it.cnr.contab.util.servlet.RESTServlet Maven / Gradle / Ivy
/*
* Copyright (C) 2019 Consiglio Nazionale delle Ricerche
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see restExtension;
private File actionDirFile;
private ActionMappings mappings;
private String COMMAND_POST = "doRestResponse", COMMAND_GET = "doRestInfo", ACTION_INFO = "/info";
private static final Logger logger = LoggerFactory.getLogger(RESTServlet.class);
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
execute(req, resp, COMMAND_POST);
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
execute(req, resp, COMMAND_GET);
}
protected void execute(HttpServletRequest req, HttpServletResponse resp, String command)
throws ServletException, IOException {
resp.setContentType("application/json");
String action = req.getServletPath();
String authorization = req.getHeader(AUTHORIZATION);
logger.debug("RemoteAddr:{} RemoteHost:{} RemotePort:{}",req.getRemoteAddr(),req.getRemoteHost(),req.getRemotePort());
logger.debug("Action:{} Command:{} Authorization:{}",action,command,authorization);
logger.debug("ContentType:{} Encoding:{} QueryString:{}",req.getContentType(),req.getCharacterEncoding(),req.getQueryString());
logger.debug("ServerName:{} ServerPort:{} URI:{}",req.getServerName(),req.getServerPort(),req.getRequestURI());
String extension = action.substring(action.lastIndexOf("."));
if(!restExtension.contains(extension))
throw new ServletException("Le actions devono terminare con \""+ restExtension +"\"");
action = action.substring(0, action.length() - extension.length());
if (action.equals(ACTION_INFO)){
if (command.equals(COMMAND_GET)) {
searchForInfo(req, resp);
} else {
throw new ServletException("Non è possibile avere le informazioni sui servizi con il comando POST");
}
} else {
ActionMapping actionmapping = mappings.findActionMapping(action);
if(actionmapping == null)
throw new ServletException("Action not found ["+action+"]");
UtenteBulk utente = null;
try {
if (actionmapping.needExistingSession())
try {
utente = BasicAuthentication.authenticateUtenteMultiplo(req.getHeader(AUTHORIZATION), null);
} catch (UtenteMultiploException _ex) {
utente = BasicAuthentication.authenticateUtenteMultiplo(req.getHeader(AUTHORIZATION),
Optional.ofNullable(req.getParameterValues("utente-multiplo"))
.filter(strings -> strings.length == 1)
.map(strings -> strings[0])
.orElse(null)
);
}
if (utente != null || !actionmapping.needExistingSession()) {
JSONRequest jsonRequest = null;
HttpActionContext httpactioncontext = new HttpActionContext(this, req, resp);
httpactioncontext.setActionMapping(actionmapping);
if (command.equals(COMMAND_POST)) {
jsonRequest = new Gson().fromJson(new JsonParser().parse(req.getReader()), JSONRequest.class);
if (actionmapping.needExistingSession()) {
httpactioncontext.setUserContext(
BasicAuthentication.getContextFromRequest(jsonRequest, utente.getCd_utente(), httpactioncontext.getSessionId()),
false);
logger.debug("Context: Anno:{} CDS:{} UO:{} CDR:{}",
jsonRequest.getContext().getEsercizio(),
jsonRequest.getContext().getCd_cds(),
jsonRequest.getContext().getCd_unita_organizzativa(),
jsonRequest.getContext().getCd_cdr());
httpactioncontext.setUserInfo(getUserInfo(utente, (CNRUserContext) httpactioncontext.getUserContext()), false);
} else {
httpactioncontext.setUserContext(new RESTUserContext(), false);
httpactioncontext.setUserInfo(getUserInfo(utente, (CNRUserContext) httpactioncontext.getUserContext()), false);
}
}
try{
BusinessProcess businessProcess;
if (req.getParameter("bpName") != null)
businessProcess = mappings.createBusinessProcess(req.getParameter("bpName"), httpactioncontext);
else
businessProcess = mappings.createBusinessProcess(actionmapping, httpactioncontext);
logger.debug("Business Process: {} ", businessProcess.getName());
RemoteIterator iterator = null;
if (command.equals(COMMAND_POST)) {
Boolean isEnableBP = false;
if (actionmapping.needExistingSession())
isEnableBP = loginComponentSession().isBPEnableForUser(httpactioncontext.getUserContext(), utente,
CNRUserContext.getCd_unita_organizzativa(httpactioncontext.getUserContext()), businessProcess.getName());
if ((actionmapping.needExistingSession() && !isEnableBP) || !(businessProcess instanceof ConsultazioniBP)) {
resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
resp.getWriter().append("{\"message\" : \"Utente non abilitato ad eseguire la richiesta!\"}");
return;
}
ConsultazioniBP consBP = ((ConsultazioniBP)businessProcess);
if (jsonRequest != null && jsonRequest.getClauses() != null) {
CompoundFindClause compoundFindClause = new CompoundFindClause();
for (Clause clause : jsonRequest.getClauses()) {
logger.debug("Condition:{} FieldName:{} Operator:{} fieldValue:{}", clause.getCondition(), clause.getFieldName(), clause.getOperator(), clause.getFieldValue());
clause.validate();
compoundFindClause.addClause(
clause.getCondition(),
clause.getFieldName(),
clause.getSQLOperator(),
clause.getFieldValue());
}
consBP.setFindclause(compoundFindClause);
}
iterator = consBP.search(httpactioncontext,
consBP.getFindclause(),
(OggettoBulk) consBP.getBulkInfo().getBulkClass().newInstance());
consBP.setIterator(httpactioncontext,
iterator);
parseRequestParameter(req, httpactioncontext, jsonRequest, consBP);
}
BusinessProcess.setBusinessProcessRoot(req, businessProcess);
httpactioncontext.setBusinessProcess(businessProcess);
req.setAttribute(it.cnr.jada.action.BusinessProcess.class.getName(), businessProcess);
httpactioncontext.perform(null, actionmapping, command);
}catch(ActionPerformingError actionperformingerror) {
throw new ComponentException(actionperformingerror.getDetail());
}catch(RuntimeException runtimeexception){
logger.error("RuntimeException", runtimeexception);
throw new ComponentException(runtimeexception);
} catch (BusinessProcessException e) {
logger.error("BusinessProcessException", e);
throw new ComponentException(e);
} catch (InstantiationException e) {
logger.error("InstantiationException", e);
throw new ComponentException(e);
} catch (IllegalAccessException e) {
logger.error("IllegalAccessException", e);
throw new ComponentException(e);
}
} else {
resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
resp.setHeader("WWW-Authenticate", "Basic realm=\"SIGLA\"");
}
} catch (UtenteLdapNonUtenteSiglaException _ex) {
resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
resp.setHeader("WWW-Authenticate", "Basic realm=\"SIGLA\"");
} catch (ComponentException e) {
logger.error("ComponentException", e);
resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
Gson gson = new Gson();
Map exc_map = new HashMap();
exc_map.put("message", e.toString());
exc_map.put("stacktrace", getStackTrace(e));
resp.getWriter().append(gson.toJson(exc_map));
}
}
}
private void searchForInfo(HttpServletRequest req, HttpServletResponse resp)
throws ServletException {
Hashtable actionMappings = mappings.getActions();
Hashtable actionsConAccesso = new Hashtable();
Hashtable actionsSenzaAccesso = new Hashtable();
searchActionsForInfo(req, resp, actionMappings, actionsConAccesso, actionsSenzaAccesso);
createResponseForInfo(req, resp, actionsConAccesso, actionsSenzaAccesso);
}
private void createResponseForInfo(HttpServletRequest req,
HttpServletResponse resp,
Hashtable actionsConAccesso,
Hashtable actionsSenzaAccesso)
throws ServletException {
HttpActionContext httpactioncontextResp = new HttpActionContext(this, req, resp);
HttpServletResponse response = httpactioncontextResp.getResponse();
response.setContentType("application/json");
try {
JsonGenerator jGenerator = writeHeaderJsonForInfo(actionsConAccesso, actionsSenzaAccesso, response);
writeElementsJsonForInfo(actionsConAccesso, actionsSenzaAccesso, jGenerator);
jGenerator.writeEndArray();
jGenerator.close();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private void writeElementsJsonForInfo(
Hashtable actionsConAccesso,
Hashtable actionsSenzaAccesso,
JsonGenerator jGenerator) throws IOException,
JsonGenerationException {
ObjectMapper mapper = new ObjectMapper();
mapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
for (String key : actionsConAccesso.keySet()) {
AssBpAccessoBulk accesso = actionsConAccesso.get(key);
if (accesso.getAccesso() != null && accesso.getAccesso().getTi_accesso() != null){
if (accesso.getAccesso().getTi_accesso().equals("D")){
writeJsonForInfoConAccesso(jGenerator, mapper, key, accesso);
}
}
}
for (String key : actionsSenzaAccesso.keySet()) {
ActionMapping actionMapping = actionsSenzaAccesso.get(key);
if (!actionMapping.needExistingSession()){
writeJsonForInfoSenzaAccesso(jGenerator, mapper, key, actionMapping);
}
}
}
private void writeJsonForInfoSenzaAccesso(JsonGenerator jGenerator,
ObjectMapper mapper, String key, ActionMapping actionMapping)
throws IOException, JsonGenerationException, JsonMappingException {
jGenerator.writeStartObject();
jGenerator.writeFieldName("action");
jGenerator.writeRawValue(mapper.writeValueAsString(key));
jGenerator.writeFieldName("authentication");
jGenerator.writeRawValue(mapper.writeValueAsString(Boolean.toString(actionMapping.needExistingSession())));
jGenerator.writeEndObject();
}
private void writeJsonForInfoConAccesso(JsonGenerator jGenerator,
ObjectMapper mapper, String key, AssBpAccessoBulk accesso)
throws IOException, JsonGenerationException, JsonMappingException {
jGenerator.writeStartObject();
jGenerator.writeFieldName("action");
jGenerator.writeRawValue(mapper.writeValueAsString(key));
jGenerator.writeFieldName("descrizione");
jGenerator.writeRawValue(mapper.writeValueAsString(accesso.getAccesso().getDs_accesso()));
jGenerator.writeFieldName("accesso");
jGenerator.writeRawValue(mapper.writeValueAsString(accesso.getCdAccesso()));
jGenerator.writeFieldName("authentication");
jGenerator.writeRawValue(mapper.writeValueAsString(Boolean.toString(Boolean.TRUE)));
jGenerator.writeEndObject();
}
private JsonGenerator writeHeaderJsonForInfo(
Hashtable actionsConAccesso,
Hashtable actionsSenzaAccesso,
HttpServletResponse response) throws IOException,
JsonGenerationException {
JsonFactory jfactory = new JsonFactory();
JsonGenerator jGenerator = jfactory.createJsonGenerator(response.getWriter());
jGenerator.writeStartObject();
jGenerator.writeNumberField("totalNumItems", actionsConAccesso.size() + actionsSenzaAccesso.size());
jGenerator.writeNumberField("maxItemsPerPage", 0);
jGenerator.writeNumberField("activePage", 0);
jGenerator.writeArrayFieldStart("elements");
return jGenerator;
}
private void searchActionsForInfo(HttpServletRequest req,
HttpServletResponse resp,
Hashtable actionMappings,
Hashtable actionsConAccesso,
Hashtable actionsSenzaAccesso)
throws ServletException {
for (String key : actionMappings.keySet()) {
ActionMapping actionMapping = actionMappings.get(key);
HttpActionContext httpactioncontext = new HttpActionContext(this, req, resp);
if (isConsultazione(actionMapping, httpactioncontext, key)){
if (!actionMapping.needExistingSession()){
actionsSenzaAccesso.put(key, actionMapping);
} else {
searchActionsConAccesso(actionsConAccesso, key, actionMapping, httpactioncontext);
}
}
}
}
private void searchActionsConAccesso(
Hashtable actionsConAccesso, String key,
ActionMapping actionMapping, HttpActionContext httpactioncontext) {
try {
String bpName = mappings.getBusinessProcessName(actionMapping, httpactioncontext);
if (bpName != null){
List listaAccessi = assBpAccessoComponentSession().findAccessoByBP(httpactioncontext.getUserContext(), bpName);
if (listaAccessi != null && !listaAccessi.isEmpty()){
for (Iterator © 2015 - 2025 Weber Informatics LLC | Privacy Policy