- java.lang.Object
-
- HttpServlet
-
- uk.ac.ed.epcc.webapp.servlet.WebappServlet
-
- uk.ac.ed.epcc.webapp.servlet.TransitionServlet<K,T>
-
- Type Parameters:
K- key typeT- Target type
public class TransitionServlet<K,T> extends WebappServlet
Servlet to do generic transitions. This is a central access point for transitions on servlets. TheTransitionFactoryand Target are encoded in the servlet path to give them a unique URL. Optionally other parameters like the transition-key may also be encoded there. This allows jsp pages invoked by forward to have the same URL as their target so they can omit the action attribute. This is particularly useful when using aPathTransitionProviderTransitions do their own access control so this only extendsSessionServlet
-
-
Nested Class Summary
Nested Classes Modifier and Type Class and Description static classTransitionServlet.GetIDVisitor<T,K>static classTransitionServlet.GetTargetVisitor<T,K>
-
Field Summary
Fields Modifier and Type Field and Description static FeatureMODIFY_ON_POST_ONLYThis is a security control.static java.lang.StringTARGET_ATTRIBUTEstatic PreferenceTRANSITION_ANCHORstatic java.lang.StringTRANSITION_CSRF_ATTRstatic java.lang.StringTRANSITION_KEY_ATTRstatic java.lang.StringTRANSITION_PROVIDER_ATTRstatic java.lang.StringTRANSITION_SERVLETstatic FeatureTRANSITION_TRANSACTIONSstatic java.lang.StringVIEW_TRANSITION-
Fields inherited from class uk.ac.ed.epcc.webapp.servlet.WebappServlet
ARGS, CONFIRM_NO, CONFIRM_POST_URL, CONFIRM_TYPE, CONFIRM_YES, EXTRA_HTML, MESSAGE_EXTRA_ATTR, MESSAGE_TYPE_ATTR, MESSAGES_JSP_URL, SCRIPTS_CONFIRM_JSP
-
-
Constructor Summary
Constructors Constructor and Description TransitionServlet()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method and Description static <A,B,X extends ExtendedXMLBuilder>
XaddButton(AppContext c, X hb, ChainedTransitionResult<B,A> next, java.lang.String text)static <A,B,X extends ExtendedXMLBuilder>
XaddButton(AppContext c, X hb, ChainedTransitionResult<B,A> next, java.lang.String text, java.lang.String title)static <A,B,X extends ExtendedXMLBuilder>
XaddButton(AppContext c, X hb, TransitionFactory<A,B> tp, A operation, B target, java.lang.String text)Add a button to perform the required operation on the targetstatic <A,B,X extends ExtendedXMLBuilder>
XaddButton(AppContext c, X hb, TransitionFactory<A,B> tp, A operation, B target, java.lang.String text, java.lang.String title)static <A,B,X extends ExtendedXMLBuilder>
XaddButton(AppContext c, X hb, TransitionFactory<A,B> tp, A operation, B target, java.lang.String text, java.lang.String title, boolean new_tab)static ExtendedXMLBuilderaddLink(AppContext c, ExtendedXMLBuilder hb, ChainedTransitionResult next, java.lang.String text)static ExtendedXMLBuilderaddLink(AppContext c, ExtendedXMLBuilder hb, ChainedTransitionResult next, java.lang.String text, java.lang.String hover)static <A,B,X extends ExtendedXMLBuilder>
XaddLink(AppContext c, X hb, TransitionFactory<A,B> tp, A operation, B target, java.lang.String text, java.lang.String hover, boolean new_tab)Add a link to perform the required operation on the targetbooleancheckOrigin(AppContext conn, HttpServletRequest req, HttpServletResponse res)check headers for csrf etc.voiddoPost(HttpServletRequest req, HttpServletResponse res, AppContext conn)Method that does the actual workprotected booleanenabled(AppContext conn)Extension point to allow sub-classes to enable/disable the servletstatic <A,B> java.lang.StringgetActionURL(AppContext conn, TransitionFactory<A,B> tp, B target)static java.lang.StringgetCrsfToken(AppContext conn, HttpServletRequest req)protected java.lang.StringgetCRSFToken(AppContext conn, TransitionFactory<K,T> fac, K key, T target)generate a CRSF token to be included in form posts.static <T,K> java.lang.StringgetPageHeader(TransitionFactory<K,T> tp, K key, T target)static <T,K> java.lang.StringgetPageTitle(TransitionFactory<K,T> tp, K key, T target)static TransitionFactorygetProvider(AppContext conn, HttpServletRequest req)Static method for jsp pages to retrieve the TransitionProvider in a way compatible with the TransitionSerlvetstatic TransitionFactorygetProviderFromName(AppContext conn, java.lang.String type)method to retrieve the TransitionProvider from a string tag If the tag contains a colon this is taken as a separator between two fields.protected SessionServicegetSessionService(AppContext conn, TransitionFactory<K,T> tp, java.util.Map<java.lang.String,java.lang.Object> raw_params)Extension point to get the session including any custom login code based on the parameters and theTransitionFactoryThis allows sub-classes to that parse the parameters for login credentials or look for annotations on theTransitionFactory.protected TransitionVisitor<T>getShortcutVisitor(AppContext conn, java.util.Map<java.lang.String,java.lang.Object> params, TransitionFactory<K,T> tp, T target, K key)static <A,B> BgetTarget(AppContext conn, TransitionFactory<A,B> provider, HttpServletRequest req)Static method for jsp pages to use to retieve the target in a way compatible with the TransitionServletprotected TgetTarget(AppContext conn, TransitionFactory<K,T> provider, java.util.LinkedList<java.lang.String> path)Extracts the Target form the URL and sets it as an attribute for any scripts we forward to.static <A,B> java.lang.StringgetURL(AppContext conn, TransitionFactory<A,B> tp, B target)Get the TransitionServlet URL for a given TransitionProvider and target.static <A,B> java.lang.StringgetURL(AppContext conn, TransitionFactory<A,B> tp, B target, A operation)static <A,B> java.lang.StringgetURL(HttpServletRequest req, HttpServletResponse res, AppContext conn, TransitionFactory<A,B> tp, B target)static <A,B> java.lang.StringgetURL(HttpServletRequest req, HttpServletResponse res, AppContext conn, TransitionFactory<A,B> tp, B target, A operation)static <T,K> booleanhasViewRecorded(SessionService<?> sess, ViewTransitionFactory<K,T> tp)protected FormResultprocessTransition(AppContext conn, HttpServletRequest req, java.util.Map<java.lang.String,java.lang.Object> params, TransitionFactory<K,T> tp, K key, T target, Transition<T> t)static <T,K> voidrecordView(SessionService<?> sess, ViewTransitionFactory<K,T> tp, T target)Register the most recent view transition for this provider for use by theBackResultpassing a null target clears the memory.protected voidsessionError(AppContext conn, SessionService sess, HttpServletRequest req, HttpServletResponse res)Extension point for missing authorisationprotected voidsetTarget(HttpServletRequest req, T q)-
Methods inherited from class uk.ac.ed.epcc.webapp.servlet.WebappServlet
badInputCheck, checkBadInput, confirm, confirm, doGet, doPost, doPut, doPut, encodeCGI, getLogger, handleFormResult, message, message, messageWithArgs, sendMessageWithArgs
-
-
-
-
Field Detail
-
VIEW_TRANSITION
public static final java.lang.String VIEW_TRANSITION
- See Also:
- Constant Field Values
-
TRANSITION_TRANSACTIONS
public static final Feature TRANSITION_TRANSACTIONS
-
TRANSITION_ANCHOR
public static final Preference TRANSITION_ANCHOR
-
MODIFY_ON_POST_ONLY
public static final Feature MODIFY_ON_POST_ONLY
This is a security control. It is intended to prevent a malicious web-page from including image links that will be automatically fetched causing un-approved side effects. Real form transitions will always show the form page first which submits via post. Index and view transitions are always assumed to be safe and may be presented as links. Other direct transitions will not be accessible via a link unless the key implementsViewTransitionKeyand reports the transition as safe.
-
TRANSITION_SERVLET
public static final java.lang.String TRANSITION_SERVLET
- See Also:
- Constant Field Values
-
TRANSITION_PROVIDER_ATTR
public static final java.lang.String TRANSITION_PROVIDER_ATTR
- See Also:
- Constant Field Values
-
TRANSITION_KEY_ATTR
public static final java.lang.String TRANSITION_KEY_ATTR
- See Also:
- Constant Field Values
-
TRANSITION_CSRF_ATTR
public static final java.lang.String TRANSITION_CSRF_ATTR
- See Also:
- Constant Field Values
-
TARGET_ATTRIBUTE
public static final java.lang.String TARGET_ATTRIBUTE
- See Also:
- Constant Field Values
-
-
Method Detail
-
doPost
public void doPost(HttpServletRequest req, HttpServletResponse res, AppContext conn)Description copied from class:WebappServletMethod that does the actual work- Specified by:
doPostin classWebappServlet
-
getShortcutVisitor
protected TransitionVisitor<T> getShortcutVisitor(AppContext conn, java.util.Map<java.lang.String,java.lang.Object> params, TransitionFactory<K,T> tp, T target, K key)
-
sessionError
protected void sessionError(AppContext conn, SessionService sess, HttpServletRequest req, HttpServletResponse res) throws java.io.IOException, ServletException
Extension point for missing authorisation- Parameters:
conn-sess-req-res-- Throws:
java.io.IOExceptionServletException
-
processTransition
protected FormResult processTransition(AppContext conn, HttpServletRequest req, java.util.Map<java.lang.String,java.lang.Object> params, TransitionFactory<K,T> tp, K key, T target, Transition<T> t) throws java.lang.Exception
- Throws:
java.lang.Exception
-
getSessionService
protected SessionService getSessionService(AppContext conn, TransitionFactory<K,T> tp, java.util.Map<java.lang.String,java.lang.Object> raw_params)
Extension point to get the session including any custom login code based on the parameters and theTransitionFactoryThis allows sub-classes to that parse the parameters for login credentials or look for annotations on theTransitionFactory.- Parameters:
conn-tp-raw_params-- Returns:
-
getProviderFromName
public static TransitionFactory getProviderFromName(AppContext conn, java.lang.String type)
method to retrieve the TransitionProvider from a string tag If the tag contains a colon this is taken as a separator between two fields. The first field is used to construct aTransitionFactoryCreatorusingAppContext.makeObject(Class, String)and the second field is used as the parameter toTransitionFactoryCreator.getTransitionProvider(String). otherwise calls toAppContext.makeObject(Class, String)are attempted with the following tag/type parameters- TransitionProvider.
TransitionFactory.- TargetName looking for
TransitionFactory- TargetName looking for
TransitionFactoryCreator - TargetName looking for
- Parameters:
conn-type- TargetName of the TransitionProvider- Returns:
TransitionFactory
- TransitionProvider.
-
getProvider
public static TransitionFactory getProvider(AppContext conn, HttpServletRequest req) throws java.lang.Exception
Static method for jsp pages to retrieve the TransitionProvider in a way compatible with the TransitionSerlvet- Parameters:
conn-req-- Returns:
- TransitionProvider
- Throws:
java.lang.Exception
-
getTarget
protected T getTarget(AppContext conn, TransitionFactory<K,T> provider, java.util.LinkedList<java.lang.String> path)
Extracts the Target form the URL and sets it as an attribute for any scripts we forward to.- Parameters:
conn-provider-path-req-- Returns:
-
getTarget
public static <A,B> B getTarget(AppContext conn, TransitionFactory<A,B> provider, HttpServletRequest req)
Static method for jsp pages to use to retieve the target in a way compatible with the TransitionServlet- Type Parameters:
A-B-- Parameters:
conn-provider-req-- Returns:
- Transition target
-
setTarget
protected void setTarget(HttpServletRequest req, T q)
-
getCrsfToken
public static java.lang.String getCrsfToken(AppContext conn, HttpServletRequest req)
-
addButton
public static <A,B,X extends ExtendedXMLBuilder> X addButton(AppContext c, X hb, TransitionFactory<A,B> tp, A operation, B target, java.lang.String text)
Add a button to perform the required operation on the target- Type Parameters:
A-B-- Parameters:
c-hb- HtmlBulder to modifytp- TransitionProvideroperation-target-text-- Returns:
- modified HtmlBuilder
-
addButton
public static <A,B,X extends ExtendedXMLBuilder> X addButton(AppContext c, X hb, TransitionFactory<A,B> tp, A operation, B target, java.lang.String text, java.lang.String title)
-
addButton
public static <A,B,X extends ExtendedXMLBuilder> X addButton(AppContext c, X hb, TransitionFactory<A,B> tp, A operation, B target, java.lang.String text, java.lang.String title, boolean new_tab)
-
addButton
public static <A,B,X extends ExtendedXMLBuilder> X addButton(AppContext c, X hb, ChainedTransitionResult<B,A> next, java.lang.String text)
-
addButton
public static <A,B,X extends ExtendedXMLBuilder> X addButton(AppContext c, X hb, ChainedTransitionResult<B,A> next, java.lang.String text, java.lang.String title)
-
addLink
public static <A,B,X extends ExtendedXMLBuilder> X addLink(AppContext c, X hb, TransitionFactory<A,B> tp, A operation, B target, java.lang.String text, java.lang.String hover, boolean new_tab)
Add a link to perform the required operation on the target- Type Parameters:
A-B-- Parameters:
c-hb- HtmlBulder to modifytp- TransitionProvideroperation-target-text-- Returns:
- modified HtmlBuilder
-
addLink
public static ExtendedXMLBuilder addLink(AppContext c, ExtendedXMLBuilder hb, ChainedTransitionResult next, java.lang.String text)
-
addLink
public static ExtendedXMLBuilder addLink(AppContext c, ExtendedXMLBuilder hb, ChainedTransitionResult next, java.lang.String text, java.lang.String hover)
-
getURL
public static <A,B> java.lang.String getURL(AppContext conn, TransitionFactory<A,B> tp, B target)
Get the TransitionServlet URL for a given TransitionProvider and target. If the TransitionProvider implements ViewTransitionProvider this will be the view URL of the target. A page invoked by forward is already at this URL and need not provide an action attribute to forms.- Type Parameters:
A-B-- Parameters:
conn-tp-target-- Returns:
- String URL
-
getActionURL
public static <A,B> java.lang.String getActionURL(AppContext conn, TransitionFactory<A,B> tp, B target)
-
getURL
public static <A,B> java.lang.String getURL(HttpServletRequest req, HttpServletResponse res, AppContext conn, TransitionFactory<A,B> tp, B target)
-
getURL
public static <A,B> java.lang.String getURL(HttpServletRequest req, HttpServletResponse res, AppContext conn, TransitionFactory<A,B> tp, B target, A operation)
-
getURL
public static <A,B> java.lang.String getURL(AppContext conn, TransitionFactory<A,B> tp, B target, A operation)
-
recordView
public static <T,K> void recordView(SessionService<?> sess, ViewTransitionFactory<K,T> tp, T target)
Register the most recent view transition for this provider for use by theBackResultpassing a null target clears the memory.- Type Parameters:
T-K-- Parameters:
sess-tp-target-
-
hasViewRecorded
public static <T,K> boolean hasViewRecorded(SessionService<?> sess, ViewTransitionFactory<K,T> tp)
-
getPageTitle
public static <T,K> java.lang.String getPageTitle(TransitionFactory<K,T> tp, K key, T target)
-
getPageHeader
public static <T,K> java.lang.String getPageHeader(TransitionFactory<K,T> tp, K key, T target)
-
getCRSFToken
protected java.lang.String getCRSFToken(AppContext conn, TransitionFactory<K,T> fac, K key, T target)
generate a CRSF token to be included in form posts. Returning a null value disables the check.- Parameters:
fac-key-target-- Returns:
- token or null
-
checkOrigin
public boolean checkOrigin(AppContext conn, HttpServletRequest req, HttpServletResponse res)
check headers for csrf etc.- Parameters:
req-res-- Returns:
- true to continue processing
-
enabled
protected boolean enabled(AppContext conn)
Extension point to allow sub-classes to enable/disable the servlet- Returns:
-
-