[cvs] expresso commit by mtraum: protect against NPE and add functionality to

JCorporate Ltd jcorp at jcorporate.com
Thu Feb 10 17:52:28 UTC 2005 

Log Message:
-----------
protect against NPE and add functionality to redirect to original url after login

Modified Files:
--------------
    expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/ext/taglib:
        RestrictAccessTag.java

Revision Data
-------------
Index: RestrictAccessTag.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/ext/taglib/RestrictAccessTag.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/ext/taglib/RestrictAccessTag.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/ext/taglib/RestrictAccessTag.java -u -r1.14 -r1.15
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/ext/taglib/RestrictAccessTag.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/ext/taglib/RestrictAccessTag.java
@@ -64,22 +64,27 @@
 
 package com.jcorporate.expresso.ext.taglib;
 
-import com.jcorporate.expresso.core.db.DBException;
-import com.jcorporate.expresso.core.misc.CurrentLogin;
-import com.jcorporate.expresso.core.misc.SerializableString;
-import com.jcorporate.expresso.core.misc.StringUtil;
-import com.jcorporate.expresso.core.security.User;
-import org.apache.log4j.Logger;
-
-import javax.servlet.ServletException;
-import javax.servlet.jsp.JspTagException;
-import javax.servlet.jsp.tagext.TagSupport;
 import java.io.IOException;
 import java.util.Hashtable;
 import java.util.Iterator;
 import java.util.List;
 import java.util.StringTokenizer;
 
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.jsp.JspTagException;
+import javax.servlet.jsp.tagext.TagSupport;
+
+import org.apache.log4j.Logger;
+
+import com.jcorporate.expresso.core.ExpressoConstants;
+import com.jcorporate.expresso.core.db.DBException;
+import com.jcorporate.expresso.core.jsdkapi.GenericSession;
+import com.jcorporate.expresso.core.misc.CurrentLogin;
+import com.jcorporate.expresso.core.misc.SerializableString;
+import com.jcorporate.expresso.core.misc.StringUtil;
+import com.jcorporate.expresso.core.security.User;
+
 
 /**
  * Restrict Access Tag - To easily restrict JSP page access.
@@ -196,14 +201,16 @@
 //        String userName = StringUtil.notNull((SerializableString)pageContext.getSession().getAttribute(
 //                                                     "UserName"));
         CurrentLogin myLogin = (CurrentLogin) pageContext.getSession().getAttribute(CurrentLogin.LOGIN_KEY);
+        if (myLogin == null) {
+            denyAccess();
+            return SKIP_PAGE;
+        }
+        
         String userName = null;
         String db = null;
-        if (myLogin != null) {
-            userName = StringUtil.notNull(myLogin.getUserName());
-            db = StringUtil.notNull(myLogin.getDBName());
-
+        userName = StringUtil.notNull(myLogin.getUserName());
+        db = StringUtil.notNull(myLogin.getDBName());
 
-        }
 
         //Will be "" if there is no cookie or session se up.
         if (userName == null || userName.length() == 0) {
@@ -279,6 +286,10 @@
 
     protected void denyAccess()
             throws javax.servlet.jsp.JspTagException {
+        // store the original url in the session so we can redirect there after login
+        HttpServletRequest hreq = (HttpServletRequest)pageContext.getRequest();
+        addRequestedURLtoSession(hreq);
+        
         String userName = StringUtil.notNull((SerializableString) pageContext.getSession().getAttribute("UserName"));
         String db = StringUtil.notNull((SerializableString) pageContext.getSession().getAttribute("db"));
 
@@ -300,5 +311,39 @@
                 throw new JspTagException(e.getMessage());
             }
         }
+    }
+    
+
+    /**
+     * Stash the original URL that we asked for in the session, so that if we
+     * log in and want to try again, it's available
+     * 
+     * @param req the HttpServletRequest
+     * @param creq the ControllerRequest
+     * 
+     * @throws javax.servlet.jsp.JspTagException on error retrieving session
+     */
+    protected void addRequestedURLtoSession(HttpServletRequest hreq) throws javax.servlet.jsp.JspTagException {
+        String origUrl = getRequestURL(hreq);
+        try {
+            GenericSession.setAttribute(hreq, ExpressoConstants.CONTROLLER_ORIGINAL_URL_KEY, origUrl);
+        }
+        catch (ServletException e) {
+            throw new JspTagException(e.getMessage());
+        }
+    }
+
+    /**
+     * recreate requested URL; never null, though could be empty string
+     * 
+     * @param req the HttpServletRequest
+     */
+    protected String getRequestURL(HttpServletRequest req) {
+        String origUrl = StringUtil.notNull(req.getRequestURI());
+
+        if (req.getQueryString() != null) {
+            origUrl = origUrl + "?" + req.getQueryString();
+        }
+        return origUrl;
     }
 }

More information about the cvs mailing list