universe@7: /* universe@7: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. universe@34: * universe@24: * Copyright 2018 Mike Becker. All rights reserved. universe@34: * universe@7: * Redistribution and use in source and binary forms, with or without universe@7: * modification, are permitted provided that the following conditions are met: universe@7: * universe@7: * 1. Redistributions of source code must retain the above copyright universe@7: * notice, this list of conditions and the following disclaimer. universe@7: * universe@7: * 2. Redistributions in binary form must reproduce the above copyright universe@7: * notice, this list of conditions and the following disclaimer in the universe@7: * documentation and/or other materials provided with the distribution. universe@7: * universe@7: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" universe@7: * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE universe@7: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE universe@7: * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE universe@7: * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR universe@7: * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF universe@7: * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS universe@7: * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN universe@7: * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) universe@7: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE universe@7: * POSSIBILITY OF SUCH DAMAGE. universe@34: * universe@7: */ universe@7: package de.uapcore.lightpit; universe@7: universe@38: import de.uapcore.lightpit.dao.DataAccessObjects; universe@38: import de.uapcore.lightpit.dao.postgres.PGDataAccessObjects; universe@33: import org.slf4j.Logger; universe@33: import org.slf4j.LoggerFactory; universe@33: universe@7: import javax.servlet.ServletException; universe@7: import javax.servlet.http.HttpServlet; universe@7: import javax.servlet.http.HttpServletRequest; universe@7: import javax.servlet.http.HttpServletResponse; universe@13: import javax.servlet.http.HttpSession; universe@33: import java.io.IOException; universe@83: import java.lang.reflect.*; universe@38: import java.sql.Connection; universe@38: import java.sql.SQLException; universe@33: import java.util.*; universe@63: import java.util.function.Function; universe@7: universe@7: /** universe@7: * A special implementation of a HTTPServlet which is focused on implementing universe@79: * the necessary functionality for LightPIT pages. universe@7: */ universe@9: public abstract class AbstractLightPITServlet extends HttpServlet { universe@34: universe@10: private static final Logger LOG = LoggerFactory.getLogger(AbstractLightPITServlet.class); universe@34: universe@43: private static final String SITE_JSP = Functions.jspPath("site"); universe@33: universe@33: universe@63: @FunctionalInterface universe@63: protected interface SQLFindFunction { universe@63: T apply(K key) throws SQLException; universe@63: universe@63: default SQLFindFunction compose(Function before) throws SQLException { universe@63: Objects.requireNonNull(before); universe@63: return (v) -> this.apply(before.apply(v)); universe@63: } universe@63: universe@63: default SQLFindFunction andThen(Function after) throws SQLException { universe@63: Objects.requireNonNull(after); universe@63: return (t) -> after.apply(this.apply(t)); universe@63: } universe@63: universe@63: static Function identity() { universe@63: return (t) -> t; universe@63: } universe@63: } universe@63: universe@10: /** universe@11: * Invocation mapping gathered from the {@link RequestMapping} annotations. universe@34: *

universe@18: * Paths in this map must always start with a leading slash, although universe@18: * the specification in the annotation must not start with a leading slash. universe@34: *

universe@34: * The reason for this is the different handling of empty paths in universe@18: * {@link HttpServletRequest#getPathInfo()}. universe@11: */ universe@39: private final Map> mappings = new HashMap<>(); universe@11: universe@11: /** universe@78: * Returns the name of the resource bundle associated with this servlet. universe@86: * universe@78: * @return the resource bundle base name universe@78: */ universe@78: protected abstract String getResourceBundleName(); universe@78: universe@38: universe@34: /** universe@38: * Creates a set of data access objects for the specified connection. universe@33: * universe@38: * @param connection the SQL connection universe@38: * @return a set of data access objects universe@17: */ universe@38: private DataAccessObjects createDataAccessObjects(Connection connection) throws SQLException { universe@38: final var df = (DatabaseFacade) getServletContext().getAttribute(DatabaseFacade.SC_ATTR_NAME); universe@39: if (df.getSQLDialect() == DatabaseFacade.Dialect.Postgres) { universe@39: return new PGDataAccessObjects(connection); universe@38: } universe@39: throw new AssertionError("Non-exhaustive if-else - this is a bug."); universe@17: } universe@33: universe@38: private ResponseType invokeMapping(Method method, HttpServletRequest req, HttpServletResponse resp, DataAccessObjects dao) throws IOException { universe@11: try { universe@14: LOG.trace("invoke {}#{}", method.getDeclaringClass().getName(), method.getName()); universe@42: final var paramTypes = method.getParameterTypes(); universe@42: final var paramValues = new Object[paramTypes.length]; universe@42: for (int i = 0; i < paramTypes.length; i++) { universe@42: if (paramTypes[i].isAssignableFrom(HttpServletRequest.class)) { universe@42: paramValues[i] = req; universe@42: } else if (paramTypes[i].isAssignableFrom(HttpServletResponse.class)) { universe@42: paramValues[i] = resp; universe@42: } universe@42: if (paramTypes[i].isAssignableFrom(DataAccessObjects.class)) { universe@42: paramValues[i] = dao; universe@42: } universe@42: } universe@42: return (ResponseType) method.invoke(this, paramValues); universe@73: } catch (InvocationTargetException ex) { universe@73: LOG.error("invocation of method {}::{} failed: {}", universe@73: method.getDeclaringClass().getName(), method.getName(), ex.getTargetException().getMessage()); universe@73: LOG.debug("Details: ", ex.getTargetException()); universe@73: resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, ex.getTargetException().getMessage()); universe@73: return ResponseType.NONE; universe@12: } catch (ReflectiveOperationException | ClassCastException ex) { universe@73: LOG.error("invocation of method {}::{} failed: {}", universe@73: method.getDeclaringClass().getName(), method.getName(), ex.getMessage()); universe@38: LOG.debug("Details: ", ex); universe@73: resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, ex.getMessage()); universe@12: return ResponseType.NONE; universe@11: } universe@11: } universe@11: universe@11: @Override universe@11: public void init() throws ServletException { universe@78: scanForRequestMappings(); universe@33: universe@12: LOG.trace("{} initialized", getServletName()); universe@12: } universe@12: universe@12: private void scanForRequestMappings() { universe@12: try { universe@11: Method[] methods = getClass().getDeclaredMethods(); universe@11: for (Method method : methods) { universe@11: Optional mapping = Optional.ofNullable(method.getAnnotation(RequestMapping.class)); universe@11: if (mapping.isPresent()) { universe@11: if (!Modifier.isPublic(method.getModifiers())) { universe@11: LOG.warn("{} is annotated with {} but is not public", universe@11: method.getName(), RequestMapping.class.getSimpleName() universe@11: ); universe@11: continue; universe@11: } universe@11: if (Modifier.isAbstract(method.getModifiers())) { universe@11: LOG.warn("{} is annotated with {} but is abstract", universe@11: method.getName(), RequestMapping.class.getSimpleName() universe@11: ); universe@11: continue; universe@11: } universe@12: if (!ResponseType.class.isAssignableFrom(method.getReturnType())) { universe@12: LOG.warn("{} is annotated with {} but has the wrong return type - 'ResponseType' required", universe@12: method.getName(), RequestMapping.class.getSimpleName() universe@12: ); universe@12: continue; universe@12: } universe@12: universe@42: boolean paramsInjectible = true; universe@42: for (var param : method.getParameterTypes()) { universe@42: paramsInjectible &= HttpServletRequest.class.isAssignableFrom(param) universe@42: || HttpServletResponse.class.isAssignableFrom(param) universe@42: || DataAccessObjects.class.isAssignableFrom(param); universe@42: } universe@42: if (paramsInjectible) { universe@58: String requestPath = "/" + mapping.get().requestPath(); universe@12: universe@39: if (mappings universe@39: .computeIfAbsent(mapping.get().method(), k -> new HashMap<>()) universe@39: .putIfAbsent(requestPath, method) != null) { universe@11: LOG.warn("{} {} has multiple mappings", universe@11: mapping.get().method(), universe@11: mapping.get().requestPath() universe@11: ); universe@11: } universe@12: universe@22: LOG.debug("{} {} maps to {}::{}", universe@11: mapping.get().method(), universe@18: requestPath, universe@22: getClass().getSimpleName(), universe@11: method.getName() universe@11: ); universe@11: } else { universe@42: LOG.warn("{} is annotated with {} but has the wrong parameters - only HttpServletRequest. HttpServletResponse, and DataAccessObjects are allowed", universe@11: method.getName(), RequestMapping.class.getSimpleName() universe@11: ); universe@11: } universe@11: } universe@11: } universe@12: } catch (SecurityException ex) { universe@12: LOG.error("Scan for request mappings on declared methods failed.", ex); universe@11: } universe@11: } universe@11: universe@11: @Override universe@11: public void destroy() { universe@11: mappings.clear(); universe@11: LOG.trace("{} destroyed", getServletName()); universe@11: } universe@34: universe@13: /** universe@74: * Sets the name of the content page. universe@34: *

universe@13: * It is sufficient to specify the name without any extension. The extension universe@13: * is added automatically if not specified. universe@34: * universe@74: * @param req the servlet request object universe@74: * @param pageName the name of the content page universe@74: * @see Constants#REQ_ATTR_CONTENT_PAGE universe@13: */ universe@74: protected void setContentPage(HttpServletRequest req, String pageName) { universe@74: req.setAttribute(Constants.REQ_ATTR_CONTENT_PAGE, Functions.jspPath(pageName)); universe@13: } universe@34: universe@11: /** universe@71: * Sets the breadcrumbs menu. universe@71: * universe@71: * @param req the servlet request object universe@71: * @param breadcrumbs the menu entries for the breadcrumbs menu universe@71: * @see Constants#REQ_ATTR_BREADCRUMBS universe@71: */ universe@71: protected void setBreadcrumbs(HttpServletRequest req, List breadcrumbs) { universe@71: req.setAttribute(Constants.REQ_ATTR_BREADCRUMBS, breadcrumbs); universe@71: } universe@71: universe@71: /** universe@47: * @param req the servlet request object universe@47: * @param location the location where to redirect universe@47: * @see Constants#REQ_ATTR_REDIRECT_LOCATION universe@47: */ universe@63: protected void setRedirectLocation(HttpServletRequest req, String location) { universe@47: if (location.startsWith("./")) { universe@47: location = location.replaceFirst("\\./", Functions.baseHref(req)); universe@47: } universe@47: req.setAttribute(Constants.REQ_ATTR_REDIRECT_LOCATION, location); universe@47: } universe@47: universe@47: /** universe@13: * Specifies the name of an additional stylesheet used by the module. universe@34: *

universe@13: * Setting an additional stylesheet is optional, but quite common for HTML universe@13: * output. universe@34: *

universe@13: * It is sufficient to specify the name without any extension. The extension universe@13: * is added automatically if not specified. universe@34: * universe@34: * @param req the servlet request object universe@13: * @param stylesheet the name of the stylesheet universe@11: */ universe@13: public void setStylesheet(HttpServletRequest req, String stylesheet) { universe@13: req.setAttribute(Constants.REQ_ATTR_STYLESHEET, Functions.enforceExt(stylesheet, ".css")); universe@10: } universe@34: universe@47: /** universe@86: * Sets the view model object. universe@86: * The type must match the expected type in the JSP file. universe@86: * universe@86: * @param req the servlet request object universe@86: * @param viewModel the view model object universe@86: */ universe@86: public void setViewModel(HttpServletRequest req, Object viewModel) { universe@86: req.setAttribute(Constants.REQ_ATTR_VIEWMODEL, viewModel); universe@86: } universe@86: universe@86: /** universe@47: * Obtains a request parameter of the specified type. universe@47: * The specified type must have a single-argument constructor accepting a string to perform conversion. universe@47: * The constructor of the specified type may throw an exception on conversion failures. universe@47: * universe@71: * @param req the servlet request object universe@47: * @param clazz the class object of the expected type universe@71: * @param name the name of the parameter universe@71: * @param the expected type universe@47: * @return the parameter value or an empty optional, if no parameter with the specified name was found universe@47: */ universe@71: protected Optional getParameter(HttpServletRequest req, Class clazz, String name) { universe@83: if (clazz.isArray()) { universe@83: final String[] paramValues = req.getParameterValues(name); universe@83: int len = paramValues == null ? 0 : paramValues.length; universe@83: final var array = (T) Array.newInstance(clazz.getComponentType(), len); universe@86: for (int i = 0; i < len; i++) { universe@83: try { universe@83: final Constructor ctor = clazz.getComponentType().getConstructor(String.class); universe@83: Array.set(array, i, ctor.newInstance(paramValues[i])); universe@83: } catch (ReflectiveOperationException e) { universe@83: throw new RuntimeException(e); universe@83: } universe@83: } universe@83: return Optional.of(array); universe@83: } else { universe@83: final String paramValue = req.getParameter(name); universe@83: if (paramValue == null) return Optional.empty(); universe@83: if (clazz.equals(Boolean.class)) { universe@83: if (paramValue.toLowerCase().equals("false") || paramValue.equals("0")) { universe@83: return Optional.of((T) Boolean.FALSE); universe@83: } else { universe@83: return Optional.of((T) Boolean.TRUE); universe@83: } universe@83: } universe@83: if (clazz.equals(String.class)) return Optional.of((T) paramValue); universe@83: if (java.sql.Date.class.isAssignableFrom(clazz)) { universe@83: try { universe@83: return Optional.of((T) java.sql.Date.valueOf(paramValue)); universe@83: } catch (IllegalArgumentException ex) { universe@83: return Optional.empty(); universe@83: } universe@83: } universe@83: try { universe@83: final Constructor ctor = clazz.getConstructor(String.class); universe@83: return Optional.of(ctor.newInstance(paramValue)); universe@83: } catch (ReflectiveOperationException e) { universe@83: throw new RuntimeException(e); universe@80: } universe@80: } universe@47: } universe@47: universe@63: /** universe@63: * Tries to look up an entity with a key obtained from a request parameter. universe@63: * universe@71: * @param req the servlet request object universe@63: * @param clazz the class representing the type of the request parameter universe@71: * @param name the name of the request parameter universe@71: * @param find the find function (typically a DAO function) universe@71: * @param the type of the request parameter universe@71: * @param the type of the looked up entity universe@63: * @return the retrieved entity or an empty optional if there is no such entity or the request parameter was missing universe@63: * @throws SQLException if the find function throws an exception universe@63: */ universe@71: protected Optional findByParameter(HttpServletRequest req, Class clazz, String name, SQLFindFunction find) throws SQLException { universe@63: final var param = getParameter(req, clazz, name); universe@63: if (param.isPresent()) { universe@63: return Optional.ofNullable(find.apply(param.get())); universe@63: } else { universe@63: return Optional.empty(); universe@63: } universe@63: } universe@63: universe@10: private void forwardToFullView(HttpServletRequest req, HttpServletResponse resp) universe@10: throws IOException, ServletException { universe@34: universe@79: final String lightpitBundle = "localization.lightpit"; universe@79: final var mainMenu = List.of( universe@79: new MenuEntry(new ResourceKey(lightpitBundle, "menu.projects"), "projects/"), universe@79: new MenuEntry(new ResourceKey(lightpitBundle, "menu.users"), "teams/"), universe@79: new MenuEntry(new ResourceKey(lightpitBundle, "menu.languages"), "language/") universe@79: ); universe@71: for (var entry : mainMenu) { universe@71: if (Functions.fullPath(req).startsWith("/" + entry.getPathName())) { universe@71: entry.setActive(true); universe@71: } universe@71: } universe@71: req.setAttribute(Constants.REQ_ATTR_MENU, mainMenu); universe@43: req.getRequestDispatcher(SITE_JSP).forward(req, resp); universe@10: } universe@34: universe@45: private String sanitizeRequestPath(HttpServletRequest req) { universe@45: return Optional.ofNullable(req.getPathInfo()).orElse("/"); universe@45: } universe@45: universe@39: private Optional findMapping(HttpMethod method, HttpServletRequest req) { universe@45: return Optional.ofNullable(mappings.get(method)).map(rm -> rm.get(sanitizeRequestPath(req))); universe@11: } universe@34: universe@34: private void forwardAsSpecified(ResponseType type, HttpServletRequest req, HttpServletResponse resp) universe@12: throws ServletException, IOException { universe@12: switch (type) { universe@34: case NONE: universe@34: return; universe@43: case HTML: universe@12: forwardToFullView(req, resp); universe@12: return; universe@12: // TODO: implement remaining response types universe@12: default: universe@34: throw new AssertionError("ResponseType switch is not exhaustive - this is a bug!"); universe@12: } universe@12: } universe@34: universe@38: private void doProcess(HttpMethod method, HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { universe@27: universe@13: // choose the requested language as session language (if available) or fall back to english, otherwise universe@20: HttpSession session = req.getSession(); universe@13: if (session.getAttribute(Constants.SESSION_ATTR_LANGUAGE) == null) { universe@13: Optional> availableLanguages = Functions.availableLanguages(getServletContext()).map(Arrays::asList); universe@13: Optional reqLocale = Optional.of(req.getLocale()); universe@13: Locale sessionLocale = reqLocale.filter((rl) -> availableLanguages.map((al) -> al.contains(rl.getLanguage())).orElse(false)).orElse(Locale.ENGLISH); universe@13: session.setAttribute(Constants.SESSION_ATTR_LANGUAGE, sessionLocale); universe@34: LOG.debug("Setting language for new session {}: {}", session.getId(), sessionLocale.getDisplayLanguage()); universe@14: } else { universe@15: Locale sessionLocale = (Locale) session.getAttribute(Constants.SESSION_ATTR_LANGUAGE); universe@15: resp.setLocale(sessionLocale); universe@15: LOG.trace("Continuing session {} with language {}", session.getId(), sessionLocale); universe@13: } universe@34: universe@21: // set some internal request attributes universe@53: final String fullPath = Functions.fullPath(req); universe@47: req.setAttribute(Constants.REQ_ATTR_BASE_HREF, Functions.baseHref(req)); universe@53: req.setAttribute(Constants.REQ_ATTR_PATH, fullPath); universe@78: req.setAttribute(Constants.REQ_ATTR_RESOURCE_BUNDLE, getResourceBundleName()); universe@34: universe@53: // if this is an error path, bypass the normal flow universe@53: if (fullPath.startsWith("/error/")) { universe@53: final var mapping = findMapping(method, req); universe@53: if (mapping.isPresent()) { universe@53: forwardAsSpecified(invokeMapping(mapping.get(), req, resp, null), req, resp); universe@53: } universe@53: return; universe@53: } universe@53: universe@38: // obtain a connection and create the data access objects universe@38: final var db = (DatabaseFacade) req.getServletContext().getAttribute(DatabaseFacade.SC_ATTR_NAME); universe@53: final var ds = db.getDataSource(); universe@53: if (ds == null) { universe@53: resp.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE, "JNDI DataSource lookup failed. See log for details."); universe@53: return; universe@53: } universe@53: try (final var connection = ds.getConnection()) { universe@38: final var dao = createDataAccessObjects(connection); universe@39: try { universe@39: connection.setAutoCommit(false); universe@39: // call the handler, if available, or send an HTTP 404 error universe@39: final var mapping = findMapping(method, req); universe@39: if (mapping.isPresent()) { universe@39: forwardAsSpecified(invokeMapping(mapping.get(), req, resp, dao), req, resp); universe@39: } else { universe@39: resp.sendError(HttpServletResponse.SC_NOT_FOUND); universe@39: } universe@39: connection.commit(); universe@39: } catch (SQLException ex) { universe@39: LOG.warn("Database transaction failed (Code {}): {}", ex.getErrorCode(), ex.getMessage()); universe@39: LOG.debug("Details: ", ex); universe@54: resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unhandled Transaction Error - Code: " + ex.getErrorCode()); universe@39: connection.rollback(); universe@38: } universe@38: } catch (SQLException ex) { universe@39: LOG.error("Severe Database Exception (Code {}): {}", ex.getErrorCode(), ex.getMessage()); universe@38: LOG.debug("Details: ", ex); universe@54: resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Database Error - Code: " + ex.getErrorCode()); universe@12: } universe@12: } universe@34: universe@7: @Override universe@7: protected final void doGet(HttpServletRequest req, HttpServletResponse resp) universe@7: throws ServletException, IOException { universe@12: doProcess(HttpMethod.GET, req, resp); universe@7: } universe@7: universe@7: @Override universe@7: protected final void doPost(HttpServletRequest req, HttpServletResponse resp) universe@7: throws ServletException, IOException { universe@12: doProcess(HttpMethod.POST, req, resp); universe@7: } universe@7: }