下面列出了javax.servlet.http.HttpServletResponse#SC_FORBIDDEN 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@EntityCustomAction(action = "presencetotals", viewKey = EntityView.VIEW_LIST)
public Map<String, SitePresenceTotal> handlePresenceTotals(EntityView view, Map<String, Object> params) {
String userId = developerHelperService.getCurrentUserId();
if (userId == null || userId.length() <= 0) {
throw new EntityException("You must be logged in to list the reports", "", HttpServletResponse.SC_FORBIDDEN);
}
String siteId = view.getPathSegment(2);
if (siteId == null || siteId.length() <= 0) {
throw new EntityException("The totals request must include the site id", "", HttpServletResponse.SC_BAD_REQUEST);
}
if (log.isDebugEnabled()) {
log.debug("SITE ID:" + siteId);
}
if (!developerHelperService.isUserAllowedInEntityReference("/user/" + userId, "sitestats.view", "/site/" + siteId)) {
throw new EntityException("You don't have access to sitestats in this site", "", HttpServletResponse.SC_FORBIDDEN);
}
return statsManager.getPresenceTotalsForSite(siteId);
}
private void setNotAuthorized(HttpServletRequest req, HttpServletResponse resp, String resourceURL) throws IOException {
String versionString = req.getHeader("Orion-Version"); //$NON-NLS-1$
Version version = versionString == null ? null : new Version(versionString);
// TODO: This is a workaround for calls
// that does not include the WebEclipse version header
String xRequestedWith = req.getHeader("X-Requested-With"); //$NON-NLS-1$
String msg = "You are not authorized to access " + resourceURL;
resp.setHeader("Cache-Control", "no-cache"); //$NON-NLS-1$ //$NON-NLS-2$
if (version == null && !"XMLHttpRequest".equals(xRequestedWith)) { //$NON-NLS-1$
resp.sendError(HttpServletResponse.SC_FORBIDDEN, msg);
} else {
resp.setContentType(ProtocolConstants.CONTENT_TYPE_JSON);
ServerStatus serverStatus = new ServerStatus(IStatus.ERROR, HttpServletResponse.SC_FORBIDDEN, EncodingUtils.encodeForHTML(msg), null);
resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
resp.getWriter().print(serverStatus.toJSON().toString());
}
}
/**
* Lists the available reports
*/
@EntityCustomAction(action = "listreports", viewKey = EntityView.VIEW_LIST)
public List<StrippedReportDef> handleListReports(EntityView view, Map<String, Object> params) {
String userId = developerHelperService.getCurrentUserId();
if (userId == null || userId.length() <= 0) {
throw new EntityException("You must be logged in to list the reports", "", HttpServletResponse.SC_FORBIDDEN);
}
String siteId = view.getPathSegment(2);
if (siteId == null || siteId.length() <= 0) {
throw new EntityException("The reports request must include the site id", "", HttpServletResponse.SC_BAD_REQUEST);
}
if (log.isDebugEnabled()) {
log.debug("SITE ID:" + siteId);
}
if (!developerHelperService.isUserAllowedInEntityReference("/user/" + userId, "sitestats.view", "/site/" + siteId)) {
throw new EntityException("You don't have access to sitestats in this site", "", HttpServletResponse.SC_FORBIDDEN);
}
List<StrippedReportDef> stripped = new ArrayList<StrippedReportDef>();
for (ReportDef rd : reportManager.getReportDefinitions(siteId, true, false)) {
stripped.add(new StrippedReportDef(rd));
}
return stripped;
}
private String generateErrorInfo(int statusCode) {
if (statusCode == HttpServletResponse.SC_OK) {
return "";
} else if (statusCode == HttpServletResponse.SC_NOT_FOUND) {
return "未能找到配置文件";
} else if (statusCode == HttpServletResponse.SC_FORBIDDEN) {
return "无访问权限";
} else if (statusCode == HttpServletResponse.SC_INTERNAL_SERVER_ERROR) {
return "系统异常";
} else {
return "返回状态码为 " + statusCode;
}
}
private Object[] doAppChecks(App app, HttpServletRequest request) {
if (app == null) {
return new Object[]{HttpServletResponse.SC_NOT_FOUND, "App not found."};
}
if (!app.getActive()) {
return new Object[]{HttpServletResponse.SC_FORBIDDEN,
Utils.formatMessage("App not active. [{0}]", app.getId())};
}
if (app.getReadOnly() && isWriteRequest(request)) {
return new Object[]{HttpServletResponse.SC_FORBIDDEN,
Utils.formatMessage("App is in read-only mode. [{0}]", app.getId())};
}
return null;
}
private ServerStatus canAccess(IPath contentPath) throws CoreException {
String accessLocation = "/file/" + contentPath.toString(); //$NON-NLS-1$
if (contentPath.segmentCount() < 1)
return new ServerStatus(IStatus.ERROR, HttpServletResponse.SC_FORBIDDEN, "Forbidden access to application contents", null);
if (!AuthorizationService.checkRights(userId, accessLocation, "GET")) //$NON-NLS-1$
return new ServerStatus(IStatus.ERROR, HttpServletResponse.SC_FORBIDDEN, "Forbidden access to application contents", null);
else
return new ServerStatus(Status.OK_STATUS, HttpServletResponse.SC_OK);
}
@Override
protected void doFilter(FilterChain filterChain, HttpServletRequest request,
HttpServletResponse response) throws IOException, ServletException {
String userName = request.getRemoteUser();
LOG.debug("Authenticating user: " + userName + " from request.");
if (!allowUsers.contains(userName)) {
response.sendError(HttpServletResponse.SC_FORBIDDEN,
"Unauthorized user status code: " + HttpServletResponse.SC_FORBIDDEN);
throw new ServletException(userName + " is unauthorized. status code: " + HttpServletResponse.SC_FORBIDDEN);
}
super.doFilter(filterChain, request, response);
}
private void validateStatusCode(SimpleHttpResponse httpResponse) throws InvalidResponseException {
final int statusCode = httpResponse.getResponseCode();
final String statusLine = httpResponse.getResponseMessage();
if (statusCode == HttpServletResponse.SC_OK) {
return;
}
if (statusCode == HttpServletResponse.SC_CREATED) {
return;
}
String errMessage;
switch (statusCode) {
case HttpServletResponse.SC_NOT_FOUND:
errMessage = String.format("Requesting path [%s] was not found.", httpResponse.getRequestPath());
break;
case HttpServletResponse.SC_UNAUTHORIZED:
errMessage = String.format("Missing or incorrect credentials for path [%s].", httpResponse.getRequestPath());
break;
case HttpServletResponse.SC_FORBIDDEN:
errMessage = String.format("Unauthorized request to path [%s].", httpResponse.getRequestPath());
break;
default:
errMessage = String.format("Requesting path [%s] returns unexpected response.", httpResponse.getRequestPath());
}
errMessage += String.format(" Service returned [%d] [%s].", statusCode, statusLine);
throw new InvalidResponseException(errMessage);
}
/**
* Determine if the request is relative to a video widget.
*
* @param request the servlet request
* @return true if the request is relative to a video widget
*/
boolean proxyingVideoWidget(HttpServletRequest request) {
try {
String sitemapName = request.getParameter("sitemap");
if (sitemapName == null) {
throw new ProxyServletException(HttpServletResponse.SC_BAD_REQUEST,
"Parameter 'sitemap' must be provided!");
}
String widgetId = request.getParameter("widgetId");
if (widgetId == null) {
throw new ProxyServletException(HttpServletResponse.SC_BAD_REQUEST,
"Parameter 'widgetId' must be provided!");
}
Sitemap sitemap = (Sitemap) modelRepository.getModel(sitemapName);
if (sitemap == null) {
throw new ProxyServletException(HttpServletResponse.SC_NOT_FOUND,
String.format("Sitemap '%s' could not be found!", sitemapName));
}
Widget widget = itemUIRegistry.getWidget(sitemap, widgetId);
if (widget == null) {
throw new ProxyServletException(HttpServletResponse.SC_NOT_FOUND,
String.format("Widget '%s' could not be found!", widgetId));
}
if (widget instanceof Image) {
return false;
} else if (widget instanceof Video) {
return true;
} else {
throw new ProxyServletException(HttpServletResponse.SC_FORBIDDEN,
String.format("Widget type '%s' is not supported!", widget.getClass().getName()));
}
} catch (ProxyServletException pse) {
request.setAttribute(ATTR_SERVLET_EXCEPTION, pse);
return false;
}
}
@Override
protected Map<String, Object> executeImpl(final WebScriptRequest req, Status status, Cache cache)
{
if (! isEnabled())
{
throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "QuickShare is disabled system-wide");
}
// create map of params (template vars)
Map<String, String> params = req.getServiceMatch().getTemplateVars();
final String sharedId = params.get("shared_id");
if (sharedId == null)
{
throw new WebScriptException(HttpServletResponse.SC_BAD_REQUEST, "A valid sharedId must be specified !");
}
try
{
boolean canRead = quickShareService.canRead(sharedId);
Map<String, Object> result = new HashMap<String, Object>();
result.put("canRead", canRead);
return result;
}
catch (InvalidSharedIdException ex)
{
logger.error("Unable to find: "+sharedId);
throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: "+sharedId);
}
catch (InvalidNodeRefException inre)
{
logger.error("Unable to find: "+sharedId+" ["+inre.getNodeRef()+"]");
throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: "+sharedId);
}
}
protected ParticipantId getLoggedInUser(HttpServletRequest req) throws ServiceException {
ParticipantId pid = sessionManager.getLoggedInUser(req);
if (pid == null) {
throw new ServiceException("Can't retrieve logged in user", HttpServletResponse.SC_FORBIDDEN, RC_ACCOUNT_NOT_LOGGED_IN);
}
return pid;
}
protected Map<String, Object> login(final String username, String password)
{
try
{
// get ticket
authenticationService.authenticate(username, password.toCharArray());
eventPublisher.publishEvent(new EventPreparator(){
@Override
public Event prepareEvent(String user, String networkId, String transactionId)
{
// TODO need to fix up to pass correct seqNo and alfrescoClientId
return new RepositoryEventImpl(-1l, "login", transactionId, networkId, new Date().getTime(),
username, null);
}
});
// add ticket to model for javascript and template access
Map<String, Object> model = new HashMap<String, Object>(7, 1.0f);
model.put("username", username);
model.put("ticket", authenticationService.getCurrentTicket());
return model;
}
catch(AuthenticationException e)
{
throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "Login failed");
}
finally
{
AuthenticationUtil.clearCurrentSecurityContext();
}
}
/**
* Determine if the request is relative to a video widget.
*
* @param request the servlet request
* @return true if the request is relative to a video widget
*/
boolean proxyingVideoWidget(HttpServletRequest request) {
boolean proxyingVideo = false;
try {
String sitemapName = request.getParameter("sitemap");
if (sitemapName == null) {
throw new ProxyServletException(HttpServletResponse.SC_BAD_REQUEST,
"Parameter 'sitemap' must be provided!");
}
String widgetId = request.getParameter("widgetId");
if (widgetId == null) {
throw new ProxyServletException(HttpServletResponse.SC_BAD_REQUEST,
"Parameter 'widgetId' must be provided!");
}
Sitemap sitemap = (Sitemap) modelRepository.getModel(sitemapName);
if (sitemap == null) {
throw new ProxyServletException(HttpServletResponse.SC_NOT_FOUND,
String.format("Sitemap '%s' could not be found!", sitemapName));
}
Widget widget = itemUIRegistry.getWidget(sitemap, widgetId);
if (widget == null) {
throw new ProxyServletException(HttpServletResponse.SC_NOT_FOUND,
String.format("Widget '%s' could not be found!", widgetId));
}
if (widget instanceof Image) {
} else if (widget instanceof Video) {
proxyingVideo = true;
} else {
throw new ProxyServletException(HttpServletResponse.SC_FORBIDDEN,
String.format("Widget type '%s' is not supported!", widget.getClass().getName()));
}
} catch (ProxyServletException pse) {
request.setAttribute(ATTR_SERVLET_EXCEPTION, pse);
}
return proxyingVideo;
}
@Override
public int setErrorParameter(BeforeEnterEvent event, ErrorParameter<AccessDeniedException> parameter) {
getElement().setText(ERROR_MESSAGE);
return HttpServletResponse.SC_FORBIDDEN;
}
@EntityCustomAction(action = "setGrade", viewKey = EntityView.VIEW_NEW)
public ActionReturn setGrade(Map<String, Object> params) {
String userId = sessionManager.getCurrentSessionUserId();
if (StringUtils.isBlank(userId)) {
log.warn("setGrade attempt when not logged in");
throw new EntityException("You need to be logged in to set grades", "", HttpServletResponse.SC_UNAUTHORIZED);
}
String courseId = (String) params.get("courseId");
String gradableId = (String) params.get("gradableId");
String grade = (String) params.get("grade");
String studentId = (String) params.get("studentId");
String submissionId = (String) params.get("submissionId");
if (StringUtils.isBlank(courseId) || StringUtils.isBlank(gradableId)
|| grade == null || StringUtils.isBlank(studentId) || StringUtils.isBlank(submissionId)) {
throw new EntityException("You need to supply the courseId, gradableId, studentId and grade", "", HttpServletResponse.SC_BAD_REQUEST);
}
AssignmentSubmission submission = null;
try {
submission = assignmentService.getSubmission(submissionId);
} catch (IdUnusedException iue) {
throw new EntityException("submissionId not found.", "", HttpServletResponse.SC_BAD_REQUEST);
} catch (PermissionException pe) {
throw new EntityException("You don't have permissions read submission " + submissionId, "", HttpServletResponse.SC_FORBIDDEN);
}
String privateNotes = (String) params.get("privateNotes");
String feedbackText = (String) params.get("feedbackText");
String feedbackComment = (String) params.get("feedbackComment");
String gradeOption = (String) params.get("gradeOption");
gradeOption = StringUtils.isBlank(gradeOption) ? SUBMISSION_OPTION_SAVE : gradeOption;
String resubmitNumber = (String) params.get("resubmitNumber");
String resubmitDate = (String) params.get("resubmitDate");
List<String> alerts = new ArrayList<>();
Assignment assignment = submission.getAssignment();
if (assignment.getTypeOfGrade() == Assignment.GradeType.SCORE_GRADE_TYPE) {
grade = assignmentToolUtils.scalePointGrade(grade, assignment.getScaleFactor(), alerts);
} else if (assignment.getTypeOfGrade() == Assignment.GradeType.PASS_FAIL_GRADE_TYPE && grade.equals("ungraded")) {
grade = null;
}
Map<String, Object> options = new HashMap<>();
options.put(GRADE_SUBMISSION_GRADE, grade);
options.put(GRADE_SUBMISSION_FEEDBACK_TEXT, feedbackText);
options.put(GRADE_SUBMISSION_FEEDBACK_COMMENT, feedbackComment);
options.put(GRADE_SUBMISSION_PRIVATE_NOTES, privateNotes);
options.put(WITH_GRADES, true);
options.put(ALLOW_RESUBMIT_NUMBER, resubmitNumber);
if (!StringUtils.isBlank(resubmitDate)) {
options.put(ALLOW_RESUBMIT_CLOSE_EPOCH_MILLIS, resubmitDate);
}
Set<String> attachmentKeys
= params.keySet().stream().filter(k -> k.startsWith("attachment")).collect(Collectors.toSet());
final List<Reference> attachmentRefs = attachmentKeys.stream().map(k -> {
FileItem item = (FileItem) params.get(k);
try {
// make a set of properties to add for the new resource
ResourcePropertiesEdit props = contentHostingService.newResourceProperties();
props.addProperty(ResourceProperties.PROP_DISPLAY_NAME, item.getName());
props.addProperty(ResourceProperties.PROP_DESCRIPTION, item.getName());
ContentResource cr = contentHostingService.addAttachmentResource(item.getName(),
courseId, "Assignments", item.getContentType(), item.getInputStream(), props);
return entityManager.newReference(cr.getReference());
} catch (Exception e) {
throw new EntityException("Error while storing attachments", "", HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}).collect(Collectors.toList());
options.put(GRADE_SUBMISSION_FEEDBACK_ATTACHMENT, attachmentRefs);
options.put(GRADE_SUBMISSION_DONT_CLEAR_CURRENT_ATTACHMENTS, Boolean.TRUE);
// Add any rubrics params
params.keySet().stream().filter(k -> k.startsWith(RubricsConstants.RBCS_PREFIX)).forEach(k -> options.put(k, params.get(k)));
options.put("siteId", (String) params.get("siteId"));
submission = assignmentToolUtils.gradeSubmission(submission, gradeOption, options, alerts);
boolean anonymousGrading = assignmentService.assignmentUsesAnonymousGrading(assignment);
if (submission != null) {
return new ActionReturn(new SimpleSubmission(submission, anonymousGrading));
} else {
throw new EntityException("Failed to set grade on " + submissionId, "", HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
@EntityCustomAction(action = "grades", viewKey = EntityView.VIEW_LIST)
public ActionReturn getGrades(Map<String, Object> params) {
String userId = sessionManager.getCurrentSessionUserId();
if (StringUtils.isBlank(userId)) {
log.warn("getGrades attempt when not logged in");
throw new EntityException("You need to be logged in to get grades", "", HttpServletResponse.SC_UNAUTHORIZED);
}
String courseId = (String) params.get("courseId");
String gradableId = (String) params.get("gradableId");
if (StringUtils.isBlank(courseId) || StringUtils.isBlank(gradableId)) {
throw new EntityException("You need to supply a courseId and a gradableId", "", HttpServletResponse.SC_BAD_REQUEST);
}
Site site = null;
try {
site = siteService.getSite(courseId);
} catch (IdUnusedException iue) {
throw new EntityException("The courseId (site id) you supplied is invalid", "", HttpServletResponse.SC_BAD_REQUEST);
}
if (!securityService.unlock(userId, SECURE_GRADE_ASSIGNMENT_SUBMISSION, "/site/" + courseId)) {
throw new EntityException("You don't have permission to get grades", "", HttpServletResponse.SC_FORBIDDEN);
}
Assignment assignment;
try {
assignment = assignmentService.getAssignment(gradableId);
} catch (IdUnusedException idue) {
throw new EntityException("No gradable for id " + gradableId, "", HttpServletResponse.SC_BAD_REQUEST);
} catch (PermissionException pe) {
throw new EntityException("You don't have permission to read the assignment", "", HttpServletResponse.SC_FORBIDDEN);
}
// A map of submissionId -> grade
Map<String, String> grades = assignment.getSubmissions().stream().collect(Collectors.toMap(s -> s.getId(), s -> {
Set<AssignmentSubmissionSubmitter> submitters = s.getSubmitters();
if (submitters.size() > 0) {
if (assignment.getTypeOfGrade() == Assignment.GradeType.PASS_FAIL_GRADE_TYPE) {
return s.getGrade() == null ? "ungraded" : s.getGrade();
} else {
return assignmentService.getGradeDisplay(s.getGrade(), assignment.getTypeOfGrade(), assignment.getScaleFactor());
}
} else {
return "";
}
}));
Map<String, GraderUser> students = new HashMap<>();
try {
for (String studentId : site.getUsersIsAllowed(SECURE_ADD_ASSIGNMENT_SUBMISSION)) {
students.put(studentId, new GraderUser(userDirectoryService.getUser(studentId)));
}
} catch (UserNotDefinedException e) {
throw new EntityException("Failed to setup user", courseId);
}
Map<String, Object> data = new HashMap<>();
data.put("students", students);
data.put("grades", grades);
return new ActionReturn(data);
}
protected void checkAnySession(HttpServletRequest req) throws ServiceException {
if (sessionManager.listLoggedInUsers(req).isEmpty())
throw new ServiceException("No active sessions found in the browser", HttpServletResponse.SC_FORBIDDEN, RC_ACCOUNT_NOT_LOGGED_IN);
}
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
{
if (! isEnabled())
{
throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "QuickShare is disabled system-wide");
}
// create map of params (template vars)
Map<String, String> params = req.getServiceMatch().getTemplateVars();
final String sharedId = params.get("shared_id");
if (sharedId == null)
{
throw new WebScriptException(HttpServletResponse.SC_BAD_REQUEST, "A valid sharedId must be specified !");
}
try
{
Pair<String, NodeRef> pair = quickShareService.getTenantNodeRefFromSharedId(sharedId);
final String tenantDomain = pair.getFirst();
final NodeRef nodeRef = pair.getSecond();
String siteId = siteService.getSiteShortName(nodeRef);
Map<String, Object> model = new HashMap<String, Object>(3);
model.put("sharedId", sharedId);
model.put("nodeRef", nodeRef.toString());
model.put("siteId", siteId);
model.put("tenantDomain", tenantDomain);
if (logger.isInfoEnabled())
{
logger.info("QuickShare - get shared context: "+sharedId+" ["+model+"]");
}
return model;
}
catch (InvalidNodeRefException inre)
{
logger.error("Unable to find: "+sharedId+" ["+inre.getNodeRef()+"]");
throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: "+sharedId);
}
}
private static RestException fromStatusRuntimeException(StatusRuntimeException e) {
int statusCode;
switch (e.getStatus().getCode()) {
case OK:
statusCode = HttpServletResponse.SC_OK;
break;
case INVALID_ARGUMENT:
statusCode = HttpServletResponse.SC_BAD_REQUEST;
break;
case DEADLINE_EXCEEDED:
statusCode = HttpServletResponse.SC_REQUEST_TIMEOUT;
break;
case NOT_FOUND:
statusCode = HttpServletResponse.SC_NOT_FOUND;
break;
case ALREADY_EXISTS:
statusCode = HttpServletResponse.SC_CONFLICT;
break;
case PERMISSION_DENIED:
statusCode = HttpServletResponse.SC_FORBIDDEN;
break;
case RESOURCE_EXHAUSTED:
statusCode = TOO_MANY_REQUESTS;
break;
case FAILED_PRECONDITION:
statusCode = HttpServletResponse.SC_CONFLICT;
break;
case UNIMPLEMENTED:
statusCode = HttpServletResponse.SC_NOT_IMPLEMENTED;
break;
case UNAVAILABLE:
statusCode = HttpServletResponse.SC_SERVICE_UNAVAILABLE;
break;
case UNAUTHENTICATED:
statusCode = HttpServletResponse.SC_UNAUTHORIZED;
break;
default:
statusCode = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
}
return RestException.newBuilder(statusCode, e.getMessage())
.withCause(e)
.build();
}
public PatchOnFinalUploadNotAllowedException(String message) {
super(HttpServletResponse.SC_FORBIDDEN, message);
}