1 32 33 package com.knowgate.http; 34 35 import java.lang.reflect.InvocationTargetException ; 36 37 import java.io.IOException ; 38 39 import java.util.Properties ; 40 import java.util.Enumeration ; 41 import java.util.HashMap ; 42 43 import java.text.SimpleDateFormat ; 44 import java.text.ParseException ; 45 46 import java.sql.SQLException ; 47 48 import javax.servlet.*; 49 import javax.servlet.http.*; 50 51 import com.knowgate.debug.DebugFile; 52 import com.knowgate.debug.StackTraceUtil; 53 import com.knowgate.jdc.JDCConnection; 54 import com.knowgate.dataobjs.DB; 55 import com.knowgate.dataobjs.DBBind; 56 import com.knowgate.dataobjs.DBColumn; 57 import com.knowgate.dataobjs.DBPersist; 58 import com.knowgate.dataobjs.DBSubset; 59 import com.knowgate.misc.Environment; 60 import com.knowgate.misc.Gadgets; 61 import com.knowgate.acl.ACL; 62 import com.knowgate.acl.ACLUser; 63 import com.knowgate.workareas.WorkArea; 64 65 69 70 public class HttpDataObjsServlet extends HttpServlet { 71 72 private static HashMap oBindings; 73 private static HashMap oWorkAreas; 74 75 public HttpDataObjsServlet() { 76 oBindings = new HashMap (); 77 oWorkAreas = new HashMap (); 78 79 } 80 81 83 private static synchronized boolean isUserAllowed(JDCConnection oCon, String sUser, String sWrkA) 84 throws SQLException { 85 86 if (DebugFile.trace) { 87 DebugFile.writeln("Begin HttpDataObjsServlet.isUserAllowed("+sUser+","+sWrkA+")"); 88 DebugFile.incIdent(); 89 } 90 91 HashMap oUserMap = (HashMap ) oWorkAreas.get(sWrkA); 92 if (null==oUserMap) { 93 oUserMap = new HashMap (); 94 oWorkAreas.put(sWrkA, oUserMap); 95 } 96 Boolean oAllowed = (Boolean ) oUserMap.get(sUser); 97 if (null==oAllowed) { 98 oAllowed = new Boolean (WorkArea.isAdmin(oCon, sWrkA, sUser) || 99 WorkArea.isPowerUser(oCon, sWrkA, sUser) || 100 WorkArea.isUser(oCon, sWrkA, sUser)); 101 oUserMap.put(sUser, oAllowed); 102 } 103 104 if (DebugFile.trace) { 105 DebugFile.decIdent(); 106 DebugFile.writeln("End HttpDataObjsServlet.isUserAllowed() : " + 107 String.valueOf(oAllowed.booleanValue())); 108 } 109 110 return oAllowed.booleanValue(); 111 } 113 115 public void doGet(HttpServletRequest request, HttpServletResponse response) 116 throws IOException , ServletException { 117 118 String sCmd = request.getParameter("command"); 119 120 if (sCmd.equalsIgnoreCase("update")) { 121 response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "Command " + sCmd + " only allowed for POST method"); 122 return; 123 } 124 125 if (!sCmd.equalsIgnoreCase("ping") && !sCmd.equalsIgnoreCase("query")) { 126 response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "Command " + sCmd + " not recognized"); 127 return; 128 } 129 130 if (sCmd.equalsIgnoreCase("ping")) { 131 response.setContentType("text/plain"); 132 response.getOutputStream().print("HttpDataObjsServlet ping OK"); 133 } else if (sCmd.equalsIgnoreCase("query")){ 134 doPost(request, response); 135 } 136 137 } 139 141 public void doPost(HttpServletRequest request, HttpServletResponse response) 142 throws IOException , ServletException { 143 144 DBBind oBnd = null; 145 JDCConnection oCon = null; 146 147 short iAuth; 148 boolean bAllowed; 149 String sDbb = request.getParameter("profile"); 150 String sUsr = request.getParameter("user"); 151 String sPwd = request.getParameter("password"); 152 String sCmd = request.getParameter("command"); 153 String sCls = request.getParameter("class"); 154 String sTbl = request.getParameter("table"); 155 String sFld = request.getParameter("fields"); 156 String sWhr = request.getParameter("where"); 157 String sMax = request.getParameter("maxrows"); 158 String sSkp = request.getParameter("skip"); 159 String sCol = request.getParameter("coldelim"); 160 String sRow = request.getParameter("rowdelim"); 161 162 if (DebugFile.trace) { 163 DebugFile.writeln("Begin HttpDataObjsServlet.doPost()"); 164 DebugFile.incIdent(); 165 } 166 167 if (null==sDbb) { 168 sDbb = "hipergate"; 169 } 170 if (null==sUsr) { 171 if (DebugFile.trace) DebugFile.decIdent(); 172 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter user is requiered"); 173 return; 174 } 175 if (null==sPwd) { 176 if (DebugFile.trace) DebugFile.decIdent(); 177 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter password is requiered"); 178 return; 179 } 180 if (null==sCmd) { 181 if (DebugFile.trace) DebugFile.decIdent(); 182 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter command is requiered"); 183 return; 184 } 185 if (null==sTbl) { 186 if (DebugFile.trace) DebugFile.decIdent(); 187 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter table is requiered"); 188 return; 189 } 190 191 Properties oEnv = Environment.getProfile(sDbb); 192 193 if (null==oEnv) { 194 if (DebugFile.trace) DebugFile.decIdent(); 195 response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE, "Databind " + sDbb + " is not available"); 196 return; 197 } 198 199 if (!sCmd.equalsIgnoreCase("ping") && !sCmd.equalsIgnoreCase("query") && !sCmd.equalsIgnoreCase("update")) { 200 if (DebugFile.trace) DebugFile.decIdent(); 201 response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "Command " + sCmd + " not recognized"); 202 return; 203 } 204 205 if (sCmd.equalsIgnoreCase("ping")) { 206 response.setContentType("text/plain"); 207 response.getOutputStream().print("HttpDataObjsServlet ping OK"); 208 if (DebugFile.trace) { 209 DebugFile.decIdent(); 210 DebugFile.writeln("End HttpDataObjsServlet.doPost()"); 211 } 212 return; 213 } 214 215 if (oBindings.containsKey(sDbb)) { 216 oBnd = (DBBind) oBindings.get(sDbb); 217 } else { 218 oBnd = new DBBind(sDbb); 219 oBindings.put(sDbb, oBnd); 220 } 221 222 if (sCmd.equalsIgnoreCase("query")) { 223 int iMax; 224 if (null==sMax) 225 iMax = 500; 226 else 227 iMax = Integer.parseInt(sMax); 228 int iSkp; 229 if (null==sSkp) 230 iSkp = 0; 231 else 232 iSkp = Integer.parseInt(sSkp); 233 DBSubset oDbs = new DBSubset (sTbl, sFld, sWhr, iMax); 234 if (null!=sRow) oDbs.setRowDelimiter(sRow); 235 if (null!=sCol) oDbs.setColumnDelimiter(sCol); 236 oDbs.setMaxRows(iMax); 237 try { 238 oCon = oBnd.getConnection("HttpDataObjsServlet"); 239 if (null==oCon) { 240 if (DebugFile.trace) DebugFile.decIdent(); 241 throw new ServletException("ERROR Unable to get database connection from pool "+sDbb); 242 } 243 if (Gadgets.checkEMail(sUsr)) { 244 sUsr = ACLUser.getIdFromEmail(oCon, sUsr); 245 if (null==sUsr) 246 iAuth = ACL.USER_NOT_FOUND; 247 else 248 iAuth = ACL.autenticate(oCon, sUsr, sPwd, ACL.PWD_CLEAR_TEXT); 249 } else { 250 iAuth = ACL.autenticate(oCon, sUsr, sPwd, ACL.PWD_CLEAR_TEXT); 251 } 252 switch (iAuth) { 253 case ACL.ACCOUNT_CANCELLED: 254 response.sendError(HttpServletResponse.SC_FORBIDDEN, "Account cancelled"); 255 break; 256 case ACL.ACCOUNT_DEACTIVATED: 257 response.sendError(HttpServletResponse.SC_FORBIDDEN, "Account deactivated"); 258 break; 259 case ACL.INVALID_PASSWORD: 260 response.sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid password"); 261 break; 262 case ACL.PASSWORD_EXPIRED: 263 response.sendError(HttpServletResponse.SC_FORBIDDEN, "Password expired"); 264 break; 265 case ACL.USER_NOT_FOUND: 266 response.sendError(HttpServletResponse.SC_FORBIDDEN, "User not found"); 267 break; 268 default: 269 oDbs.load(oCon, iSkp); 270 response.setContentType("text/plain"); 271 response.setCharacterEncoding("UTF-8"); 272 response.getOutputStream().write(oDbs.toString().getBytes("UTF-8")); 273 } 274 oCon.close("HttpDataObjsServlet"); 275 oCon = null; 276 } catch (SQLException sqle) { 277 if (null!=oCon) { 278 try { oCon.close("HttpDataObjsServlet"); } catch (Exception ignore) {} 279 oCon = null; 280 } 281 if (DebugFile.trace) DebugFile.decIdent(); 282 throw new ServletException("SQLException "+sqle.getMessage()); 283 } 284 } 285 else if (sCmd.equalsIgnoreCase("update")) { 286 if (DebugFile.trace) DebugFile.writeln("command is update"); 287 Enumeration oParamNames = request.getParameterNames(); 288 DBPersist oDbp; 289 Class oCls; 290 if (null==sCls) { 291 oDbp = new DBPersist(sTbl, "DBPersist"); 292 try { 293 oCls = Class.forName("com.knowgate.dataobjs.DBPersist"); 294 } catch (ClassNotFoundException neverthrown) { oCls=null; } 295 } else { 296 try { 297 oCls = Class.forName(sCls); 298 oDbp = (DBPersist) oCls.newInstance(); 299 } catch (ClassNotFoundException nfe) { 300 if (DebugFile.trace) DebugFile.decIdent(); 301 throw new ServletException("ClassCastException "+nfe.getMessage()+" "+sCls); 302 } catch (InstantiationException ine) { 303 if (DebugFile.trace) DebugFile.decIdent(); 304 throw new ServletException("ClassCastException "+ine.getMessage()+" "+sCls); 305 } catch (IllegalAccessException iae) { 306 if (DebugFile.trace) DebugFile.decIdent(); 307 throw new ServletException("ClassCastException "+iae.getMessage()+" "+sCls); 308 } catch (ClassCastException cce) { 309 if (DebugFile.trace) DebugFile.decIdent(); 310 throw new ServletException("ClassCastException "+cce.getMessage()+" "+sCls); 311 } 312 } 313 if (DebugFile.trace) DebugFile.writeln("class "+oDbp.getClass().getName()+" instantiated"); 314 while (oParamNames.hasMoreElements()) { 315 String sKey = (String ) oParamNames.nextElement(); 316 if (DebugFile.trace) DebugFile.writeln("reading parameter "+sKey); 317 sKey = sKey.trim(); 318 int iSpc = sKey.indexOf(' '); 319 if (iSpc>0) { 320 String sKeyName = sKey.substring(0, iSpc); 321 iSpc++; 322 if (iSpc<sKey.length()-1) { 323 String sSQLType = sKey.substring(iSpc); 324 if (DebugFile.trace) DebugFile.writeln("sqltype is "+sSQLType); 325 if (sSQLType.toUpperCase().startsWith("DATE") || sSQLType.toUpperCase().startsWith("DATETIME") || sSQLType.toUpperCase().startsWith("TIMESTAMP")) { 326 iSpc = sSQLType.indexOf(' '); 327 String sDtFmt = ""; 328 try { 329 if (iSpc > 0) { 330 sDtFmt = sSQLType.substring(++iSpc); 331 if (DebugFile.trace) DebugFile.writeln("date format is "+sDtFmt); 332 oDbp.put(sKeyName, request.getParameter(sKey), new SimpleDateFormat (sDtFmt)); 333 } else { 334 oDbp.put(sKeyName, request.getParameter(sKey), DBColumn.getSQLType(sSQLType)); 335 } 336 } catch (ParseException pe) { 337 if (DebugFile.trace) DebugFile.decIdent(); 338 throw new ServletException("ERROR ParseException "+sKey+"|"+sDtFmt+"|"+request.getParameter(sKey)+" "+pe.getMessage()); 339 } catch (IllegalArgumentException ia) { 340 if (DebugFile.trace) DebugFile.decIdent(); 341 throw new ServletException("ERROR IllegalArgumentException "+sKey+"|"+sDtFmt+"|"+request.getParameter(sKey)+ia.getMessage()); 342 } 343 } else { 344 try { 345 oDbp.put(sKeyName, request.getParameter(sKey), DBColumn.getSQLType(sSQLType)); 346 } catch (NumberFormatException nfe) { 347 if (DebugFile.trace) DebugFile.decIdent(); 348 throw new ServletException("ERROR NumberFormatException "+sKey+" "+" "+request.getParameter(sKey)+" "+nfe.getMessage()); 349 } 350 } 351 } else { 352 oDbp.put(sKeyName, request.getParameter(sKey)); 353 } 354 } else { 355 oDbp.put(sKey, request.getParameter(sKey)); 356 } 357 } try { 359 oCon = oBnd.getConnection("HttpDataObjsServlet"); 360 if (null==oCon) { 361 if (DebugFile.trace) DebugFile.decIdent(); 362 throw new ServletException("ERROR Unable to get database connection from pool "+sDbb); 363 } 364 if (Gadgets.checkEMail(sUsr)) { 365 sUsr = ACLUser.getIdFromEmail(oCon, sUsr); 366 if (null==sUsr) 367 iAuth = ACL.USER_NOT_FOUND; 368 else 369 iAuth = ACL.autenticate(oCon, sUsr, sPwd, ACL.PWD_CLEAR_TEXT); 370 } else { 371 iAuth = ACL.autenticate(oCon, sUsr, sPwd, ACL.PWD_CLEAR_TEXT); 372 } 373 switch (iAuth) { 374 case ACL.ACCOUNT_CANCELLED: 375 response.sendError(HttpServletResponse.SC_FORBIDDEN, "Account cancelled"); 376 break; 377 case ACL.ACCOUNT_DEACTIVATED: 378 response.sendError(HttpServletResponse.SC_FORBIDDEN, "Account deactivated"); 379 break; 380 case ACL.INVALID_PASSWORD: 381 response.sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid password"); 382 break; 383 case ACL.PASSWORD_EXPIRED: 384 response.sendError(HttpServletResponse.SC_FORBIDDEN, "Password expired"); 385 break; 386 case ACL.USER_NOT_FOUND: 387 response.sendError(HttpServletResponse.SC_FORBIDDEN, "User not found"); 388 break; 389 default: 390 if (oDbp.isNull(DB.gu_workarea)) 391 bAllowed = true; 392 else 393 bAllowed = isUserAllowed(oCon, sUsr, oDbp.getString(DB.gu_workarea)); 394 if (bAllowed) { 395 oCon.setAutoCommit(true); 396 if (null==sCls) { 397 oDbp.store(oCon); 398 } else { 399 if (DebugFile.trace) DebugFile.writeln(oCls.getName()+".getMethod(\"store\", new Class[]{Class.forName(\"com.knowgate.jdc.JDCConnection\")}).invoke(...)"); 400 oCls.getMethod("store", new Class []{Class.forName("com.knowgate.jdc.JDCConnection")}).invoke(oDbp, new Object []{oCon}); 401 } 402 response.setContentType("text/plain"); 403 response.setCharacterEncoding("UTF-8"); 404 response.getOutputStream().print("SUCCESS"); 405 } else { 406 response.sendError(HttpServletResponse.SC_FORBIDDEN, "User does not have write permissions on target WorkArea"); 407 } 408 } oCon.close("HttpDataObjsServlet"); 410 oCon = null; 411 } catch (InvocationTargetException ite) { 412 if (null!=oCon) { 413 try { oCon.close("HttpDataObjsServlet"); oCon = null; 414 } catch (Exception ignore) {} 415 } if (DebugFile.trace) DebugFile.decIdent(); 417 throw new ServletException(ite.getCause().getClass().getName()+" "+ite.getCause().getMessage()+"\n"+StackTraceUtil.getStackTrace(ite)); 418 } catch (Exception xcpt) { 419 if (null!=oCon) { 420 try { oCon.close("HttpDataObjsServlet"); oCon = null; 421 } catch (Exception ignore) {} 422 } if (DebugFile.trace) DebugFile.decIdent(); 424 throw new ServletException(xcpt.getClass().getName()+" "+xcpt.getMessage()+"\n"+StackTraceUtil.getStackTrace(xcpt)); 425 } 426 } if (DebugFile.trace) { 428 DebugFile.decIdent(); 429 DebugFile.writeln("End HttpDataObjsServlet.doPost()"); 430 } 431 } 433 } 435 | Popular Tags |