API tools faq
paste
Advertisement
tko_pb

HttpSecureAppServlet

tko_pb
Nov 15th, 2018
401
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 59.05 KB | None | 0 0
raw download clone embed print report
  1. package org.openbravo.base.secureApp;
  2. /*
  3.  ************************************************************************************
  4.  * Copyright (C) 2001-2017 Openbravo S.L.U.
  5.  * Licensed under the Apache Software License version 2.0
  6.  * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
  7.  * Unless required by applicable law or agreed to  in writing,  software  distributed
  8.  * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
  9.  * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
  10.  * specific language governing permissions and limitations under the License.
  11.  ************************************************************************************
  12.  */
  13.  
  14.  
  15. import java.io.File;
  16. import java.io.FileOutputStream;
  17. import java.io.IOException;
  18. import java.io.OutputStream;
  19. import java.io.PrintWriter;
  20. import java.text.DecimalFormat;
  21. import java.text.DecimalFormatSymbols;
  22. import java.util.HashMap;
  23. import java.util.Locale;
  24. import java.util.Map;
  25. import java.util.Properties;
  26. import java.util.UUID;
  27.  
  28. import javax.servlet.RequestDispatcher;
  29. import javax.servlet.ServletConfig;
  30. import javax.servlet.ServletException;
  31. import javax.servlet.ServletOutputStream;
  32. import javax.servlet.http.HttpServletRequest;
  33. import javax.servlet.http.HttpServletResponse;
  34. import javax.servlet.http.HttpSession;
  35.  
  36. import org.codehaus.jettison.json.JSONObject;
  37. import org.hibernate.criterion.Restrictions;
  38. import org.openbravo.authentication.AuthenticationException;
  39. import org.openbravo.authentication.AuthenticationManager;
  40. import org.openbravo.base.HttpBaseServlet;
  41. import org.openbravo.base.HttpBaseUtils;
  42. import org.openbravo.base.exception.OBException;
  43. import org.openbravo.base.secureApp.LoginUtils.RoleDefaults;
  44. import org.openbravo.base.session.OBPropertiesProvider;
  45. import org.openbravo.client.application.report.ReportingUtils;
  46. import org.openbravo.client.application.report.ReportingUtils.ExportType;
  47. import org.openbravo.client.kernel.RequestContext;
  48. import org.openbravo.dal.core.OBContext;
  49. import org.openbravo.dal.service.OBCriteria;
  50. import org.openbravo.dal.service.OBDal;
  51. import org.openbravo.data.FieldProvider;
  52. import org.openbravo.data.ScrollableFieldProvider;
  53. import org.openbravo.database.ConnectionProvider;
  54. import org.openbravo.database.SessionInfo;
  55. import org.openbravo.erpCommon.obps.ActivationKey;
  56. import org.openbravo.erpCommon.obps.ActivationKey.FeatureRestriction;
  57. import org.openbravo.erpCommon.obps.ActivationKey.LicenseRestriction;
  58. import org.openbravo.erpCommon.security.UsageAudit;
  59. import org.openbravo.erpCommon.utility.JRFieldProviderDataSource;
  60. import org.openbravo.erpCommon.utility.JRScrollableFieldProviderDataSource;
  61. import org.openbravo.erpCommon.utility.OBError;
  62. import org.openbravo.erpCommon.utility.OBMessageUtils;
  63. import org.openbravo.erpCommon.utility.PrintJRData;
  64. import org.openbravo.erpCommon.utility.Utility;
  65. import org.openbravo.model.ad.system.SystemInformation;
  66. import org.openbravo.model.ad.ui.Form;
  67. import org.openbravo.model.ad.ui.FormTrl;
  68. import org.openbravo.model.ad.ui.Process;
  69. import org.openbravo.model.ad.ui.ProcessTrl;
  70. import org.openbravo.model.ad.ui.Tab;
  71. import org.openbravo.model.ad.ui.WindowTrl;
  72. import org.openbravo.service.db.DalConnectionProvider;
  73. import org.openbravo.service.web.UserContextCache;
  74. import org.openbravo.utils.FileUtility;
  75. import org.openbravo.utils.Replace;
  76. import org.openbravo.xmlEngine.XmlDocument;
  77. import org.openbravo.base.secureApp.VariablesSecureApp;
  78.  
  79. import net.sf.jasperreports.engine.JRDataSource;
  80.  
  81. public class HttpSecureAppServlet extends HttpBaseServlet {
  82.   private static final long serialVersionUID = 1L;
  83.   protected boolean boolHist = true;
  84.   // String myTheme = "";
  85.   protected ClassInfoData classInfo;
  86.   private AuthenticationManager m_AuthManager = null;
  87.  
  88.   private String servletClass = this.getClass().getName();
  89.  
  90.   private class Variables extends VariablesHistory {
  91.     private String loggingIn;
  92.  
  93.     public Variables(HttpServletRequest request) {
  94.       super(request);
  95.       loggingIn = getSessionValue("#loggingIn");
  96.     }
  97.  
  98.     public void updateHistory(HttpServletRequest request) {
  99.       if (boolHist) {
  100.         String sufix = getCurrentHistoryIndex();
  101.         if (!(servletClass.equals(getSessionValue("reqHistory.servlet" + sufix, "")))) {
  102.           upCurrentHistoryIndex();
  103.           sufix = getCurrentHistoryIndex();
  104.           setSessionValue("reqHistory.servlet" + sufix, servletClass);
  105.           setSessionValue("reqHistory.path" + sufix, request.getServletPath());
  106.           setSessionValue("reqHistory.command" + sufix, "DEFAULT");
  107.         }
  108.       }
  109.     }
  110.  
  111.     public void setHistoryCommand(String strCommand) {
  112.       final String sufix = getCurrentHistoryIndex();
  113.       setSessionValue("reqHistory.command" + sufix, strCommand);
  114.     }
  115.  
  116.     // Note, see LoginUtils.fillSessionArguments which sets the loggingIn
  117.     // session var to N explicitly
  118.     public boolean isLoggingIn() {
  119.       return loggingIn == null || loggingIn.equals("") || loggingIn.equals("Y");
  120.     }
  121.   }
  122.  
  123.   @Override
  124.   public void init(ServletConfig config) {
  125.     super.init(config);
  126.  
  127.     m_AuthManager = AuthenticationManager.getAuthenticationManager(this);
  128.  
  129.     try {
  130.       log4j.debug("Initializing Servlet " + this.getClass());
  131.  
  132.       if (classInfo == null) {
  133.         // do not use DAL at this point: it's not guaranteed to be executed within a Servlet request
  134.         ClassInfoData[] classInfoAux = ClassInfoData.select(this, this.getClass().getName());
  135.         if (classInfoAux != null && classInfoAux.length > 0) {
  136.           classInfo = classInfoAux[0];
  137.         } else {
  138.           classInfoAux = ClassInfoData.set();
  139.           classInfo = classInfoAux[0];
  140.         }
  141.       }
  142.     } catch (final Exception ex) {
  143.       log4j.error("Error initializing Servlet " + this.getClass(), ex);
  144.       ClassInfoData[] classInfoAux;
  145.       try {
  146.         classInfoAux = ClassInfoData.set();
  147.         classInfo = classInfoAux[0];
  148.       } catch (ServletException e) {
  149.         log4j.error("Error initializing Servlet " + this.getClass(), ex);
  150.       }
  151.     }
  152.   }
  153.  
  154.   /**
  155.    * Sets information about the artifact the servlet is for. This method is called from generated
  156.    * 2.50 windows to set tab and module, before calling this init, so it is not needed to query
  157.    * database to retrieve this info.
  158.    *
  159.    */
  160.   protected void setClassInfo(String type, String id, String module) {
  161.     classInfo = new ClassInfoData();
  162.     classInfo.type = type;
  163.     classInfo.id = id;
  164.     classInfo.adModuleId = module;
  165.   }
  166.  
  167.   @Override
  168.   public void service(HttpServletRequest request, HttpServletResponse response) throws IOException,
  169.       ServletException {
  170.  
  171.     final boolean sessionExists = request.getSession(false) != null;
  172.  
  173.     AllowedCrossDomainsHandler.getInstance().setCORSHeaders(request, response);
  174.  
  175.     // don't process any further requests otherwise sessions are created for OPTIONS
  176.     // requests, the cors headers have already been set so can return
  177.     if (request.getMethod().equals("OPTIONS")) {
  178.       return;
  179.     }
  180.  
  181.     Variables variables = new Variables(request);
  182.  
  183.     // VariablesSecureApp vars = new VariablesSecureApp(request);
  184.  
  185.     // bdErrorGeneral(response, "Error", "No access");
  186.  
  187.     if (log4j.isDebugEnabled())
  188.       log4j.debug("class info type: " + classInfo.type + " - ID: " + classInfo.id);
  189.     String strAjax = "";
  190.     String strHidden = "";
  191.     String strPopUp = "";
  192.     try {
  193.       strAjax = request.getParameter("IsAjaxCall");
  194.     } catch (final Exception ignored) {
  195.     }
  196.     try {
  197.       strHidden = request.getParameter("IsHiddenCall");
  198.     } catch (final Exception ignored) {
  199.     }
  200.     try {
  201.       strPopUp = request.getParameter("IsPopUpCall");
  202.     } catch (final Exception ignored) {
  203.     }
  204.  
  205.     String strUserAuth;
  206.  
  207.     ConnectionProvider cp = new DalConnectionProvider(false);
  208.     try {
  209.  
  210.       OBContext.setAdminMode();
  211.  
  212.       strUserAuth = m_AuthManager.authenticate(request, response);
  213.       if (strUserAuth == null && request.getSession(false) != null
  214.           && "Y".equals(request.getSession().getAttribute("forceLogin"))) {
  215.         strUserAuth = "0";
  216.         variables.loggingIn = "Y";
  217.       }
  218.  
  219.       if (strUserAuth == null) {
  220.         if (AuthenticationManager.isStatelessRequest(request)) {
  221.           response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  222.         }
  223.         // auth-manager return null after redirecting to the login page -> stop request-processing
  224.         return;
  225.       }
  226.  
  227.       // if stateless then stop here, the remaining logic uses the httpsession
  228.       if (AuthenticationManager.isStatelessRequest(request)) {
  229.         if (areThereLicenseRestrictions(null)) {
  230.           throw new AuthenticationException("No valid license");
  231.         }
  232.         // make sure that there is an OBContext for the logged in user also in case of stateless
  233.         // requests
  234.         if (OBContext.getOBContext() == null
  235.             || !strUserAuth.equals(OBContext.getOBContext().getUser().getId())) {
  236.           OBContext.setOBContext(UserContextCache.getInstance().getCreateOBContext(strUserAuth));
  237.         }
  238.         super.serviceInitialized(request, response);
  239.         return;
  240.       }
  241.  
  242.       variables = new Variables(request); // Rebuild variable, auth-mgr could set the role
  243.  
  244.       boolean loggedOK = false;
  245.  
  246.       // NOTE !isLoggingIn assumes that the value of LoggingIn is N, this
  247.       // is done by the fillSessionArguments below
  248.       if (!variables.isLoggingIn()) {
  249.         // log in process is completed, check whether the session in db is still active
  250.         loggedOK = SeguridadData.loggedOK(cp, variables.getDBSession());
  251.         if (!loggedOK) {
  252.           if (request.getSession(false) != null
  253.               && "Y".equals(request.getSession().getAttribute("forceLogin"))) {
  254.             variables.loggingIn = "Y";
  255.             loggedOK = true;
  256.           } else {
  257.             logout(request, response);
  258.             return;
  259.           }
  260.         }
  261.       }
  262.  
  263.       if (strUserAuth != null) {
  264.         if (!loggedOK) {
  265.           String strLanguage = "";
  266.           String strIsRTL = "";
  267.           String strRole = "";
  268.           String strClient = "";
  269.           String strOrg = "";
  270.           String strWarehouse = "";
  271.  
  272.           SystemInformation sysInfo = OBDal.getInstance().get(SystemInformation.class, "0");
  273.           boolean correctSystemStatus = sysInfo.getSystemStatus() == null
  274.               || this.globalParameters.getOBProperty("safe.mode", "false")
  275.                   .equalsIgnoreCase("false") || sysInfo.getSystemStatus().equals("RB70");
  276.  
  277.           final VariablesSecureApp vars = new VariablesSecureApp(request, false);
  278.           boolean onlySystemAdminAvailable = "Y".equals(vars
  279.               .getSessionValue("onlySystemAdminRoleShouldBeAvailableInErp"));
  280.           // We check if there is a Openbravo Professional Subscription restriction in the license,
  281.           // or if the last rebuild didn't go well. If any of these are true, then the user is
  282.           // allowed to login only as system administrator
  283.           if (areThereLicenseRestrictions(variables.getDBSession()) || !correctSystemStatus
  284.               || onlySystemAdminAvailable) {
  285.             // it is only allowed to log as system administrator
  286.             strRole = DefaultOptionsData.getDefaultSystemRole(cp, strUserAuth);
  287.             if (strRole == null || strRole.equals("")) {
  288.               final OBError roleError = new OBError();
  289.               roleError.setType("Error");
  290.               roleError.setMessage(Utility.messageBD(cp, "SystemLoginRequired",
  291.                   variables.getLanguage()));
  292.               invalidLogin(request, response, roleError);
  293.  
  294.               return;
  295.             }
  296.             strClient = "0";
  297.             strOrg = "0";
  298.             strWarehouse = "";
  299.           } else {
  300.             RoleDefaults defaults = LoginUtils.getLoginDefaults(strUserAuth, variables.getRole(),
  301.                 cp);
  302.             strRole = defaults.role;
  303.             strClient = defaults.client;
  304.             strOrg = defaults.org;
  305.             strWarehouse = defaults.warehouse;
  306.           }
  307.  
  308.           DefaultOptionsData dataLanguage[] = DefaultOptionsData.defaultLanguage(cp, strUserAuth);
  309.           if (dataLanguage != null && dataLanguage.length > 0) {
  310.             strLanguage = dataLanguage[0].getField("DEFAULT_AD_LANGUAGE");
  311.             strIsRTL = dataLanguage[0].getField("ISRTL");
  312.           }
  313.           if (strLanguage == null || strLanguage.equals("")) {
  314.             dataLanguage = DefaultOptionsData.getDefaultLanguage(cp);
  315.             if (dataLanguage != null && dataLanguage.length > 0) {
  316.               strLanguage = dataLanguage[0].getField("AD_LANGUAGE");
  317.               strIsRTL = dataLanguage[0].getField("ISRTL");
  318.             }
  319.           }
  320.  
  321.           // note fill session arguments will set the LOGGINGIN session var
  322.           // to N
  323.           if (LoginUtils.fillSessionArguments(cp, vars, strUserAuth, strLanguage, strIsRTL,
  324.               strRole, strClient, strOrg, strWarehouse)) {
  325.             readProperties(vars);
  326.             readNumberFormat(vars, globalParameters.getFormatPath());
  327.             LoginUtils.saveLoginBD(request, vars, "0", "0");
  328.           } else {
  329.             // Re-login
  330.             log4j.error("Unable to fill session Arguments for: " + strUserAuth);
  331.             logout(request, response);
  332.             return;
  333.           }
  334.  
  335.           // Login process if finished, set the flag as not logging in
  336.           // this flag may not be removed from the session, it must be set
  337.           // to N to prevent re-initializing the session continuously
  338.           vars.setSessionValue("#loggingIn", "N");
  339.         } else {
  340.           variables.updateHistory(request);
  341.         }
  342.       }
  343.       if (log4j.isDebugEnabled()) {
  344.         log4j.debug("Call to HttpBaseServlet.service");
  345.       }
  346.     } catch (final DefaultValidationException d) {
  347.       // Added DefaultValidationException class to catch user login
  348.       // without a valid role
  349.  
  350.       String title = Utility.messageBD(myPool, "InvalidDefaultLoginTitle", variables.getLanguage())
  351.           .replace("%0", d.getDefaultField());
  352.       String msg = Utility.messageBD(myPool, "InvalidDefaultLoginMsg", variables.getLanguage())
  353.           .replace("%0", d.getDefaultField());
  354.       final OBError roleError = new OBError();
  355.       roleError.setTitle(title);
  356.       roleError.setType("Error");
  357.       roleError.setMessage(msg);
  358.       invalidLogin(request, response, roleError);
  359.       return;
  360.     } catch (final IllegalStateException ise) {
  361.       log4j.error("HTTPSecureAppServlet.service() - exception caught: ", ise);
  362.       invalidateSession(request);
  363.       return;
  364.     } catch (final Exception e) {
  365.       // Re-login
  366.       log4j.error("HTTPSecureAppServlet.service() - exception caught: ", e);
  367.       logout(request, response);
  368.       return;
  369.     } finally {
  370.       final boolean sessionCreated = !sessionExists && null != request.getSession(false);
  371.       if (AuthenticationManager.isStatelessRequest(request) && sessionCreated) {
  372.         log4j.warn("Stateless request, still a session was created " + request.getRequestURL()
  373.             + " " + request.getQueryString());
  374.       }
  375.       OBContext.restorePreviousMode();
  376.     }
  377.  
  378.     try {
  379.  
  380.       super.initialize(request, response);
  381.       final VariablesSecureApp vars1 = new VariablesSecureApp(request, false);
  382.  
  383.       SessionInfo.setUserId(strUserAuth);
  384.       SessionInfo.setSessionId(vars1.getSessionValue("#AD_Session_ID"));
  385.  
  386.       // Hack to know whether the servlet is a poup. strPopup cannot be used because it indicates in
  387.       // has been called from a popup.
  388.       boolean isPopup = vars1.getCommand().indexOf("BUTTON") != -1
  389.           || vars1.getCommand().indexOf("POPUP") != -1
  390.           || !vars1.getStringParameter("inpProcessId").equals("");
  391.  
  392.       FeatureRestriction featureRestriction = ActivationKey.getInstance().hasLicenseAccess(
  393.           classInfo.type, classInfo.id);
  394.       if (featureRestriction != FeatureRestriction.NO_RESTRICTION) {
  395.         licenseError(classInfo.type, classInfo.id, featureRestriction, response, request, vars1,
  396.             isPopup);
  397.       } else if (vars1.getRole().equals("") || hasAccess(vars1)) {
  398.  
  399.         if (classInfo.id != null && !classInfo.id.equals("") && SessionInfo.getProcessId() == null) {
  400.           // Set process id in session in case there is info for that and it has not been already
  401.           // set by the Servlet itself
  402.           SessionInfo.setProcessId(classInfo.id);
  403.           SessionInfo.setProcessType(classInfo.type);
  404.           SessionInfo.setModuleId(classInfo.adModuleId);
  405.         }
  406.  
  407.         if (SessionInfo.getCommand() == null) {
  408.           // Set command based on vars if it has not explicitly set
  409.           SessionInfo.setCommand(vars1.getCommand());
  410.         }
  411.  
  412.         // Autosave logic
  413.         final Boolean saveRequest = (Boolean) request.getAttribute("autosave");
  414.         final String strTabId = vars1.getStringParameter("inpTabId");
  415.  
  416.         if (saveRequest == null && strTabId != null) {
  417.  
  418.           final String autoSave = request.getParameter("autosave");
  419.           Boolean failedAutosave = (Boolean) vars1.getSessionObject(strTabId + "|failedAutosave");
  420.  
  421.           if (failedAutosave == null) {
  422.             failedAutosave = false;
  423.           }
  424.  
  425.           if (autoSave != null && autoSave.equalsIgnoreCase("Y") && !failedAutosave) {
  426.  
  427.             if (log4j.isDebugEnabled()) {
  428.               log4j.debug("service: saveRequest - " + this.getClass().getCanonicalName()
  429.                   + " - autosave: " + autoSave);
  430.             }
  431.  
  432.             if (log4j.isDebugEnabled()) {
  433.               log4j.debug(this.getClass().getCanonicalName() + " - hash: "
  434.                   + vars1.getPostDataHash());
  435.             }
  436.  
  437.             final String servletMappingName = request.getParameter("mappingName");
  438.  
  439.             if (servletMappingName != null
  440.                 && !Utility.isExcludedFromAutoSave(this.getClass().getCanonicalName())
  441.                 && !vars1.commandIn("DIRECT")) {
  442.  
  443.               final String hash = vars1.getSessionValue(servletMappingName + "|hash");
  444.  
  445.               if (log4j.isDebugEnabled()) {
  446.                 log4j.debug("hash in session: " + hash);
  447.               }
  448.               // Check if the form was previously saved based on
  449.               // the hash of the post data
  450.               if (!hash.equals(vars1.getPostDataHash())) {
  451.                 request.setAttribute("autosave", true);
  452.                 if (isPopup)
  453.                   // Adding pop-up window attribute to close the window on failed auto-save
  454.                   request.setAttribute("popupWindow", true);
  455.                 // forward request
  456.                 if (!forwardRequest(request, response)) {
  457.                   return; // failed save
  458.                 }
  459.               }
  460.             }
  461.           }
  462.         }
  463.         long t = System.currentTimeMillis();
  464.         super.serviceInitialized(request, response);
  465.         UsageAudit.auditActionNoDal(cp, vars1, this.getClass().getName(),
  466.             System.currentTimeMillis() - t);
  467.       } else {
  468.         if ((strPopUp != null && !strPopUp.equals("")) || classInfo.type.equals("S")) {
  469.           bdErrorGeneralPopUp(request, response,
  470.               Utility.messageBD(this, "Error", variables.getLanguage()),
  471.               Utility.messageBD(this, "AccessTableNoView", variables.getLanguage()));
  472.         } else {
  473.           bdError(request, response, "AccessTableNoView", vars1.getLanguage());
  474.         }
  475.         String roleStr = "".equals(vars1.getRole()) ? "" : " (" + vars1.getRole() + ")";
  476.         log4j
  477.             .warn("Role" + roleStr + " tried to access ungranted resource with ID " + classInfo.id);
  478.       }
  479.     } catch (final ServletException ex) {
  480.       log4j.error("Error captured: ", ex);
  481.       final VariablesSecureApp vars1 = new VariablesSecureApp(request, false);
  482.       final OBError myError = Utility.translateError(this, vars1, variables.getLanguage(),
  483.           ex.getMessage());
  484.       if (strAjax != null && !strAjax.equals(""))
  485.         bdErrorAjax(response, myError.getType(), myError.getTitle(), myError.getMessage());
  486.       else if (strHidden != null && !strHidden.equals(""))
  487.         bdErrorHidden(response, myError.getType(), myError.getTitle(), myError.getMessage());
  488.       else if (!myError.isConnectionAvailable())
  489.         bdErrorConnection(response);
  490.       else if (strPopUp != null && !strPopUp.equals(""))
  491.         bdErrorGeneralPopUp(request, response, myError.getTitle(), myError.getMessage());
  492.       else
  493.         bdErrorGeneral(request, response, myError.getTitle(), myError.getMessage());
  494.     } catch (final OBException e) {
  495.       final Boolean isAutosaving = (Boolean) request.getAttribute("autosave");
  496.       if (isAutosaving != null && isAutosaving) {
  497.         request.removeAttribute("autosave");
  498.         request.removeAttribute("popupWindow");
  499.         throw e;
  500.       } else {
  501.         log4j.error("Error captured: ", e);
  502.         if (strPopUp != null && !strPopUp.equals(""))
  503.           bdErrorGeneralPopUp(request, response, "Error", e.toString());
  504.         else
  505.           bdErrorGeneral(request, response, "Error", e.toString());
  506.       }
  507.     } catch (final Exception e) {
  508.       log4j.error("Error captured: ", e);
  509.       if (strPopUp != null && !strPopUp.equals(""))
  510.         bdErrorGeneralPopUp(request, response, "Error", e.toString());
  511.       else
  512.         bdErrorGeneral(request, response, "Error", e.toString());
  513.     }
  514.   }
  515.  
  516.   // We check if there is a Openbravo Professional Subscription restriction in the license,
  517.   // or if the last rebuild didn't go well. If any of these are true, then the user is
  518.   // allowed to login only as system administrator
  519.   private boolean areThereLicenseRestrictions(String sessionId) {
  520.     LicenseRestriction limitation = ActivationKey.getInstance().checkOPSLimitations(sessionId);
  521.     return limitation == LicenseRestriction.OPS_INSTANCE_NOT_ACTIVE
  522.         || limitation == LicenseRestriction.NUMBER_OF_CONCURRENT_USERS_REACHED
  523.         || limitation == LicenseRestriction.MODULE_EXPIRED
  524.         || limitation == LicenseRestriction.NOT_MATCHED_INSTANCE
  525.         || limitation == LicenseRestriction.HB_NOT_ACTIVE
  526.         || limitation == LicenseRestriction.ON_DEMAND_OFF_PLATFORM
  527.         || limitation == LicenseRestriction.POS_TERMINALS_EXCEEDED;
  528.   }
  529.  
  530.   /**
  531.    * Cheks access passing all the parameters
  532.    *
  533.    * @param vars
  534.    * @param type
  535.    *          type of element
  536.    * @param id
  537.    *          id for the element
  538.    * @return true in case it has access false if not
  539.    */
  540.   protected boolean hasGeneralAccess(VariablesSecureApp vars, String type, String id) {
  541.     try {
  542.       ConnectionProvider cp = new DalConnectionProvider(false);
  543.       final String accessLevel = SeguridadData.selectAccessLevel(cp, type, id);
  544.       vars.setSessionValue("#CurrentAccessLevel", accessLevel);
  545.       if (type.equals("W")) {
  546.         return hasLevelAccess(vars, accessLevel)
  547.             && SeguridadData.selectAccess(cp, vars.getRole(), "TABLE", id).equals("0")
  548.             && !SeguridadData.selectAccess(cp, vars.getRole(), type, id).equals("0");
  549.       } else if (type.equals("S")) {
  550.         return !SeguridadData.selectAccessSearch(cp, vars.getRole(), id).equals("0");
  551.       } else if (type.equals("C"))
  552.         return true;
  553.       else
  554.         return hasLevelAccess(vars, accessLevel)
  555.             && !SeguridadData.selectAccess(cp, vars.getRole(), type, id).equals("0");
  556.     } catch (final Exception e) {
  557.       log4j.error("Error checking access: ", e);
  558.       return false;
  559.     }
  560.  
  561.   }
  562.  
  563.   /**
  564.    * Checks if the user has access to the window
  565.    * */
  566.   private boolean hasAccess(VariablesSecureApp vars) {
  567.     try {
  568.       if (classInfo == null || classInfo.id.equals("") || classInfo.type.equals(""))
  569.         return true;
  570.       return hasGeneralAccess(vars, classInfo.type, classInfo.id);
  571.  
  572.     } catch (final Exception e) {
  573.       log4j.error("Error checking access: ", e);
  574.       return false;
  575.     }
  576.   }
  577.  
  578.   /**
  579.    * Checks if the level access is correct.
  580.    *
  581.    */
  582.   private boolean hasLevelAccess(VariablesSecureApp vars, String accessLevel) {
  583.     if (!OBContext.getOBContext().doAccessLevelCheck()) {
  584.       return true;
  585.     }
  586.  
  587.     final String userLevel = vars.getSessionValue("#User_Level");
  588.  
  589.     boolean retValue = true;
  590.  
  591.     // NOTE: if the logic here changes then also the logic in the
  592.     // EntityAccessChecker.hasCorrectAccessLevel needs to be updated
  593.     // Centralizing the logic seemed difficult because of build dependencies
  594.     if (accessLevel.equals("4") && userLevel.indexOf("S") == -1)
  595.       retValue = false;
  596.     else if (accessLevel.equals("1") && userLevel.indexOf("O") == -1)
  597.       retValue = false;
  598.     else if (accessLevel.equals("3")
  599.         && (!(userLevel.indexOf("C") != -1 || userLevel.indexOf("O") != -1)))
  600.       retValue = false;
  601.     else if (accessLevel.equals("6")
  602.         && (!(userLevel.indexOf("S") != -1 || userLevel.indexOf("C") != -1)))
  603.       retValue = false;
  604.  
  605.     return retValue;
  606.   }
  607.  
  608.   protected void logout(HttpServletRequest request, HttpServletResponse response)
  609.       throws IOException, ServletException {
  610.  
  611.     invalidateSession(request);
  612.  
  613.     // reset the obcontext
  614.     OBContext.setOBContext((OBContext) null);
  615.  
  616.     m_AuthManager.logout(request, response);
  617.   }
  618.  
  619.   protected void invalidateSession(HttpServletRequest request) {
  620.     HttpSession session = request.getSession(false);
  621.     if (session != null) {
  622.       // finally invalidate the session (this event will be caught by the session listener
  623.       session.invalidate();
  624.     }
  625.   }
  626.  
  627.   /**
  628.    * Logs the user out of the application, clears the session and returns the HTMLErrorLogin page
  629.    * with the relevant error message passed into the method.
  630.    *
  631.    * @param request
  632.    * @param response
  633.    * @param error
  634.    * @throws IOException
  635.    * @throws ServletException
  636.    */
  637.   private void invalidLogin(HttpServletRequest request, HttpServletResponse response, OBError error)
  638.       throws IOException, ServletException {
  639.  
  640.     HttpSession session = request.getSession(false);
  641.     if (session != null) {
  642.       // finally invalidate the session (this event will be caught by the session listener
  643.       session.invalidate();
  644.     }
  645.     OBContext.setOBContext((OBContext) null);
  646.  
  647.     String discard[] = { "continueButton" };
  648.  
  649.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  650.         "org/openbravo/base/secureApp/HtmlErrorLogin", discard).createXmlDocument();
  651.  
  652.     xmlDocument.setParameter("messageType", error.getType());
  653.     xmlDocument.setParameter("messageTitle", error.getTitle());
  654.     xmlDocument.setParameter("messageMessage", error.getMessage());
  655.  
  656.     response.setContentType("text/html");
  657.     final PrintWriter out = response.getWriter();
  658.     out.println(xmlDocument.print());
  659.     out.close();
  660.  
  661.   }
  662.  
  663.   protected void setHistoryCommand(HttpServletRequest request, String strCommand) {
  664.     final Variables vars = new Variables(request);
  665.     vars.setHistoryCommand(strCommand);
  666.   }
  667.  
  668.   protected void advise(HttpServletRequest request, HttpServletResponse response, String strTipo,
  669.       String strTitulo, String strTexto) throws IOException {
  670.  
  671.     String myTheme;
  672.     if (request != null)
  673.       myTheme = new Variables(request).getSessionValue("#Theme");
  674.     else
  675.       myTheme = "Default";
  676.  
  677.     final XmlDocument xmlDocument = xmlEngine
  678.         .readXmlTemplate("org/openbravo/base/secureApp/Advise").createXmlDocument();
  679.  
  680.     xmlDocument.setParameter("theme", myTheme);
  681.     xmlDocument.setParameter("ParamTipo", strTipo.toUpperCase());
  682.     xmlDocument.setParameter("ParamTitulo", strTitulo);
  683.     xmlDocument.setParameter("ParamTexto", strTexto);
  684.     response.setContentType("text/html; charset=UTF-8");
  685.     final PrintWriter out = response.getWriter();
  686.     out.println(xmlDocument.print());
  687.     out.close();
  688.   }
  689.  
  690.   protected void advisePopUp(HttpServletRequest request, HttpServletResponse response,
  691.       String strTitulo, String strTexto) throws IOException {
  692.     advisePopUp(request, response, "Error", strTitulo, strTexto);
  693.   }
  694.  
  695.   protected void advisePopUp(HttpServletRequest request, HttpServletResponse response,
  696.       String strTipo, String strTitulo, String strTexto) throws IOException {
  697.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  698.         "org/openbravo/base/secureApp/AdvisePopUp").createXmlDocument();
  699.  
  700.     String myTheme;
  701.     if (request != null)
  702.       myTheme = new Variables(request).getSessionValue("#Theme");
  703.     else
  704.       myTheme = "Default";
  705.     xmlDocument.setParameter("theme", myTheme);
  706.     xmlDocument.setParameter("PopupTitle",
  707.         OBMessageUtils.getI18NMessage("OBUIAPP_" + strTipo, null));
  708.     xmlDocument.setParameter("ParamTipo", strTipo.toUpperCase());
  709.     xmlDocument.setParameter("ParamTitulo", strTitulo);
  710.     xmlDocument.setParameter("ParamTexto", strTexto);
  711.     response.setContentType("text/html; charset=UTF-8");
  712.     final PrintWriter out = response.getWriter();
  713.     out.println(xmlDocument.print());
  714.     out.close();
  715.   }
  716.  
  717.   /**
  718.    * Creates a pop up that when closed, will refresh the parent window.
  719.    *
  720.    * @param response
  721.    *          the HttpServletResponse object
  722.    * @param strType
  723.    *          the type of message to be displayed (e.g. ERROR, SUCCESS)
  724.    * @param strTitle
  725.    *          the title of the popup window
  726.    * @param strText
  727.    *          the text to be displayed in the popup message area
  728.    * @throws IOException
  729.    *           if an error occurs writing to the output stream
  730.    */
  731.   protected void advisePopUpRefresh(HttpServletRequest request, HttpServletResponse response,
  732.       String strType, String strTitle, String strText) throws IOException {
  733.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  734.         "org/openbravo/base/secureApp/AdvisePopUpRefresh").createXmlDocument();
  735.  
  736.     String myTheme;
  737.     if (request != null)
  738.       myTheme = new Variables(request).getSessionValue("#Theme");
  739.     else
  740.       myTheme = "Default";
  741.  
  742.     xmlDocument.setParameter("theme", myTheme);
  743.     xmlDocument.setParameter("ParamType", strType.toUpperCase());
  744.     xmlDocument.setParameter("ParamTitle", strTitle);
  745.     xmlDocument.setParameter("ParamText", strText);
  746.     response.setContentType("text/html; charset=UTF-8");
  747.     final PrintWriter out = response.getWriter();
  748.     out.println(xmlDocument.print());
  749.     out.close();
  750.   }
  751.  
  752.   protected void bdError(HttpServletRequest request, HttpServletResponse response, String strCode,
  753.       String strLanguage) throws IOException {
  754.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate("org/openbravo/base/secureApp/Error")
  755.         .createXmlDocument();
  756.  
  757.     String myTheme;
  758.     if (request != null)
  759.       myTheme = new Variables(request).getSessionValue("#Theme");
  760.     else
  761.       myTheme = "Default";
  762.  
  763.     xmlDocument.setParameter("theme", myTheme);
  764.     xmlDocument.setParameter("ParamTitulo", strCode);
  765.     xmlDocument.setParameter("ParamTexto", Utility.messageBD(this, strCode, strLanguage));
  766.     response.setContentType("text/html; charset=UTF-8");
  767.     final PrintWriter out = response.getWriter();
  768.     out.println(xmlDocument.print());
  769.     out.close();
  770.   }
  771.  
  772.   protected void bdErrorGeneralPopUp(HttpServletRequest request, HttpServletResponse response,
  773.       String strTitle, String strText) throws IOException {
  774.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  775.         "org/openbravo/base/secureApp/ErrorPopUp").createXmlDocument();
  776.  
  777.     String myTheme;
  778.     if (request != null)
  779.       myTheme = new Variables(request).getSessionValue("#Theme");
  780.     else
  781.       myTheme = "Default";
  782.  
  783.     xmlDocument.setParameter("theme", myTheme);
  784.     xmlDocument.setParameter("ParamTipo", "ERROR");
  785.     xmlDocument.setParameter("ParamTitulo", strTitle);
  786.     xmlDocument.setParameter("ParamTexto", strText);
  787.     response.setContentType("text/html; charset=UTF-8");
  788.     final PrintWriter out = response.getWriter();
  789.     out.println(xmlDocument.print());
  790.     out.close();
  791.   }
  792.  
  793.   private void bdErrorGeneral(HttpServletRequest request, HttpServletResponse response,
  794.       String strTitle, String strText) throws IOException {
  795.     String discard[] = { "" };
  796.     if (OBContext.getOBContext().isNewUI()) {
  797.       discard[0] = "backButton";
  798.     }
  799.  
  800.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate("org/openbravo/base/secureApp/Error",
  801.         discard).createXmlDocument();
  802.  
  803.     String myTheme;
  804.     if (request != null)
  805.       myTheme = new Variables(request).getSessionValue("#Theme");
  806.     else
  807.       myTheme = "Default";
  808.  
  809.     xmlDocument.setParameter("theme", myTheme);
  810.     xmlDocument.setParameter("ParamTitulo", strTitle);
  811.     xmlDocument.setParameter("ParamTexto", strText);
  812.  
  813.     response.setContentType("text/html; charset=UTF-8");
  814.     final PrintWriter out = response.getWriter();
  815.     out.println(xmlDocument.print());
  816.     out.close();
  817.   }
  818.  
  819.   protected void bdErrorConnection(HttpServletResponse response) throws IOException {
  820.     if (log4j.isDebugEnabled())
  821.       log4j.debug("Output: Error connection");
  822.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  823.         "org/openbravo/base/secureApp/ErrorConnection").createXmlDocument();
  824.  
  825.     response.setContentType("text/html; charset=UTF-8");
  826.     final PrintWriter out = response.getWriter();
  827.     out.println(xmlDocument.print());
  828.     out.close();
  829.   }
  830.  
  831.   protected void bdErrorAjax(HttpServletResponse response, String strType, String strTitle,
  832.       String strText) throws IOException {
  833.     response.setContentType("text/xml; charset=UTF-8");
  834.     final PrintWriter out = response.getWriter();
  835.     out.println("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n");
  836.     out.println("<xml-structure>\n");
  837.     out.println("  <status>\n");
  838.     out.println("    <type>" + strType + "</type>\n");
  839.     out.println("    <title>" + strTitle + "</title>\n");
  840.     out.println("    <description><![CDATA[" + strText + "]]></description>\n");
  841.     out.println("  </status>\n");
  842.     out.println("</xml-structure>\n");
  843.     out.close();
  844.   }
  845.  
  846.   protected void bdErrorHidden(HttpServletResponse response, String strType, String strTitle,
  847.       String strText) throws IOException {
  848.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  849.         "org/openbravo/erpCommon/ad_callouts/CallOut").createXmlDocument();
  850.  
  851.     final StringBuffer resultado = new StringBuffer();
  852.     resultado.append("var calloutName='';\n\n");
  853.     resultado.append("var respuesta = new Array(\n");
  854.  
  855.     resultado.append("new Array(\"MESSAGE\", \"");
  856.     resultado.append(strText);
  857.     resultado.append("\")");
  858.     resultado.append("\n);");
  859.  
  860.     xmlDocument.setParameter("array", resultado.toString());
  861.     response.setContentType("text/html; charset=UTF-8");
  862.     final PrintWriter out = response.getWriter();
  863.     out.println(xmlDocument.print());
  864.     out.close();
  865.   }
  866.  
  867.   protected void pageError(HttpServletResponse response) throws IOException {
  868.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  869.         "org/openbravo/base/secureApp/HtmlError").createXmlDocument();
  870.  
  871.     response.setContentType("text/html; charset=UTF-8");
  872.     final PrintWriter out = response.getWriter();
  873.     out.println(xmlDocument.print());
  874.     out.close();
  875.   }
  876.  
  877.   protected void pageErrorPopUp(HttpServletResponse response) throws IOException {
  878.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  879.         "org/openbravo/base/secureApp/HtmlErrorPopUp").createXmlDocument();
  880.  
  881.     response.setContentType("text/html; charset=UTF-8");
  882.     final PrintWriter out = response.getWriter();
  883.     out.println(xmlDocument.print());
  884.     out.close();
  885.   }
  886.  
  887.   protected void whitePage(HttpServletResponse response) throws IOException {
  888.     whitePage(response, "");
  889.   }
  890.  
  891.   protected void licenseError(String type, String id, FeatureRestriction featureRestriction,
  892.       HttpServletResponse response, HttpServletRequest request, VariablesSecureApp vars,
  893.       boolean isPopup) throws IOException {
  894.     String titleText = getArtifactName(type, id, vars.getLanguage());
  895.     String infoText = "";
  896.  
  897.     String editionType = null;
  898.     String completeWindowMsg = "";
  899.     String discard[] = { "" };
  900.     String msg;
  901.  
  902.     switch (featureRestriction) {
  903.     case TIER1_RESTRICTION:
  904.       editionType = "OBPSAnyEdition";
  905.       // do not break continue with next tier restriction
  906.     case TIER2_RESTRICTION:
  907.       if (editionType == null) {
  908.         editionType = "OBPSStandardEdition";
  909.       }
  910.       // <p> in java, to allow multi-paragraph text via the parameter
  911.       infoText = "<p>"
  912.           + Utility.messageBD(this, "FEATURE_OBPS_ONLY", vars.getLanguage())
  913.               .replace("@ProfessionalEditionType@",
  914.                   Utility.messageBD(this, editionType, vars.getLanguage())) + "</p>";
  915.       completeWindowMsg = infoText + "\n"
  916.           + Utility.messageBD(this, "LearnHowToActivate", vars.getLanguage());
  917.       break;
  918.     case GOLDEN_RESTRICTION:
  919.       discard[0] = "links";
  920.       msg = Utility.messageBD(this, "OBPSGoldenKeyRestricted", vars.getLanguage());
  921.       infoText = msg;
  922.       completeWindowMsg = msg;
  923.       break;
  924.     case DISABLED_MODULE_RESTRICTION:
  925.       discard[0] = "links";
  926.       msg = Utility.messageBD(this, "FeatureInDisabledModule", vars.getLanguage());
  927.       infoText = msg;
  928.       completeWindowMsg = msg;
  929.       break;
  930.     default:
  931.       break;
  932.     }
  933.  
  934.     String linkText = Utility.messageBD(this, "LEARN_HOW", vars.getLanguage());
  935.     String afterLinkText = Utility.messageBD(this, "ACTIVATE_INSTANCE", vars.getLanguage());
  936.  
  937.     if (isPopup) {
  938.       XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  939.           "org/openbravo/erpCommon/obps/ErrorActivatedInstancesOnly", discard).createXmlDocument();
  940.  
  941.       xmlDocument.setParameter("directory", "var baseDirectory = \"" + strReplaceWith + "/\";\n");
  942.       xmlDocument.setParameter("language", "defaultLang=\"" + vars.getLanguage() + "\";");
  943.       xmlDocument.setParameter("theme", vars.getTheme());
  944.       xmlDocument.setParameter("titleText", titleText);
  945.       xmlDocument.setParameter("infoText", infoText);
  946.       xmlDocument.setParameter("linkText", linkText);
  947.       xmlDocument.setParameter("afterLinkText", afterLinkText);
  948.  
  949.       response.setContentType("text/html; charset=UTF-8");
  950.       PrintWriter out = response.getWriter();
  951.       out.println(xmlDocument.print());
  952.       out.close();
  953.     } else {
  954.       bdErrorGeneral(request, response, titleText, completeWindowMsg);
  955.     }
  956.   }
  957.  
  958.   private String getArtifactName(String type, String id, String language) {
  959.     OBContext.setAdminMode();
  960.     try {
  961.       if ("W".equals(type)) {
  962.         Tab tab = OBDal.getInstance().get(Tab.class, id);
  963.         if (tab != null) {
  964.           OBCriteria<WindowTrl> qtTrl = OBDal.getInstance().createCriteria(WindowTrl.class);
  965.           qtTrl.add(Restrictions.eq(WindowTrl.PROPERTY_WINDOW, tab.getWindow()));
  966.           qtTrl.add(Restrictions.eq(WindowTrl.PROPERTY_LANGUAGE + ".language", language));
  967.           if (qtTrl.list().size() != 0) {
  968.             return qtTrl.list().get(0).getName();
  969.           } else {
  970.             return tab.getWindow().getName();
  971.           }
  972.         }
  973.       } else if ("X".equals(type)) {
  974.         OBCriteria<FormTrl> qfTrl = OBDal.getInstance().createCriteria(FormTrl.class);
  975.         qfTrl.add(Restrictions.eq(FormTrl.PROPERTY_SPECIALFORM + ".id", id));
  976.         qfTrl.add(Restrictions.eq(FormTrl.PROPERTY_LANGUAGE + ".language", language));
  977.         if (qfTrl.list().size() != 0) {
  978.           return qfTrl.list().get(0).getName();
  979.         }
  980.  
  981.         Form f = OBDal.getInstance().get(Form.class, id);
  982.         if (f != null) {
  983.           return f.getName();
  984.         }
  985.       } else if ("R".endsWith(type) || "P".equals(type)) {
  986.         OBCriteria<ProcessTrl> qfTrl = OBDal.getInstance().createCriteria(ProcessTrl.class);
  987.         qfTrl.add(Restrictions.eq(ProcessTrl.PROPERTY_PROCESS + ".id", id));
  988.         qfTrl.add(Restrictions.eq(ProcessTrl.PROPERTY_LANGUAGE + ".language", language));
  989.         if (qfTrl.list().size() != 0) {
  990.           return qfTrl.list().get(0).getName();
  991.         }
  992.  
  993.         Process f = OBDal.getInstance().get(Process.class, id);
  994.         if (f != null) {
  995.           return f.getName();
  996.         }
  997.       }
  998.     } finally {
  999.       OBContext.restorePreviousMode();
  1000.     }
  1001.     return "";
  1002.   }
  1003.  
  1004.   protected void whitePage(HttpServletResponse response, String strAlert) throws IOException {
  1005.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  1006.         "org/openbravo/base/secureApp/HtmlWhitePage").createXmlDocument();
  1007.  
  1008.     xmlDocument.setParameter("body", strAlert == null ? "" : strAlert);
  1009.  
  1010.     response.setContentType("text/html; charset=UTF-8");
  1011.     final PrintWriter out = response.getWriter();
  1012.     out.println(xmlDocument.print());
  1013.     out.close();
  1014.   }
  1015.  
  1016.   protected void printPageClosePopUp(HttpServletResponse response, VariablesSecureApp vars,
  1017.       String path) throws IOException, ServletException {
  1018.     if (log4j.isDebugEnabled())
  1019.       log4j.debug("Output: PopUp Response");
  1020.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  1021.         "org/openbravo/base/secureApp/PopUp_Response").createXmlDocument();
  1022.  
  1023.     xmlDocument.setParameter("language", "defaultLang=\"" + vars.getLanguage() + "\";");
  1024.     xmlDocument.setParameter("href", path.equals("") ? "null" : "'" + path + "'");
  1025.     response.setContentType("text/html; charset=UTF-8");
  1026.     final PrintWriter out = response.getWriter();
  1027.     out.println(xmlDocument.print());
  1028.     out.close();
  1029.   }
  1030.  
  1031.   protected void printPageClosePopUp(HttpServletResponse response, VariablesSecureApp vars,
  1032.       String path, String tabTitle) throws IOException, ServletException {
  1033.     if (log4j.isDebugEnabled())
  1034.       log4j.debug("Output: PopUp Response");
  1035.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  1036.         "org/openbravo/base/secureApp/PopUp_Response").createXmlDocument();
  1037.     JSONObject js = new JSONObject();
  1038.     try {
  1039.       js.put("tabTitle", tabTitle);
  1040.       js.put("addToRecents", false);
  1041.     } catch (Exception e) {
  1042.       js = null;
  1043.     }
  1044.     xmlDocument.setParameter("language", "defaultLang=\"" + vars.getLanguage() + "\";");
  1045.     xmlDocument.setParameter("href", path.equals("") ? "null" : "'" + path + "'");
  1046.     xmlDocument.setParameter("details", js == null ? "var newTabParams={};" : "var newTabParams="
  1047.         + js.toString() + ";");
  1048.     response.setContentType("text/html; charset=UTF-8");
  1049.     final PrintWriter out = response.getWriter();
  1050.     out.println(xmlDocument.print());
  1051.     out.close();
  1052.   }
  1053.  
  1054.   protected void printPageClosePopUp(HttpServletResponse response, VariablesSecureApp vars)
  1055.       throws IOException, ServletException {
  1056.     printPageClosePopUp(response, vars, "");
  1057.   }
  1058.  
  1059.   protected void printPagePopUpDownload(ServletOutputStream os, String fileName)
  1060.       throws IOException, ServletException {
  1061.     if (log4j.isDebugEnabled())
  1062.       log4j.debug("Output: PopUp Download");
  1063.     String href = strDireccion + "/utility/DownloadReport.html?report=" + fileName;
  1064.     XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  1065.         "org/openbravo/base/secureApp/PopUp_Download").createXmlDocument();
  1066.     xmlDocument.setParameter("href", href);
  1067.     os.println(xmlDocument.print());
  1068.     os.close();
  1069.   }
  1070.  
  1071.   protected void printPagePopUpDownloadAndRefresh(ServletOutputStream os, String fileName)
  1072.       throws IOException, ServletException {
  1073.     if (log4j.isDebugEnabled())
  1074.       log4j.debug("Output: PopUp Download");
  1075.     String href = strDireccion + "/utility/DownloadReport.html?report=" + fileName;
  1076.     XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  1077.         "org/openbravo/base/secureApp/PopUp_DownloadAndRefresh").createXmlDocument();
  1078.     xmlDocument.setParameter("href", href);
  1079.     os.println(xmlDocument.print());
  1080.     os.close();
  1081.   }
  1082.  
  1083.   private void printPageClosePopUpAndRefresh(HttpServletResponse response, VariablesSecureApp vars)
  1084.       throws IOException, ServletException {
  1085.     if (log4j.isDebugEnabled())
  1086.       log4j.debug("Output: PopUp Response");
  1087.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  1088.         "org/openbravo/base/secureApp/PopUp_Close_Refresh").createXmlDocument();
  1089.     xmlDocument.setParameter("language", "defaultLang=\"" + vars.getLanguage() + "\";");
  1090.     response.setContentType("text/html; charset=UTF-8");
  1091.     final PrintWriter out = response.getWriter();
  1092.     out.println(xmlDocument.print());
  1093.     out.close();
  1094.   }
  1095.  
  1096.   protected void printPageClosePopUpAndRefreshParent(HttpServletResponse response,
  1097.       VariablesSecureApp vars) throws IOException, ServletException {
  1098.     if (log4j.isDebugEnabled())
  1099.       log4j.debug("Output: PopUp Response");
  1100.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  1101.         "org/openbravo/base/secureApp/PopUp_Close_And_Refresh").createXmlDocument();
  1102.     xmlDocument.setParameter("language", "defaultLang=\"" + vars.getLanguage() + "\";");
  1103.     response.setContentType("text/html; charset=UTF-8");
  1104.     final PrintWriter out = response.getWriter();
  1105.     out.println(xmlDocument.print());
  1106.     out.close();
  1107.   }
  1108.  
  1109.   protected void pageErrorCallOut(HttpServletResponse response) throws IOException {
  1110.     final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
  1111.         "org/openbravo/base/secureApp/HtmlErrorCallOut").createXmlDocument();
  1112.  
  1113.     response.setContentType("text/html; charset=UTF-8");
  1114.     final PrintWriter out = response.getWriter();
  1115.     out.println(xmlDocument.print());
  1116.     out.close();
  1117.   }
  1118.  
  1119.   /**
  1120.    * @deprecated use {@link HttpSecureAppServlet#readProperties(VariablesSecureApp)} instead
  1121.    */
  1122.   protected void readProperties(VariablesSecureApp vars, String strFileProperties) {
  1123.     readProperties(vars);
  1124.   }
  1125.  
  1126.   /**
  1127.    * Reads some configuration properties from Openbravo.properties and sets them in session
  1128.    */
  1129.   protected void readProperties(VariablesSecureApp vars) {
  1130.     // Read properties file.
  1131.     final Properties properties = OBPropertiesProvider.getInstance().getOpenbravoProperties();
  1132.  
  1133.     final String javaDateFormat = properties.getProperty("dateFormat.java");
  1134.     vars.setSessionValue("#AD_JavaDateFormat", javaDateFormat);
  1135.  
  1136.     final String javaDateTimeFormat = properties.getProperty("dateTimeFormat.java");
  1137.     vars.setSessionValue("#AD_JavaDateTimeFormat", javaDateTimeFormat);
  1138.  
  1139.     final String sqlDateTimeFormat = properties.getProperty("dateTimeFormat.sql");
  1140.     vars.setSessionValue("#AD_SqlDateTimeFormat", sqlDateTimeFormat);
  1141.  
  1142.     final String jsDateFormat = properties.getProperty("dateFormat.js");
  1143.     vars.setSessionValue("#AD_JsDateFormat", jsDateFormat);
  1144.  
  1145.     final String sqlDateFormat = properties.getProperty("dateFormat.sql");
  1146.     vars.setSessionValue("#AD_SqlDateFormat", sqlDateFormat);
  1147.  
  1148.     final String pentahoServer = properties.getProperty("pentahoServer");
  1149.     vars.setSessionValue("#pentahoServer", pentahoServer);
  1150.  
  1151.     final String sourcePath = properties.getProperty("source.path");
  1152.     vars.setSessionValue("#sourcePath", sourcePath);
  1153.  
  1154.     if (log4j.isDebugEnabled()) {
  1155.       log4j.debug("javaDateFormat: " + javaDateFormat);
  1156.       log4j.debug("javaDateTimeFormat: " + javaDateTimeFormat);
  1157.       log4j.debug("jsDateFormat: " + jsDateFormat);
  1158.       log4j.debug("sqlDateFormat: " + sqlDateFormat);
  1159.       log4j.debug("pentahoServer: " + pentahoServer);
  1160.       log4j.debug("sourcePath: " + sourcePath);
  1161.     }
  1162.   }
  1163.  
  1164.   protected void readNumberFormat(VariablesSecureApp vars, String strFormatFile) {
  1165.     LoginUtils.readNumberFormat(vars, strFormatFile);
  1166.   }
  1167.  
  1168.   protected void renderJR(VariablesSecureApp variables, HttpServletResponse response,
  1169.       String strReportName, String strOutputType, HashMap<String, Object> designParameters,
  1170.       FieldProvider[] data, Map<Object, Object> exportParameters) throws ServletException {
  1171.     renderJR(variables, response, strReportName, null, strOutputType, designParameters, data,
  1172.         exportParameters, false);
  1173.   }
  1174.  
  1175.   protected void renderJR(VariablesSecureApp variables, HttpServletResponse response,
  1176.       String strReportName, String strFileName, String strOutputType,
  1177.       HashMap<String, Object> designParameters, FieldProvider[] data,
  1178.       Map<Object, Object> exportParameters) throws ServletException {
  1179.     renderJR(variables, response, strReportName, strFileName, strOutputType, designParameters,
  1180.         data, exportParameters, false);
  1181.   }
  1182.  
  1183.   protected void renderJR(VariablesSecureApp variables, HttpServletResponse response,
  1184.       String strReportName, String strFileName, String strOutputType,
  1185.       HashMap<String, Object> designParameters, FieldProvider[] data,
  1186.       Map<Object, Object> exportParameters, boolean forceRefresh) throws ServletException {
  1187.     if (data != null) {
  1188.       renderJR(variables, response, strReportName, strFileName, strOutputType, designParameters,
  1189.           new JRFieldProviderDataSource(data, variables.getJavaDateFormat()), exportParameters,
  1190.           forceRefresh);
  1191.     } else {
  1192.       renderJR(variables, response, strReportName, strFileName, strOutputType, designParameters,
  1193.           (JRDataSource) null, exportParameters, forceRefresh);
  1194.     }
  1195.   }
  1196.  
  1197.   /**
  1198.    * Render a jrxml based report using a {@link ScrollableFieldProvider} as its datasource.
  1199.    *
  1200.    * @see #renderJR(VariablesSecureApp, HttpServletResponse, String, String, String, HashMap,
  1201.    *      JRDataSource, Map, boolean)
  1202.    */
  1203.   protected void renderJR(VariablesSecureApp variables, HttpServletResponse response,
  1204.       String strReportName, String strFileName, String strOutputType,
  1205.       HashMap<String, Object> designParameters, ScrollableFieldProvider sfp,
  1206.       Map<Object, Object> exportParameters) throws ServletException {
  1207.     renderJR(variables, response, strReportName, strFileName, strOutputType, designParameters,
  1208.         new JRScrollableFieldProviderDataSource(sfp, variables.getJavaDateFormat()),
  1209.         exportParameters, false);
  1210.   }
  1211.  
  1212.   private void renderJR(VariablesSecureApp variables, HttpServletResponse response,
  1213.       String strReportName, String strFileName, String strOutputType,
  1214.       HashMap<String, Object> designParameters, JRDataSource data,
  1215.       Map<Object, Object> exportParameters, boolean forceRefresh) throws ServletException {
  1216.     String localStrReportName = strReportName;
  1217.     String localStrOutputType = getExportFormat(strOutputType);
  1218.     String localStrFileName = strFileName;
  1219.     Map<Object, Object> localExportParameters = exportParameters;
  1220.     HashMap<String, Object> localDesignParameters = designParameters;
  1221.     if (localStrReportName == null || localStrReportName.equals(""))
  1222.       localStrReportName = PrintJRData.getReportName(this, classInfo.id);
  1223.  
  1224.     final String strAttach = globalParameters.strFTPDirectory + "/284-" + classInfo.id;
  1225.  
  1226.     final String strLanguage = variables.getLanguage();
  1227.     final Locale locLocale = new Locale(strLanguage.substring(0, 2), strLanguage.substring(3, 5));
  1228.  
  1229.     final String strBaseDesign = getBaseDesignPath(strLanguage);
  1230.  
  1231.     localStrReportName = Replace.replace(
  1232.         Replace.replace(localStrReportName, "@basedesign@", strBaseDesign), "@attach@", strAttach);
  1233.     if (localStrFileName == null) {
  1234.       localStrFileName = localStrReportName.substring(localStrReportName.lastIndexOf("/") + 1);
  1235.     }
  1236.  
  1237.     ServletOutputStream os = null;
  1238.     UUID reportId = null;
  1239.     try {
  1240.       if (localDesignParameters == null)
  1241.         localDesignParameters = new HashMap<String, Object>();
  1242.  
  1243.       localDesignParameters.put("BASE_WEB", strReplaceWithFull);
  1244.       localDesignParameters.put("BASE_DESIGN", strBaseDesign);
  1245.       localDesignParameters.put("ATTACH", strAttach);
  1246.       localDesignParameters.put("USER_CLIENT",
  1247.           Utility.getContext(this, variables, "#User_Client", ""));
  1248.       localDesignParameters.put("USER_ORG", Utility.getContext(this, variables, "#User_Org", ""));
  1249.       localDesignParameters.put("LANGUAGE", strLanguage);
  1250.       localDesignParameters.put("LOCALE", locLocale);
  1251.       localDesignParameters.put("REPORT_TITLE",
  1252.           PrintJRData.getReportTitle(this, variables.getLanguage(), classInfo.id));
  1253.  
  1254.       final DecimalFormatSymbols dfs = new DecimalFormatSymbols();
  1255.       dfs.setDecimalSeparator(variables.getSessionValue("#AD_ReportDecimalSeparator").charAt(0));
  1256.       dfs.setGroupingSeparator(variables.getSessionValue("#AD_ReportGroupingSeparator").charAt(0));
  1257.       final DecimalFormat numberFormat = new DecimalFormat(
  1258.           variables.getSessionValue("#AD_ReportNumberFormat"), dfs);
  1259.       localDesignParameters.put("NUMBERFORMAT", numberFormat);
  1260.  
  1261.       os = response.getOutputStream();
  1262.       if (localExportParameters == null)
  1263.         localExportParameters = new HashMap<Object, Object>();
  1264.  
  1265.       final ExportType expType = ExportType.getExportType(localStrOutputType);
  1266.       ConnectionProvider readOnlyCP = DalConnectionProvider.getReadOnlyConnectionProvider();
  1267.  
  1268.       if (expType == ExportType.HTML) {
  1269.         if (log4j.isDebugEnabled())
  1270.           log4j.debug("JR: Print HTML");
  1271.         response.setHeader("Content-disposition", "inline" + "; filename=" + localStrFileName + "."
  1272.             + localStrOutputType);
  1273.         HttpServletRequest request = RequestContext.get().getRequest();
  1274.         String localAddress = HttpBaseUtils.getLocalAddress(request);
  1275.         localExportParameters.put(ReportingUtils.IMAGES_URI, localAddress
  1276.             + "/servlets/image?image={0}");
  1277.         ReportingUtils.exportJR(localStrReportName, expType, localDesignParameters, os, false,
  1278.             readOnlyCP, data, localExportParameters);
  1279.       } else if (expType != ExportType.XML) {
  1280.         reportId = UUID.randomUUID();
  1281.         File outputFile = new File(globalParameters.strFTPDirectory + "/" + localStrFileName + "-"
  1282.             + (reportId) + "." + localStrOutputType);
  1283.         ReportingUtils.exportJR(localStrReportName, expType, localDesignParameters, outputFile,
  1284.             false, readOnlyCP, data, localExportParameters);
  1285.         response.setContentType("text/html;charset=UTF-8");
  1286.         response.setHeader("Content-disposition", "inline" + "; filename=" + localStrFileName + "-"
  1287.             + (reportId) + ".html");
  1288.         if (forceRefresh) {
  1289.           printPagePopUpDownloadAndRefresh(response.getOutputStream(), localStrFileName + "-"
  1290.               + (reportId) + "." + localStrOutputType);
  1291.         } else {
  1292.           printPagePopUpDownload(response.getOutputStream(), localStrFileName + "-" + (reportId)
  1293.               + "." + localStrOutputType);
  1294.         }
  1295.       }
  1296.  
  1297.     } catch (IOException ioe) {
  1298.       try {
  1299.         FileUtility f = new FileUtility(globalParameters.strFTPDirectory, localStrFileName + "-"
  1300.             + (reportId) + "." + localStrOutputType, false, true);
  1301.         if (f.exists())
  1302.           f.deleteFile();
  1303.       } catch (IOException ioex) {
  1304.         log4j.error("Error trying to delete temporary report file " + localStrFileName + "-"
  1305.             + (reportId) + "." + localStrOutputType + " : " + ioex.getMessage());
  1306.       }
  1307.     } catch (final Exception e) {
  1308.       throw new ServletException(e.getMessage(), e);
  1309.     } finally {
  1310.       try {
  1311.         os.close();
  1312.       } catch (final Exception e) {
  1313.       }
  1314.     }
  1315.   }
  1316.  
  1317.   private String getExportFormat(String outputType) {
  1318.     if (outputType == null || outputType.equals("")) {
  1319.       return ExportType.HTML.getExtension();
  1320.     }
  1321.     if (ExportType.XLS.hasExtension(outputType)) {
  1322.       return ReportingUtils.getExcelExportType().getExtension();
  1323.     }
  1324.     return outputType;
  1325.   }
  1326.  
  1327.   /**
  1328.    * Saves the file and request for download. This approach is required to close the loading pop-up
  1329.    * window.
  1330.    */
  1331.   public void renderFO(String strFo, HttpServletRequest request, HttpServletResponse response)
  1332.       throws ServletException {
  1333.     File baseDir = new File(globalParameters.strFTPDirectory);
  1334.     UUID reportId = UUID.randomUUID();
  1335.  
  1336.     int slashPos = request.getRequestURI().lastIndexOf("/");
  1337.     int dotPos = request.getRequestURI().lastIndexOf(".");
  1338.  
  1339.     String fileName = request.getRequestURI().substring(slashPos + 1, dotPos) + "-" + reportId
  1340.         + ".pdf";
  1341.     File pdffile = new File(baseDir, fileName);
  1342.     OutputStream out = null;
  1343.  
  1344.     try {
  1345.       out = new FileOutputStream(pdffile);
  1346.     } catch (Exception e) {
  1347.       log4j.error(e.getMessage(), e);
  1348.       throw new ServletException(e.getMessage());
  1349.     }
  1350.  
  1351.     // Generating and saving file
  1352.     super.renderFO(strFo, out);
  1353.  
  1354.     try {
  1355.       printPagePopUpDownload(response.getOutputStream(), fileName);
  1356.     } catch (IOException e) {
  1357.       try {
  1358.         FileUtility f = new FileUtility(globalParameters.strFTPDirectory, fileName, false, true);
  1359.         if (f.exists())
  1360.           f.deleteFile();
  1361.       } catch (IOException ioex) {
  1362.         log4j.error("Error trying to delete temporary report file " + fileName + " : "
  1363.             + ioex.getMessage());
  1364.       }
  1365.     }
  1366.   }
  1367.  
  1368.   /**
  1369.    * Forwards request to the referrer servlet to perform operations like "auto-save" Note: The
  1370.    * referrer servlet should have a hidden input field with mappingName (e.g.
  1371.    * /PurchaOrder/Header_Edition.html) to be able to get a RequestDispatcher
  1372.    *
  1373.    * @param request
  1374.    * @param response
  1375.    * @throws IOException
  1376.    * @throws ServletException
  1377.    */
  1378.   private boolean forwardRequest(HttpServletRequest request, HttpServletResponse response)
  1379.       throws IOException, ServletException {
  1380.     final String forwardTo = request.getParameter("mappingName");
  1381.     final String autoSave = request.getParameter("autosave");
  1382.     final String commandType = request.getParameter("inpCommandType");
  1383.     final Boolean popupWindow = request.getAttribute("popupWindow") != null ? (Boolean) request
  1384.         .getAttribute("popupWindow") : false;
  1385.  
  1386.     // Forwarding request to save the modified record
  1387.     if (autoSave != null && autoSave.equalsIgnoreCase("Y")) {
  1388.       if (forwardTo != null && !forwardTo.equals("")) {
  1389.         final RequestDispatcher rd = getServletContext().getRequestDispatcher(forwardTo);
  1390.         if (rd != null) {
  1391.           final long time = System.currentTimeMillis();
  1392.           try {
  1393.             if (log4j.isDebugEnabled())
  1394.               log4j.debug("forward request to: " + forwardTo);
  1395.             rd.include(request, response);
  1396.             if (log4j.isDebugEnabled())
  1397.               log4j.debug("Request forward took: "
  1398.                   + String.valueOf(System.currentTimeMillis() - time) + " ms");
  1399.           } catch (final OBException e) {
  1400.  
  1401.             request.removeAttribute("autosave");
  1402.             request.removeAttribute("popupWindow");
  1403.  
  1404.             final VariablesSecureApp vars = new VariablesSecureApp(request);
  1405.             final String strTabId = vars.getStringParameter("inpTabId");
  1406.             if (!vars.getSessionValue(strTabId + "|concurrentSave").equals("true")) {
  1407.               vars.setSessionObject(strTabId + "|failedAutosave", true);
  1408.             }
  1409.  
  1410.             if (!popupWindow) {
  1411.               vars.setSessionValue(strTabId + "|requestURL", request.getRequestURL().toString());
  1412.               response.sendRedirect(strDireccion + forwardTo + "?Command="
  1413.                   + (commandType != null ? commandType : "NEW"));
  1414.             } else { // close pop-up
  1415.               printPageClosePopUpAndRefresh(response, vars);
  1416.             }
  1417.             return false;
  1418.           }
  1419.         }
  1420.       }
  1421.     }
  1422.     request.removeAttribute("autosave");
  1423.     request.removeAttribute("popupWindow");
  1424.     return true;
  1425.   }
  1426.  
  1427.   @Override
  1428.   public String getServletInfo() {
  1429.     return "This servlet add some functions (autentication, privileges, application menu, ...) over HttpBaseServlet";
  1430.   }
  1431. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!