View Javadoc
1   /*
2    * Copyright (c) 2002-2018, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.bandeaugra.web;
35  
36  import java.util.Map;
37  
38  import javax.servlet.http.HttpServletRequest;
39  
40  import fr.paris.lutece.portal.service.security.LuteceUser;
41  import fr.paris.lutece.portal.service.security.SecurityService;
42  import fr.paris.lutece.portal.service.security.UserNotSignedException;
43  import fr.paris.lutece.portal.service.util.AppLogService;
44  import fr.paris.lutece.portal.service.util.AppPathService;
45  import fr.paris.lutece.portal.service.util.AppPropertiesService;
46  import fr.paris.lutece.portal.util.mvc.commons.annotations.View;
47  import fr.paris.lutece.portal.util.mvc.xpage.MVCApplication;
48  import fr.paris.lutece.portal.util.mvc.xpage.annotations.Controller;
49  import fr.paris.lutece.portal.web.constants.Markers;
50  import fr.paris.lutece.portal.web.xpages.XPage;
51  import java.net.MalformedURLException;
52  import java.net.URL;
53  /**
54   * This class provides a simple implementation of an XPage
55   */
56  @Controller( xpageName = "bandeaugra", pageTitleI18nKey = "bandeaugra.xpage.bandeaugra.pageTitle", pagePathI18nKey = "bandeaugra.xpage.bandeaugra.pagePathLabel" )
57  public class BandeaugraApp extends MVCApplication
58  {
59      private static final long serialVersionUID = 2371791722341987550L;
60  	private static final String TEMPLATE_XPAGE = "/skin/plugins/bandeaugra/bandeaugra.html";
61      private static final String VIEW_AUTH = "auth";
62      private static final String PARAMETER_BACK_URL = "back_url";
63      private static final String MARK_BACK_URL = "back_url";
64      private static final String PROPERTY_AUTHORIZED_DOMAINS = "bandeaugra.authorizedDomains";
65      private static final String CONSTANT_COMMA = ",";
66  
67      /**
68       * Returns the content of the page bandeaugra.
69       * 
70       * @param request
71       *            The HTTP request
72       * @return The view
73       */
74      @View( value = VIEW_AUTH, defaultView = true )
75      public XPage viewAuth( HttpServletRequest request ) throws UserNotSignedException
76      {
77  
78          LuteceUser luteceUser = SecurityService.getInstance( ).getRegisteredUser( request );
79  
80          if ( luteceUser == null )
81          {
82              throw new UserNotSignedException( );
83          }
84  
85          String strBackUrl = getBackUrl( request );
86  
87          Map<String, Object> model = getModel( );
88          model.put( Markers.BASE_URL, AppPathService.getBaseUrl( request ) );
89          
90          if ( strBackUrl != null )
91          {
92              model.put( MARK_BACK_URL, strBackUrl );
93          }
94  
95          XPage xpage = getXPage( TEMPLATE_XPAGE, request.getLocale( ), model );
96          xpage.setStandalone( true );
97          return xpage;
98  
99      }
100 
101     private static String getBackUrl( HttpServletRequest request )
102     {
103         String strBackUrl = request.getParameter( PARAMETER_BACK_URL );
104         String[] listAuthorizedDomains = AppPropertiesService.getProperty( PROPERTY_AUTHORIZED_DOMAINS ).split( CONSTANT_COMMA );
105 
106         try 
107         {
108             URL url = new URL ( strBackUrl );
109             String strHost = url.getHost( );
110             for ( String strAuthorizedDomain : listAuthorizedDomains )
111             {
112                 if ( strHost.endsWith( strAuthorizedDomain ) )
113                 {
114                     return strBackUrl;
115                 }
116             }
117         } catch ( MalformedURLException ex) 
118         {
119             AppLogService.error( "Given back_url isn't a valid url " + strBackUrl, ex );
120         }
121         return null;
122     }
123 }