001 /* 002 * Copyright 2011 The Kuali Foundation. 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 package org.kuali.kfs.sec.web.struts; 017 018 import java.text.MessageFormat; 019 020 import javax.servlet.http.HttpServletRequest; 021 import javax.servlet.http.HttpServletResponse; 022 023 import org.apache.commons.lang.StringUtils; 024 import org.apache.struts.action.ActionForm; 025 import org.apache.struts.action.ActionForward; 026 import org.apache.struts.action.ActionMapping; 027 import org.apache.struts.config.ExceptionConfig; 028 import org.kuali.kfs.sec.SecConstants; 029 import org.kuali.kfs.sec.SecKeyConstants; 030 import org.kuali.kfs.sec.businessobject.AccessSecurityRestrictionInfo; 031 import org.kuali.kfs.sys.KFSConstants; 032 import org.kuali.kfs.sys.context.SpringContext; 033 import org.kuali.rice.kns.service.KualiConfigurationService; 034 import org.kuali.rice.kns.util.GlobalVariables; 035 import org.kuali.rice.kns.web.struts.pojo.StrutsExceptionIncidentHandler; 036 037 038 /** 039 * Checks for security access exception and forwards to security access error page 040 */ 041 public class SecurityExceptionIncidentHandler extends StrutsExceptionIncidentHandler { 042 043 /** 044 * @see org.kuali.rice.kns.web.struts.pojo.StrutsExceptionIncidentHandler#execute(java.lang.Exception, org.apache.struts.config.ExceptionConfig, 045 * org.apache.struts.action.ActionMapping, org.apache.struts.action.ActionForm, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) 046 */ 047 @Override 048 public ActionForward execute(Exception exception, ExceptionConfig exceptionConfig, ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) { 049 AccessSecurityRestrictionInfo restrictionInfo = (AccessSecurityRestrictionInfo) GlobalVariables.getUserSession().retrieveObject(SecConstants.OPEN_DOCUMENT_SECURITY_ACCESS_DENIED_ERROR_KEY); 050 if (restrictionInfo != null) { 051 String accessMessage = SpringContext.getBean(KualiConfigurationService.class).getPropertyString(SecKeyConstants.MESSAGE_OPEN_DOCUMENT_RESTRICTED); 052 accessMessage = StringUtils.replace(accessMessage, "{0}", GlobalVariables.getUserSession().getPrincipalName()); 053 accessMessage = StringUtils.replace(accessMessage, "{1}", restrictionInfo.getDocumentNumber()); 054 accessMessage = StringUtils.replace(accessMessage, "{2}", restrictionInfo.getPropertyLabel()); 055 accessMessage = StringUtils.replace(accessMessage, "{3}", restrictionInfo.getRetrictedValue()); 056 request.setAttribute(SecConstants.ACCESS_ERROR_STRING_REQUEST_KEY, accessMessage); 057 058 GlobalVariables.getUserSession().removeObject(SecConstants.OPEN_DOCUMENT_SECURITY_ACCESS_DENIED_ERROR_KEY); 059 060 return mapping.findForward(SecConstants.ACCESS_DENIED_ERROR_FORWARD); 061 } 062 063 return super.execute(exception, exceptionConfig, mapping, form, request, response); 064 } 065 066 }