release13.07/framework/webapp/src/org/ofbiz/webapp/event/ScriptEventHandler.java - ofbiz - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.ofbiz.webapp.event;

 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;

 import javax.script.ScriptContext;
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;

 import org.ofbiz.base.util.Debug;
 import org.ofbiz.base.util.ScriptUtil;
 import org.ofbiz.base.util.UtilHttp;
 import org.ofbiz.base.util.UtilMisc;
 import org.ofbiz.webapp.control.ConfigXMLReader.Event;
 import org.ofbiz.webapp.control.ConfigXMLReader.RequestMap;

 /**
  * Generic Script Event Handler. This event handler uses the javax.script package (JSR-223) to invoke scripts or script functions.
  * <p>The script event handler will put the following artifacts in the script engine's bindings:<br />
  * <ul>
  *   <li><code>parameters</code> - a <code>Map</code> containing servlet context, session, request attributes and parameters</li>
  *   <li><code>request</code> - a <code>HttpServletRequest</code> instance</li>
  *   <li><code>response</code> - a <code>HttpServletResponse</code> instance</li>
  *   <li><code>session</code> - a <code>HttpSession</code> instance</li>
  *   <li><code>dispatcher</code> - a <code>LocalDispatcher</code> instance</li>
  *   <li><code>delegator</code> - a <code>Delegator</code> instance</li>
  *   <li><code>security</code> - a <code>Security</code> instance</li>
  *   <li><code>locale</code> - a <code>Locale</code> instance</li>
  *   <li><code>timeZone</code> - a <code>TimeZone</code> instance</li>
  *   <li><code>userLogin</code> - a UserLogin <code>GenericValue</code></li>
  * </ul></p>
  * <p>If the event element includes an invoke attribute, then the matching script function/method will be called
  * with a single argument - the bindings <code>Map</code>.</p>
  */
 public final class ScriptEventHandler implements EventHandler {

     public static final String module = ScriptEventHandler.class.getName();
     private static final Set<String> protectedKeys = createProtectedKeys();

     private static Set<String> createProtectedKeys() {
         Set<String> newSet = new HashSet<String>();
         newSet.add("request");
         newSet.add("response");
         newSet.add("session");
         newSet.add("dispatcher");
         newSet.add("delegator");
         newSet.add("security");
         newSet.add("locale");
         newSet.add("timeZone");
         newSet.add("userLogin");
         /* Commenting out for now because some scripts write to the parameters Map - which should not be allowed.
         newSet.add(ScriptUtil.PARAMETERS_KEY);
         */
         return Collections.unmodifiableSet(newSet);
     }

     @Override
     public void init(ServletContext context) throws EventHandlerException {
     }

     @Override
     public String invoke(Event event, RequestMap requestMap, HttpServletRequest request, HttpServletResponse response) throws EventHandlerException {
         try {
             Map<String, Object> context = new HashMap<String, Object>();
             context.put("request", request);
             context.put("response", response);
             HttpSession session = request.getSession();
             context.put("session", session);
             context.put("dispatcher", request.getAttribute("dispatcher"));
             context.put("delegator", request.getAttribute("delegator"));
             context.put("security", request.getAttribute("security"));
             context.put("locale", UtilHttp.getLocale(request));
             context.put("timeZone", UtilHttp.getTimeZone(request));
             context.put("userLogin", session.getAttribute("userLogin"));
             context.put(ScriptUtil.PARAMETERS_KEY, UtilHttp.getCombinedMap(request, UtilMisc.toSet("delegator", "dispatcher", "security", "locale", "timeZone", "userLogin")));
             Object result = null;
             try {
                 ScriptContext scriptContext = ScriptUtil.createScriptContext(context, protectedKeys);
                 result = ScriptUtil.executeScript(event.path, event.invoke, scriptContext, null);
                 if (result == null) {
                     result = scriptContext.getAttribute(ScriptUtil.RESULT_KEY);
                 }
             } catch (Exception e) {
                 Debug.logWarning(e, "Error running event " + event.path + ": ", module);
                 request.setAttribute("_ERROR_MESSAGE_", e.getMessage());
                 return "error";
             }
             if (result instanceof Map) {
                 Map resultMap = (Map)result;
                 String successMessage = (String)resultMap.get("_event_message_");
                 if (successMessage != null) {
                     request.setAttribute("_EVENT_MESSAGE_", successMessage);
                 }
                 String errorMessage = (String)resultMap.get("_error_message_");
                 if (errorMessage != null) {
                     request.setAttribute("_ERROR_MESSAGE_", errorMessage);
                 }
                 return (String)resultMap.get("_response_code_");
             }
             if (result != null && !(result instanceof String)) {
                 throw new EventHandlerException("Event did not return a String result, it returned a " + result.getClass().getName());
             }
             return (String) result;
         } catch (Exception e) {
             throw new EventHandlerException("Error running event " + event.path, e);
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.ofbiz.webapp.event;

	import java.util.Collections;
	import java.util.HashMap;
	import java.util.HashSet;
	import java.util.Map;
	import java.util.Set;

	import javax.script.ScriptContext;
	import javax.servlet.ServletContext;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import javax.servlet.http.HttpSession;

	import org.ofbiz.base.util.Debug;
	import org.ofbiz.base.util.ScriptUtil;
	import org.ofbiz.base.util.UtilHttp;
	import org.ofbiz.base.util.UtilMisc;
	import org.ofbiz.webapp.control.ConfigXMLReader.Event;
	import org.ofbiz.webapp.control.ConfigXMLReader.RequestMap;

	/**
	* Generic Script Event Handler. This event handler uses the javax.script package (JSR-223) to invoke scripts or script functions.
	* <p>The script event handler will put the following artifacts in the script engine's bindings:<br />
	* <ul>
	* <li><code>parameters</code> - a <code>Map</code> containing servlet context, session, request attributes and parameters</li>
	* <li><code>request</code> - a <code>HttpServletRequest</code> instance</li>
	* <li><code>response</code> - a <code>HttpServletResponse</code> instance</li>
	* <li><code>session</code> - a <code>HttpSession</code> instance</li>
	* <li><code>dispatcher</code> - a <code>LocalDispatcher</code> instance</li>
	* <li><code>delegator</code> - a <code>Delegator</code> instance</li>
	* <li><code>security</code> - a <code>Security</code> instance</li>
	* <li><code>locale</code> - a <code>Locale</code> instance</li>
	* <li><code>timeZone</code> - a <code>TimeZone</code> instance</li>
	* <li><code>userLogin</code> - a UserLogin <code>GenericValue</code></li>
	* </ul></p>
	* <p>If the event element includes an invoke attribute, then the matching script function/method will be called
	* with a single argument - the bindings <code>Map</code>.</p>
	*/
	public final class ScriptEventHandler implements EventHandler {

	public static final String module = ScriptEventHandler.class.getName();
	private static final Set<String> protectedKeys = createProtectedKeys();

	private static Set<String> createProtectedKeys() {
	Set<String> newSet = new HashSet<String>();
	newSet.add("request");
	newSet.add("response");
	newSet.add("session");
	newSet.add("dispatcher");
	newSet.add("delegator");
	newSet.add("security");
	newSet.add("locale");
	newSet.add("timeZone");
	newSet.add("userLogin");
	/* Commenting out for now because some scripts write to the parameters Map - which should not be allowed.
	newSet.add(ScriptUtil.PARAMETERS_KEY);
	*/
	return Collections.unmodifiableSet(newSet);
	}

	@Override
	public void init(ServletContext context) throws EventHandlerException {
	}

	@Override
	public String invoke(Event event, RequestMap requestMap, HttpServletRequest request, HttpServletResponse response) throws EventHandlerException {
	try {
	Map<String, Object> context = new HashMap<String, Object>();
	context.put("request", request);
	context.put("response", response);
	HttpSession session = request.getSession();
	context.put("session", session);
	context.put("dispatcher", request.getAttribute("dispatcher"));
	context.put("delegator", request.getAttribute("delegator"));
	context.put("security", request.getAttribute("security"));
	context.put("locale", UtilHttp.getLocale(request));
	context.put("timeZone", UtilHttp.getTimeZone(request));
	context.put("userLogin", session.getAttribute("userLogin"));
	context.put(ScriptUtil.PARAMETERS_KEY, UtilHttp.getCombinedMap(request, UtilMisc.toSet("delegator", "dispatcher", "security", "locale", "timeZone", "userLogin")));
	Object result = null;
	try {
	ScriptContext scriptContext = ScriptUtil.createScriptContext(context, protectedKeys);
	result = ScriptUtil.executeScript(event.path, event.invoke, scriptContext, null);
	if (result == null) {
	result = scriptContext.getAttribute(ScriptUtil.RESULT_KEY);
	}
	} catch (Exception e) {
	Debug.logWarning(e, "Error running event " + event.path + ": ", module);
	request.setAttribute("_ERROR_MESSAGE_", e.getMessage());
	return "error";
	}
	if (result instanceof Map) {
	Map resultMap = (Map)result;
	String successMessage = (String)resultMap.get("_event_message_");
	if (successMessage != null) {
	request.setAttribute("_EVENT_MESSAGE_", successMessage);
	}
	String errorMessage = (String)resultMap.get("_error_message_");
	if (errorMessage != null) {
	request.setAttribute("_ERROR_MESSAGE_", errorMessage);
	}
	return (String)resultMap.get("_response_code_");
	}
	if (result != null && !(result instanceof String)) {
	throw new EventHandlerException("Event did not return a String result, it returned a " + result.getClass().getName());
	}
	return (String) result;
	} catch (Exception e) {
	throw new EventHandlerException("Error running event " + event.path, e);
	}
	}
	}