Java Code Examples for javax.servlet.http.HttpServletResponse#SC_FORBIDDEN

@EntityCustomAction(action = "presencetotals", viewKey = EntityView.VIEW_LIST)
public Map<String, SitePresenceTotal> handlePresenceTotals(EntityView view, Map<String, Object> params) {

    String userId = developerHelperService.getCurrentUserId();

    if (userId == null || userId.length() <= 0) {
        throw new EntityException("You must be logged in to list the reports", "", HttpServletResponse.SC_FORBIDDEN);
    }

    String siteId = view.getPathSegment(2);

    if (siteId == null || siteId.length() <= 0) {
        throw new EntityException("The totals request must include the site id", "", HttpServletResponse.SC_BAD_REQUEST);
    }

    if (log.isDebugEnabled()) {
        log.debug("SITE ID:" + siteId);
    }

    if (!developerHelperService.isUserAllowedInEntityReference("/user/" + userId, "sitestats.view", "/site/" + siteId)) {
        throw new EntityException("You don't have access to sitestats in this site", "", HttpServletResponse.SC_FORBIDDEN);
    }

    return statsManager.getPresenceTotalsForSite(siteId);
}
 

private void setNotAuthorized(HttpServletRequest req, HttpServletResponse resp, String resourceURL) throws IOException {
	String versionString = req.getHeader("Orion-Version"); //$NON-NLS-1$
	Version version = versionString == null ? null : new Version(versionString);

	// TODO: This is a workaround for calls
	// that does not include the WebEclipse version header
	String xRequestedWith = req.getHeader("X-Requested-With"); //$NON-NLS-1$

	String msg = "You are not authorized to access " + resourceURL;
	resp.setHeader("Cache-Control", "no-cache"); //$NON-NLS-1$ //$NON-NLS-2$
	if (version == null && !"XMLHttpRequest".equals(xRequestedWith)) { //$NON-NLS-1$
		resp.sendError(HttpServletResponse.SC_FORBIDDEN, msg);
	} else {
		resp.setContentType(ProtocolConstants.CONTENT_TYPE_JSON);
		ServerStatus serverStatus = new ServerStatus(IStatus.ERROR, HttpServletResponse.SC_FORBIDDEN, EncodingUtils.encodeForHTML(msg), null);
		resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
		resp.getWriter().print(serverStatus.toJSON().toString());
	}
}
 

private void validateStatusCode(SimpleHttpResponse httpResponse) throws InvalidResponseException {
    final int statusCode = httpResponse.getResponseCode();
    final String statusLine = httpResponse.getResponseMessage();
    if (statusCode == HttpServletResponse.SC_OK) {
        return;
    }
    if (statusCode == HttpServletResponse.SC_CREATED) {
        return;
    }

    String errMessage;
    switch (statusCode) {
    case HttpServletResponse.SC_NOT_FOUND:
        errMessage = String.format("Requesting path [%s] was not found.", httpResponse.getRequestPath());
        break;
    case HttpServletResponse.SC_UNAUTHORIZED:
        errMessage = String.format("Missing or incorrect credentials for path [%s].", httpResponse.getRequestPath());
        break;
    case HttpServletResponse.SC_FORBIDDEN:
        errMessage = String.format("Unauthorized request to path [%s].", httpResponse.getRequestPath());
        break;
    default:
        errMessage = String.format("Requesting path [%s] returns unexpected response.", httpResponse.getRequestPath());
    }
    errMessage += String.format(" Service returned [%d] [%s].", statusCode, statusLine);

    throw new InvalidResponseException(errMessage);
}
 

protected Map<String, Object> login(final String username, String password)
{
    try
    {
        // get ticket
        authenticationService.authenticate(username, password.toCharArray());

        eventPublisher.publishEvent(new EventPreparator(){
            @Override
            public Event prepareEvent(String user, String networkId, String transactionId)
            {
            	// TODO need to fix up to pass correct seqNo and alfrescoClientId
                return new RepositoryEventImpl(-1l, "login", transactionId, networkId, new Date().getTime(),
                		username, null);
            }
        });
        
        // add ticket to model for javascript and template access
        Map<String, Object> model = new HashMap<String, Object>(7, 1.0f);
        model.put("username", username);
        model.put("ticket",  authenticationService.getCurrentTicket());
        
        return model;
    }
    catch(AuthenticationException e)
    {
        throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "Login failed");
    }
    finally
    {
        AuthenticationUtil.clearCurrentSecurityContext();
    }
}
 

protected ParticipantId getLoggedInUser(HttpServletRequest req) throws ServiceException {
	ParticipantId pid = sessionManager.getLoggedInUser(req);
	if (pid == null) {
		throw new ServiceException("Can't retrieve logged in user", HttpServletResponse.SC_FORBIDDEN, RC_ACCOUNT_NOT_LOGGED_IN);
	}
	return pid;
}
 

@Override
protected Map<String, Object> executeImpl(final WebScriptRequest req, Status status, Cache cache)
{
    if (! isEnabled())
    {
        throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "QuickShare is disabled system-wide");
    }
    
    // create map of params (template vars)
    Map<String, String> params = req.getServiceMatch().getTemplateVars();
    final String sharedId = params.get("shared_id");
    if (sharedId == null)
    {
        throw new WebScriptException(HttpServletResponse.SC_BAD_REQUEST, "A valid sharedId must be specified !");
    }
    
    try
    {
        boolean canRead = quickShareService.canRead(sharedId);
        Map<String, Object> result = new HashMap<String, Object>();
        result.put("canRead", canRead);
        return result;            
    }
    catch (InvalidSharedIdException ex)
    {
        logger.error("Unable to find: "+sharedId);
        throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: "+sharedId);
    }
    catch (InvalidNodeRefException inre)
    {
        logger.error("Unable to find: "+sharedId+" ["+inre.getNodeRef()+"]");
        throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: "+sharedId);
    }
}
 

/**
 * Determine if the request is relative to a video widget.
 *
 * @param request the servlet request
 * @return true if the request is relative to a video widget
 */
boolean proxyingVideoWidget(HttpServletRequest request) {
    try {
        String sitemapName = request.getParameter("sitemap");
        if (sitemapName == null) {
            throw new ProxyServletException(HttpServletResponse.SC_BAD_REQUEST,
                    "Parameter 'sitemap' must be provided!");
        }

        String widgetId = request.getParameter("widgetId");
        if (widgetId == null) {
            throw new ProxyServletException(HttpServletResponse.SC_BAD_REQUEST,
                    "Parameter 'widgetId' must be provided!");
        }

        Sitemap sitemap = (Sitemap) modelRepository.getModel(sitemapName);
        if (sitemap == null) {
            throw new ProxyServletException(HttpServletResponse.SC_NOT_FOUND,
                    String.format("Sitemap '%s' could not be found!", sitemapName));
        }

        Widget widget = itemUIRegistry.getWidget(sitemap, widgetId);
        if (widget == null) {
            throw new ProxyServletException(HttpServletResponse.SC_NOT_FOUND,
                    String.format("Widget '%s' could not be found!", widgetId));
        }

        if (widget instanceof Image) {
            return false;
        } else if (widget instanceof Video) {
            return true;
        } else {
            throw new ProxyServletException(HttpServletResponse.SC_FORBIDDEN,
                    String.format("Widget type '%s' is not supported!", widget.getClass().getName()));
        }
    } catch (ProxyServletException pse) {
        request.setAttribute(ATTR_SERVLET_EXCEPTION, pse);
        return false;
    }
}
 

@Override
protected void doFilter(FilterChain filterChain, HttpServletRequest request,
    HttpServletResponse response) throws IOException, ServletException {
  String userName = request.getRemoteUser();
  LOG.debug("Authenticating user: " + userName + " from request.");
  if (!allowUsers.contains(userName)) {
    response.sendError(HttpServletResponse.SC_FORBIDDEN,
        "Unauthorized user status code: " + HttpServletResponse.SC_FORBIDDEN);
    throw new ServletException(userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN);
  }
  super.doFilter(filterChain, request, response);
}
 

private ServerStatus canAccess(IPath contentPath) throws CoreException {
	String accessLocation = "/file/" + contentPath.toString(); //$NON-NLS-1$
	if (contentPath.segmentCount() < 1)
		return new ServerStatus(IStatus.ERROR, HttpServletResponse.SC_FORBIDDEN, "Forbidden access to application contents", null);

	if (!AuthorizationService.checkRights(userId, accessLocation, "GET")) //$NON-NLS-1$
		return new ServerStatus(IStatus.ERROR, HttpServletResponse.SC_FORBIDDEN, "Forbidden access to application contents", null);
	else
		return new ServerStatus(Status.OK_STATUS, HttpServletResponse.SC_OK);
}
 

private Object[] doAppChecks(App app, HttpServletRequest request) {
	if (app == null) {
		return new Object[]{HttpServletResponse.SC_NOT_FOUND, "App not found."};
	}
	if (!app.getActive()) {
		return new Object[]{HttpServletResponse.SC_FORBIDDEN,
			Utils.formatMessage("App not active. [{0}]", app.getId())};
	}
	if (app.getReadOnly() && isWriteRequest(request)) {
		return new Object[]{HttpServletResponse.SC_FORBIDDEN,
			Utils.formatMessage("App is in read-only mode. [{0}]", app.getId())};
	}
	return null;
}
 

private String generateErrorInfo(int statusCode) {
    if (statusCode == HttpServletResponse.SC_OK) {
        return "";
    } else if (statusCode == HttpServletResponse.SC_NOT_FOUND) {
        return "未能找到配置文件";
    } else if (statusCode == HttpServletResponse.SC_FORBIDDEN) {
        return "无访问权限";
    } else if (statusCode == HttpServletResponse.SC_INTERNAL_SERVER_ERROR) {
        return "系统异常";
    } else {
        return "返回状态码为 " + statusCode;
    }
}
 

/**
 *  Lists the available reports
 */
@EntityCustomAction(action = "listreports", viewKey = EntityView.VIEW_LIST)
public List<StrippedReportDef> handleListReports(EntityView view, Map<String, Object> params) {

    String userId = developerHelperService.getCurrentUserId();

    if (userId == null || userId.length() <= 0) {
        throw new EntityException("You must be logged in to list the reports", "", HttpServletResponse.SC_FORBIDDEN);
    }

    String siteId = view.getPathSegment(2);

    if (siteId == null || siteId.length() <= 0) {
        throw new EntityException("The reports request must include the site id", "", HttpServletResponse.SC_BAD_REQUEST);
    }

    if (log.isDebugEnabled()) {
        log.debug("SITE ID:" + siteId);
    }

    if (!developerHelperService.isUserAllowedInEntityReference("/user/" + userId, "sitestats.view", "/site/" + siteId)) {
        throw new EntityException("You don't have access to sitestats in this site", "", HttpServletResponse.SC_FORBIDDEN);
    }

    List<StrippedReportDef> stripped = new ArrayList<StrippedReportDef>();

    for (ReportDef rd : reportManager.getReportDefinitions(siteId, true, false)) {
        stripped.add(new StrippedReportDef(rd));
    }

    return stripped;
}
 

@EntityCustomAction(action = "setGrade", viewKey = EntityView.VIEW_NEW)
public ActionReturn setGrade(Map<String, Object> params) {

    String userId = sessionManager.getCurrentSessionUserId();

    if (StringUtils.isBlank(userId)) {
        log.warn("setGrade attempt when not logged in");
        throw new EntityException("You need to be logged in to set grades", "", HttpServletResponse.SC_UNAUTHORIZED);
    }

    String courseId = (String) params.get("courseId");
    String gradableId = (String) params.get("gradableId");
    String grade = (String) params.get("grade");
    String studentId = (String) params.get("studentId");
    String submissionId = (String) params.get("submissionId");
    if (StringUtils.isBlank(courseId) || StringUtils.isBlank(gradableId)
            || grade == null || StringUtils.isBlank(studentId) || StringUtils.isBlank(submissionId)) {
        throw new EntityException("You need to supply the courseId, gradableId, studentId and grade", "", HttpServletResponse.SC_BAD_REQUEST);
    }

    AssignmentSubmission submission = null;
    try {
        submission = assignmentService.getSubmission(submissionId);
    } catch (IdUnusedException iue) {
        throw new EntityException("submissionId not found.", "", HttpServletResponse.SC_BAD_REQUEST);
    } catch (PermissionException pe) {
        throw new EntityException("You don't have permissions read submission " + submissionId, "", HttpServletResponse.SC_FORBIDDEN);
    }


    String privateNotes = (String) params.get("privateNotes");
    String feedbackText = (String) params.get("feedbackText");
    String feedbackComment = (String) params.get("feedbackComment");

    String gradeOption = (String) params.get("gradeOption");
    gradeOption = StringUtils.isBlank(gradeOption) ? SUBMISSION_OPTION_SAVE : gradeOption;

    String resubmitNumber = (String) params.get("resubmitNumber");
    String resubmitDate = (String) params.get("resubmitDate");

    List<String> alerts = new ArrayList<>();

    Assignment assignment = submission.getAssignment();

    if (assignment.getTypeOfGrade() == Assignment.GradeType.SCORE_GRADE_TYPE) {
        grade = assignmentToolUtils.scalePointGrade(grade, assignment.getScaleFactor(), alerts);
    } else if (assignment.getTypeOfGrade() == Assignment.GradeType.PASS_FAIL_GRADE_TYPE && grade.equals("ungraded")) {
        grade = null;
    }

    Map<String, Object> options = new HashMap<>();
    options.put(GRADE_SUBMISSION_GRADE, grade);
    options.put(GRADE_SUBMISSION_FEEDBACK_TEXT, feedbackText);
    options.put(GRADE_SUBMISSION_FEEDBACK_COMMENT, feedbackComment);
    options.put(GRADE_SUBMISSION_PRIVATE_NOTES, privateNotes);
    options.put(WITH_GRADES, true);
    options.put(ALLOW_RESUBMIT_NUMBER, resubmitNumber);

    if (!StringUtils.isBlank(resubmitDate)) {
        options.put(ALLOW_RESUBMIT_CLOSE_EPOCH_MILLIS, resubmitDate);
    }

    Set<String> attachmentKeys
        = params.keySet().stream().filter(k -> k.startsWith("attachment")).collect(Collectors.toSet());

    final List<Reference> attachmentRefs = attachmentKeys.stream().map(k -> {
        FileItem item = (FileItem) params.get(k);
        try {
            // make a set of properties to add for the new resource
            ResourcePropertiesEdit props = contentHostingService.newResourceProperties();
            props.addProperty(ResourceProperties.PROP_DISPLAY_NAME, item.getName());
            props.addProperty(ResourceProperties.PROP_DESCRIPTION, item.getName());
            ContentResource cr = contentHostingService.addAttachmentResource(item.getName(),
                courseId, "Assignments", item.getContentType(), item.getInputStream(), props);

            return entityManager.newReference(cr.getReference());
        } catch (Exception e) {
            throw new EntityException("Error while storing attachments", "", HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }
    }).collect(Collectors.toList());

    options.put(GRADE_SUBMISSION_FEEDBACK_ATTACHMENT,  attachmentRefs);

    options.put(GRADE_SUBMISSION_DONT_CLEAR_CURRENT_ATTACHMENTS, Boolean.TRUE);

    // Add any rubrics params
    params.keySet().stream().filter(k -> k.startsWith(RubricsConstants.RBCS_PREFIX)).forEach(k -> options.put(k, params.get(k)));

    options.put("siteId", (String) params.get("siteId"));

    submission = assignmentToolUtils.gradeSubmission(submission, gradeOption, options, alerts);

    boolean anonymousGrading = assignmentService.assignmentUsesAnonymousGrading(assignment);

    if (submission != null) {
        return new ActionReturn(new SimpleSubmission(submission, anonymousGrading));
    } else {
        throw new EntityException("Failed to set grade on " + submissionId, "", HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    }
}
 

@Override
public int setErrorParameter(BeforeEnterEvent event, ErrorParameter<AccessDeniedException> parameter) {
    getElement().setText(ERROR_MESSAGE);
    return HttpServletResponse.SC_FORBIDDEN;
}
 

@EntityCustomAction(action = "grades", viewKey = EntityView.VIEW_LIST)
public ActionReturn getGrades(Map<String, Object> params) {

    String userId = sessionManager.getCurrentSessionUserId();

    if (StringUtils.isBlank(userId)) {
        log.warn("getGrades attempt when not logged in");
        throw new EntityException("You need to be logged in to get grades", "", HttpServletResponse.SC_UNAUTHORIZED);
    }

    String courseId = (String) params.get("courseId");
    String gradableId = (String) params.get("gradableId");

    if (StringUtils.isBlank(courseId) || StringUtils.isBlank(gradableId)) {
        throw new EntityException("You need to supply a courseId and a gradableId", "", HttpServletResponse.SC_BAD_REQUEST);
    }

    Site site = null;
    try {
        site = siteService.getSite(courseId);
    } catch (IdUnusedException iue) {
        throw new EntityException("The courseId (site id) you supplied is invalid", "", HttpServletResponse.SC_BAD_REQUEST);
    }

    if (!securityService.unlock(userId, SECURE_GRADE_ASSIGNMENT_SUBMISSION, "/site/" + courseId)) {
        throw new EntityException("You don't have permission to get grades", "", HttpServletResponse.SC_FORBIDDEN);
    }

    Assignment assignment;

    try {
        assignment = assignmentService.getAssignment(gradableId);
    } catch (IdUnusedException idue) {
        throw new EntityException("No gradable for id " + gradableId, "", HttpServletResponse.SC_BAD_REQUEST);
    } catch (PermissionException pe) {
        throw new EntityException("You don't have permission to read the assignment", "", HttpServletResponse.SC_FORBIDDEN);
    }

    // A map of submissionId -> grade
    Map<String, String> grades = assignment.getSubmissions().stream().collect(Collectors.toMap(s -> s.getId(), s -> {

        Set<AssignmentSubmissionSubmitter> submitters = s.getSubmitters();

        if (submitters.size() > 0) {
            if (assignment.getTypeOfGrade() == Assignment.GradeType.PASS_FAIL_GRADE_TYPE) {
                return s.getGrade() == null ? "ungraded" : s.getGrade();
            } else {
                return assignmentService.getGradeDisplay(s.getGrade(), assignment.getTypeOfGrade(), assignment.getScaleFactor());
            }
        } else {
            return "";
        }
    }));

    Map<String, GraderUser> students = new HashMap<>();
    try {
        for (String studentId : site.getUsersIsAllowed(SECURE_ADD_ASSIGNMENT_SUBMISSION)) {
            students.put(studentId, new GraderUser(userDirectoryService.getUser(studentId)));
        }
    } catch (UserNotDefinedException e) {
        throw new EntityException("Failed to setup user", courseId);
    }

    Map<String, Object> data = new HashMap<>();
    data.put("students", students);
    data.put("grades", grades);

    return new ActionReturn(data);
}
 

protected void checkAnySession(HttpServletRequest req) throws ServiceException {
  if (sessionManager.listLoggedInUsers(req).isEmpty())
    throw new ServiceException("No active sessions found in the browser", HttpServletResponse.SC_FORBIDDEN, RC_ACCOUNT_NOT_LOGGED_IN);
}
 

/**
 * Determine if the request is relative to a video widget.
 *
 * @param request the servlet request
 * @return true if the request is relative to a video widget
 */
boolean proxyingVideoWidget(HttpServletRequest request) {

    boolean proxyingVideo = false;

    try {
        String sitemapName = request.getParameter("sitemap");
        if (sitemapName == null) {
            throw new ProxyServletException(HttpServletResponse.SC_BAD_REQUEST,
                    "Parameter 'sitemap' must be provided!");
        }

        String widgetId = request.getParameter("widgetId");
        if (widgetId == null) {
            throw new ProxyServletException(HttpServletResponse.SC_BAD_REQUEST,
                    "Parameter 'widgetId' must be provided!");
        }

        Sitemap sitemap = (Sitemap) modelRepository.getModel(sitemapName);
        if (sitemap == null) {
            throw new ProxyServletException(HttpServletResponse.SC_NOT_FOUND,
                    String.format("Sitemap '%s' could not be found!", sitemapName));
        }

        Widget widget = itemUIRegistry.getWidget(sitemap, widgetId);
        if (widget == null) {
            throw new ProxyServletException(HttpServletResponse.SC_NOT_FOUND,
                    String.format("Widget '%s' could not be found!", widgetId));
        }

        if (widget instanceof Image) {
        } else if (widget instanceof Video) {
            proxyingVideo = true;
        } else {
            throw new ProxyServletException(HttpServletResponse.SC_FORBIDDEN,
                    String.format("Widget type '%s' is not supported!", widget.getClass().getName()));
        }
    } catch (ProxyServletException pse) {
        request.setAttribute(ATTR_SERVLET_EXCEPTION, pse);
    }
    return proxyingVideo;
}
 

@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
{
    if (! isEnabled())
    {
        throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "QuickShare is disabled system-wide");
    }
    
    // create map of params (template vars)
    Map<String, String> params = req.getServiceMatch().getTemplateVars();
    final String sharedId = params.get("shared_id");
    if (sharedId == null)
    {
        throw new WebScriptException(HttpServletResponse.SC_BAD_REQUEST, "A valid sharedId must be specified !");
    }
    
    try
    {
        Pair<String, NodeRef> pair = quickShareService.getTenantNodeRefFromSharedId(sharedId);
        final String tenantDomain = pair.getFirst();
        final NodeRef nodeRef = pair.getSecond();
        
        String siteId = siteService.getSiteShortName(nodeRef);
        
        Map<String, Object> model = new HashMap<String, Object>(3);
        model.put("sharedId", sharedId);
        model.put("nodeRef", nodeRef.toString());
        model.put("siteId", siteId);
        model.put("tenantDomain", tenantDomain);
        
        if (logger.isInfoEnabled())
        {
            logger.info("QuickShare - get shared context: "+sharedId+" ["+model+"]");
        }
        
        return model;
    }
    catch (InvalidNodeRefException inre)
    {
        logger.error("Unable to find: "+sharedId+" ["+inre.getNodeRef()+"]");
        throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: "+sharedId);
    }
}
 

private static RestException fromStatusRuntimeException(StatusRuntimeException e) {
    int statusCode;
    switch (e.getStatus().getCode()) {
        case OK:
            statusCode = HttpServletResponse.SC_OK;
            break;
        case INVALID_ARGUMENT:
            statusCode = HttpServletResponse.SC_BAD_REQUEST;
            break;
        case DEADLINE_EXCEEDED:
            statusCode = HttpServletResponse.SC_REQUEST_TIMEOUT;
            break;
        case NOT_FOUND:
            statusCode = HttpServletResponse.SC_NOT_FOUND;
            break;
        case ALREADY_EXISTS:
            statusCode = HttpServletResponse.SC_CONFLICT;
            break;
        case PERMISSION_DENIED:
            statusCode = HttpServletResponse.SC_FORBIDDEN;
            break;
        case RESOURCE_EXHAUSTED:
            statusCode = TOO_MANY_REQUESTS;
            break;
        case FAILED_PRECONDITION:
            statusCode = HttpServletResponse.SC_CONFLICT;
            break;
        case UNIMPLEMENTED:
            statusCode = HttpServletResponse.SC_NOT_IMPLEMENTED;
            break;
        case UNAVAILABLE:
            statusCode = HttpServletResponse.SC_SERVICE_UNAVAILABLE;
            break;
        case UNAUTHENTICATED:
            statusCode = HttpServletResponse.SC_UNAUTHORIZED;
            break;
        default:
            statusCode = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
    }
    return RestException.newBuilder(statusCode, e.getMessage())
            .withCause(e)
            .build();
}
 

public PatchOnFinalUploadNotAllowedException(String message) {
    super(HttpServletResponse.SC_FORBIDDEN, message);
}