001: /*
002: * Copyright 2007 The Kuali Foundation.
003: *
004: * Licensed under the Educational Community License, Version 1.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.opensource.org/licenses/ecl1.php
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016: package org.kuali.module.pdp.action;
017:
018: import java.sql.Timestamp;
019: import java.util.Calendar;
020: import java.util.Enumeration;
021:
022: import javax.servlet.ServletContext;
023: import javax.servlet.http.HttpServletRequest;
024: import javax.servlet.http.HttpServletResponse;
025: import javax.servlet.http.HttpSession;
026:
027: import org.apache.log4j.MDC;
028: import org.apache.struts.action.Action;
029: import org.apache.struts.action.ActionForm;
030: import org.apache.struts.action.ActionForward;
031: import org.apache.struts.action.ActionMapping;
032: import org.kuali.core.UserSession;
033: import org.kuali.core.service.KualiConfigurationService;
034: import org.kuali.core.service.UniversalUserService;
035: import org.kuali.kfs.KFSConstants;
036: import org.kuali.kfs.context.SpringContext;
037: import org.kuali.kfs.service.ParameterService;
038: import org.kuali.kfs.service.impl.ParameterConstants;
039: import org.kuali.module.pdp.PdpConstants;
040: import org.kuali.module.pdp.bo.PdpUser;
041: import org.kuali.module.pdp.service.PdpSecurityService;
042: import org.kuali.module.pdp.service.SecurityRecord;
043:
044: import edu.iu.uis.eden.web.WebAuthenticationService;
045:
046: /**
047: * This Action will do most request processing for the PDP part of appliation. Your action should override the proper methods to do
048: * it's work. This idea and most of the concepts were stolen from the Scafold base action mentioned in Struts in Action. The bugs
049: * are probably entirely mine. This should be refactored out of the application to make full use of the Kuali Request Processor.
050: */
051: public abstract class BaseAction extends Action {
052: private static org.apache.log4j.Logger LOG = org.apache.log4j.Logger
053: .getLogger(BaseAction.class);
054:
055: /**
056: * User Service (to lookup users)
057: */
058: protected UniversalUserService userService = null;
059:
060: /**
061: * Application Settings Service (to check global app settings)
062: */
063: protected KualiConfigurationService kualiConfigurationService = null;
064:
065: /**
066: * Web Authentication Service (to do authentication)
067: */
068: protected WebAuthenticationService webAuthenticationService = null;
069:
070: /**
071: * Security Service (to do authorization)
072: */
073: protected PdpSecurityService securityService = null;
074:
075: public BaseAction() {
076: }
077:
078: /**
079: * Struts execute method. Don't override this unless you want to completely replace the functionality of base action.
080: */
081: public ActionForward execute(ActionMapping mapping,
082: ActionForm form, HttpServletRequest request,
083: HttpServletResponse response) throws Exception {
084: LOG.debug("execute() started");
085:
086: // For some reason, these don't always get set when they are in the constructor. We'll get them here
087: // the first time they are needed.
088: if (userService == null) {
089: setUniversalUserService(SpringContext
090: .getBean(UniversalUserService.class));
091: setKualiConfigurationService(SpringContext
092: .getBean(KualiConfigurationService.class));
093: setWebAuthenticationService(SpringContext
094: .getBean(WebAuthenticationService.class));
095: setSecurityService(SpringContext
096: .getBean(PdpSecurityService.class));
097: }
098:
099: ActionForward forward = null;
100:
101: HttpSession session = request.getSession();
102:
103: // Log4j settings
104: ServletContext sc = request.getSession().getServletContext();
105: MDC.put("user", "-");
106:
107: // Check for precondition errors; fail if found
108: LOG.debug("execute() calling preProcess()");
109: forward = preProcess(mapping, form, request, response);
110: if (forward != null) {
111: LOG.debug("execute() preProcess returned forward");
112: return forward;
113: }
114:
115: // Do authentication
116: forward = doAuthentication(mapping, form, request, response);
117: if (forward != null) {
118: LOG.debug("execute() doAuthentication returned forward");
119: return forward;
120: }
121:
122: // Do authorization (check again if backdoorId is set)
123: SecurityRecord securityRecord = (SecurityRecord) session
124: .getAttribute("SecurityRecord");
125: String srUser = (String) session
126: .getAttribute("SecurityRecordUser");
127: if ((securityRecord == null) || (srUser == null)
128: || !srUser.equals(getUser(request).getNetworkId())) {
129: LOG.debug("execute() Security Check");
130: securityRecord = securityService
131: .getSecurityRecord(getUser(request));
132: session.setAttribute("SecurityRecord", securityRecord);
133: session.setAttribute("SecurityRecordUser", getUser(request)
134: .getNetworkId());
135: }
136:
137: if (!isAuthorized(mapping, form, request, response)) {
138: LOG.debug("execute() Unauthorized");
139: return mapping.findForward("pdp_unauthorized");
140: }
141:
142: Timestamp disbExpireDate = getLastGoodDisbursementActionDate();
143: if (disbExpireDate == null) {
144: return forward;
145: }
146: session.setAttribute("DisbursementExpireDate", disbExpireDate);
147:
148: try {
149: LOG.debug("execute() Calling executeLogic()");
150: forward = executeLogic(mapping, form, request, response);
151: LOG.debug("execute() executeLogic() returned forward '"
152: + forward + "'");
153: } catch (Exception e) {
154: LOG
155: .error(
156: "execute() Exception received. Calling catchException",
157: e);
158: forward = catchException(mapping, form, request, response,
159: e);
160: } finally {
161: LOG.debug("execute() Calling postProcess()");
162: postProcess(mapping, form, request, response);
163: }
164:
165: LOG.debug("execute() Returning");
166: return forward;
167: }
168:
169: protected Timestamp getLastGoodDisbursementActionDate() {
170: LOG.debug("getLastGoodDisbursementActionDate() started");
171:
172: String daysStr = SpringContext
173: .getBean(ParameterService.class)
174: .getParameterValue(
175: ParameterConstants.PRE_DISBURSEMENT_ALL.class,
176: PdpConstants.ApplicationParameterKeys.DISBURSEMENT_ACTION_EXPIRATION_DAYS);
177: int days = Integer.valueOf(daysStr);
178: Calendar c = Calendar.getInstance();
179: c.add(Calendar.DATE, (days * -1));
180: c.set(Calendar.HOUR, 12);
181: c.set(Calendar.MINUTE, 0);
182: c.set(Calendar.SECOND, 0);
183: c.set(Calendar.MILLISECOND, 0);
184: c.set(Calendar.AM_PM, Calendar.AM);
185: LOG
186: .debug("getLastGoodDisbursementActionDate() Date being used is "
187: + c.get(Calendar.MONTH)
188: + "/"
189: + c.get(Calendar.DATE)
190: + "/"
191: + c.get(Calendar.YEAR));
192: return new Timestamp(c.getTimeInMillis());
193: }
194:
195: public String whichButtonWasPressed(HttpServletRequest request) {
196: String paramName = new String();
197:
198: Enumeration enumer = request.getParameterNames();
199: while (enumer.hasMoreElements()) {
200: paramName = (String) enumer.nextElement();
201: if (paramName.startsWith("btn")) { // All the button names start with btn
202: if (paramName.indexOf(".") > -1) {
203: return paramName.substring(0, paramName
204: .indexOf("."));
205: } else {
206: return paramName;
207: }
208: }
209: }
210: return "";
211: }
212:
213: /**
214: * This method does authentication. Override if you want to do a different authentication or none.
215: *
216: * @param mapping
217: * @param form
218: * @param request
219: * @param response
220: * @return
221: */
222: protected ActionForward doAuthentication(ActionMapping mapping,
223: ActionForm form, HttpServletRequest request,
224: HttpServletResponse response) {
225: LOG.debug("doAuthentication() started");
226:
227: HttpSession session = request.getSession();
228:
229: UserSession userSession = (UserSession) request.getSession()
230: .getAttribute(KFSConstants.USER_SESSION_KEY);
231:
232: // This is needed for PDP. At some point, PDP should be refactored to use UserSession
233: session.setAttribute("user", new PdpUser(userSession
234: .getUniversalUser()));
235:
236: MDC.put("user", userSession.getNetworkId());
237:
238: return null;
239: }
240:
241: /**
242: * This group authorization. Override to change the authorization type.
243: *
244: * @param mapping
245: * @param form
246: * @param request
247: * @param response
248: * @return
249: * @throws SharedException
250: */
251: protected boolean isAuthorized(ActionMapping mapping,
252: ActionForm form, HttpServletRequest request,
253: HttpServletResponse response) {
254: LOG.debug("isAuthorized() Default method = returning true");
255: return true;
256: }
257:
258: /**
259: * Get the user object for the user that is logged in. This only works after doAuthentication() has run for the first request
260: * from a user.
261: *
262: * @param request
263: * @return The user object
264: */
265: protected PdpUser getUser(HttpServletRequest request) {
266: return (PdpUser) request.getSession().getAttribute("user");
267: }
268:
269: /**
270: * Get the security record for the user that is logged in. This only works after doAuthentication() is run.
271: *
272: * @param request
273: * @return The security record object
274: */
275: protected SecurityRecord getSecurityRecord(
276: HttpServletRequest request) {
277: return (SecurityRecord) request.getSession().getAttribute(
278: "SecurityRecord");
279: }
280:
281: /**
282: * Get the disbursement action expiration date where a disbursement date before this date is not allowed to be cancelled or
283: * cancelled and reissued
284: *
285: * @param request
286: * @return The last disbursement date that is allowed for cancel
287: */
288: protected Timestamp getDisbursementActionExpirationDate(
289: HttpServletRequest request) {
290: return (Timestamp) request.getSession().getAttribute(
291: "DisbursementExpireDate");
292: }
293:
294: /**
295: * Execute the business logic for this Action.
296: *
297: * @param mapping The ActionMapping used to select this instance
298: * @param form The optional ActionForm bean for this request
299: * @param request The HTTP request we are processing
300: * @param response The resonse we are creating
301: */
302: protected abstract ActionForward executeLogic(
303: ActionMapping mapping, ActionForm form,
304: HttpServletRequest request, HttpServletResponse response)
305: throws Exception;
306:
307: /**
308: * Optional extension point for pre-processing. Default method does nothing.
309: *
310: * @param mapping The ActionMapping used to select this instance
311: * @param actionForm The optional ActionForm bean for this request
312: * @param request The HTTP request we are processing
313: * @param response The resonse we are creating
314: */
315: protected ActionForward preProcess(ActionMapping mapping,
316: ActionForm form, HttpServletRequest request,
317: HttpServletResponse response) {
318: // override to provide functionality
319: LOG.info("preProcess() default preProcess()");
320: return null;
321: }
322:
323: /**
324: * Optional extension point for post-processing. Default method does nothing. This is called from a finally{} clause, and so is
325: * guaranteed to be called after executeLogic() or catchException().
326: *
327: * @param mapping The ActionMapping used to select this instance
328: * @param actionForm The optional ActionForm bean for this request
329: * @param request The HTTP request we are processing
330: * @param response The resonse we are creating
331: */
332: protected void postProcess(ActionMapping mapping, ActionForm form,
333: HttpServletRequest request, HttpServletResponse response) {
334: // override to provide functionality
335: LOG.info("postProcess() default postProcess()");
336: }
337:
338: /**
339: * Process the exception handling for this Action. Default method just returns a standard system error page.
340: *
341: * @param mapping The ActionMapping used to select this instance
342: * @param actionForm The optional ActionForm bean for this request
343: * @param request The HTTP request we are processing
344: * @param response The response we are creating
345: */
346: protected ActionForward catchException(ActionMapping mapping,
347: ActionForm form, HttpServletRequest request,
348: HttpServletResponse response, Exception exception) {
349: // override to provide functionality
350: LOG.info("catchException() default catchException()");
351: return mapping.findForward("pdp_system_error");
352: }
353:
354: /**
355: * This method returns the network id of the user accessing this action.
356: *
357: * @param request
358: * @return
359: */
360: protected String getNetworkId(HttpServletRequest request) {
361: PdpUser user = getUser(request);
362:
363: if (user == null) {
364: LOG.error("getNetworkId() not authenticated");
365: return null;
366: } else {
367: return user.getUniversalUser().getPersonUserIdentifier();
368: }
369: }
370:
371: /**
372: * Have the user service set for us
373: *
374: * @param us
375: */
376: public void setUniversalUserService(UniversalUserService us) {
377: this .userService = us;
378: }
379:
380: /**
381: * Have the application settings service set for us
382: *
383: * @param ass
384: */
385: public void setKualiConfigurationService(
386: KualiConfigurationService kcs) {
387: kualiConfigurationService = kcs;
388: }
389:
390: /**
391: * Have the web authentication service set for us
392: *
393: * @param was
394: */
395: public void setWebAuthenticationService(WebAuthenticationService was) {
396: this .webAuthenticationService = was;
397: }
398:
399: /**
400: * Have the security service set for us
401: *
402: * @param ss
403: */
404: public void setSecurityService(PdpSecurityService ss) {
405: this.securityService = ss;
406: }
407: }
|