Java tutorial
/********************************************************************************* * The contents of this file are subject to the Common Public Attribution * License Version 1.0 (the "License"); you may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.openemm.org/cpal1.html. The License is based on the Mozilla * Public License Version 1.1 but Sections 14 and 15 have been added to cover * use of software over a computer network and provide for limited attribution * for the Original Developer. In addition, Exhibit A has been modified to be * consistent with Exhibit B. * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for * the specific language governing rights and limitations under the License. * * The Original Code is OpenEMM. * The Original Developer is the Initial Developer. * The Initial Developer of the Original Code is AGNITAS AG. All portions of * the code written by AGNITAS AG are Copyright (c) 2007 AGNITAS AG. All Rights * Reserved. * * Contributor(s): AGNITAS AG. ********************************************************************************/ package org.agnitas.web.forms; import java.util.ArrayList; import java.util.Enumeration; import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; import org.agnitas.beans.Admin; import org.agnitas.util.AgnUtils; import org.apache.commons.beanutils.BeanUtils; import org.apache.commons.lang.ArrayUtils; import org.apache.struts.action.ActionErrors; import org.apache.struts.action.ActionMapping; import org.apache.struts.action.ActionMessage; import org.springframework.context.ApplicationContext; import org.springframework.web.context.support.WebApplicationContextUtils; /** * Implementation of <strong>Action</strong> that validates a user logon. * * @author Craig R. McClanahan * @version $Revision: 1.1 $ $Date: 2006/08/03 08:47:47 $ */ public class StrutsFormBase extends org.apache.struts.action.ActionForm { /** * */ private static final long serialVersionUID = -517998059502119608L; public static final int DEFAULT_NUMBER_OF_ROWS = 50; public static final int DEFAULT_REFRESH_MILLIS = 250; public static final int WIDTH_STATE_UNDEFINED = -1; public static final int WIDTH_STATE_NORMAL = 0; public static final int WIDTH_STATE_WIDE = 1; private static final Pattern htmlTagPattern; static { htmlTagPattern = Pattern.compile("^.*?</?(\\w+)[^>]*>(.*)$", Pattern.MULTILINE | Pattern.DOTALL); } /** * List of HTML tags. Alls tags in the list are assumed to be safe (no XSS). */ public static final String[] GENERIC_SAFE_HTML_TAGS = { "u", "i", "b", "p", "div", "span", "img", "a", "font", "br", "map", "area" }; /** * holds the preferred number of rows a user wants to see in a list */ private int numberofRows = -1; // -1 -> not initialized /** * flag which show's that the number of rows a user wants to see has been changed */ private boolean numberOfRowsChanged = false; // keep sort, order , page , columnwidth private String sort = ""; private String order = ""; private String page = "1"; protected List<String> columnwidthsList = new ArrayList<String>(); private int refreshMillis = DEFAULT_REFRESH_MILLIS; private boolean error = false; private int extendedWidthState = WIDTH_STATE_UNDEFINED; /** * Getter for property companyID. * * @return Value of property companyID. * @param req */ public int getCompanyID(HttpServletRequest req) { int companyID = 0; try { companyID = AgnUtils.getAdmin(req).getCompany().getId(); } catch (Exception e) { AgnUtils.logger().error("getCompanyID: " + e.getMessage()); companyID = 0; } return companyID; } /** * Checks permission. */ protected static boolean allowed(String id, HttpServletRequest req) { Admin aAdmin = AgnUtils.getAdmin(req); if (aAdmin == null) { return false; //Nothing allowed if there is no permission set in Session } else { return aAdmin.permissionAllowed(id); } } /** * Resets parameters. */ @Override public void reset(ActionMapping map, HttpServletRequest request) { String aCBox = null; String name = null; String value = null; Enumeration names = request.getParameterNames(); while (names.hasMoreElements()) { name = (String) names.nextElement(); if (name.startsWith("__STRUTS_CHECKBOX_") && name.length() > 18) { aCBox = name.substring(18); try { if ((value = request.getParameter(name)) != null) { BeanUtils.setProperty(this, aCBox, value); } } catch (Exception e) { AgnUtils.logger().error("reset: " + e.getMessage()); } } } } /** * Getter for property webApplicationContext. * * @return Value of property webApplicationContext. */ public ApplicationContext getWebApplicationContext() { return WebApplicationContextUtils.getWebApplicationContext(this.getServlet().getServletContext()); } public int getNumberofRows() { return numberofRows; } public void setNumberofRows(int numberofRows) { this.numberofRows = numberofRows; } public boolean isNumberOfRowsChanged() { return numberOfRowsChanged; } public void setNumberOfRowsChanged(boolean numberOfRowsChanged) { this.numberOfRowsChanged = numberOfRowsChanged; } public String getSort() { return sort; } public void setSort(String sort) { this.sort = sort; } public String getOrder() { return order; } public void setOrder(String order) { this.order = order; } public String getPage() { return page; } public void setPage(String page) { this.page = page; } public int getRefreshMillis() { return refreshMillis; } public void setRefreshMillis(int refreshMillis) { this.refreshMillis = refreshMillis; } public boolean isError() { return error; } public void setError(boolean error) { this.error = error; } public List<String> getColumnwidthsList() { return columnwidthsList; } public void setColumnwidthsList(List<String> columnwidthsList) { this.columnwidthsList = columnwidthsList; } /** * Original validate() called by Struts. * This method is made "final" to force calling method checkForUnsafeHtmlTags(). * If you want to implement your own validate() use formSpecificValidate()! * * @see formSpecificVaidate(ActionMapping, HttpServletRequest) */ @Override public final ActionErrors validate(ActionMapping mapping, HttpServletRequest request) { // First, check if we can find HTML tags in at least one request parameter. ActionErrors errors = checkForHtmlTags(request); // The do user defined (and form specific) validation errors.add(formSpecificValidate(mapping, request)); errors.add(super.validate(mapping, request)); return errors; } public ActionErrors formSpecificValidate(ActionMapping mapping, HttpServletRequest request) { return null; } protected ActionErrors checkForHtmlTags(HttpServletRequest request) { ActionErrors errors = new ActionErrors(); Set<String> tagNames = getUnsafeHtmlTagNames(request); for (String tagName : tagNames) errors.add(ActionErrors.GLOBAL_MESSAGE, new ActionMessage("mailing.unsafe_html_tag", tagName)); return errors; } /** * Checks, if parameter is excluded from checking for unsafe HTML tags. If method returns false, * method checkForHtmlTags() is called. * * If method is not overwritten, false is returned for every parameter name. * * @param parameterName parameter name * @param request TODO * @return true, if parameter is excluded from check for unsafe HTML tags */ protected boolean isParameterExcludedForUnsafeHtmlTagCheck(String parameterName, HttpServletRequest request) { return false; } protected Set<String> getUnsafeHtmlTagNames(HttpServletRequest request) { Set<String> tagNames = new HashSet<String>(); Enumeration parameterNames = request.getParameterNames(); while (parameterNames.hasMoreElements()) { String paramName = (String) parameterNames.nextElement(); if (!isParameterExcludedForUnsafeHtmlTagCheck(paramName, request)) { tagNames.addAll(getAllUnsafeHtmlTagNames(paramName, request.getParameterValues(paramName))); } } return tagNames; } protected Set<String> getAllUnsafeHtmlTagNames(String paramName, String[] textArray) { Set<String> tagNames = new HashSet<String>(); for (String text : textArray) tagNames.addAll(getUnsafeHtmlTagNames(paramName, text)); return tagNames; } protected Set<String> getUnsafeHtmlTagNames(String paramName, String text) { Set<String> tagNames = new HashSet<String>(); String tagName; Matcher matcher = htmlTagPattern.matcher(text); while (matcher.matches()) { tagName = matcher.group(1).toLowerCase(); if (isUnsafeHtmlTagForParameter(tagName, paramName)) tagNames.add(tagName); matcher = htmlTagPattern.matcher(matcher.group(2)); } return tagNames; } protected boolean isUnsafeHtmlTagForParameter(String tagName, String paramName) { return !ArrayUtils.contains(GENERIC_SAFE_HTML_TAGS, tagName); } public int getExtendedWidthState() { return extendedWidthState; } public void setExtendedWidthState(int extendedWidthState) { this.extendedWidthState = extendedWidthState; } }