername(username); return resetPasswordForm; }
From source file:org.broadleafcommerce.core.web.controller.account.BroadleafSocialRegisterController.java
public String register(RegisterCustomerForm registerCustomerForm, HttpServletRequest request, HttpServletResponse response, Model model) { Connection<?> connection = ProviderSignInUtils.getConnection(new ServletWebRequest(request)); if (connection != null) { UserProfile userProfile = connection.fetchUserProfile(); Customer customer = registerCustomerForm.getCustomer(); customer.setFirstName(userProfile.getFirstName()); customer.setLastName(userProfile.getLastName()); customer.setEmailAddress(userProfile.getEmail()); if (isUseEmailForLogin()) { customer.setUsername(userProfile.getEmail()); } else {/*from w ww . ja va 2 s.c o m*/ customer.setUsername(userProfile.getUsername()); } } return super.register(registerCustomerForm, request, response, model); }