ValidatorPhaseListener.java

/**
 * Copyright 2005-2016 hdiv.org
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * 	http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.hdiv.phaseListeners;

import java.util.ArrayList;
import java.util.List;

import javax.faces.component.UIComponent;
import javax.faces.component.UIInput;
import javax.faces.context.FacesContext;
import javax.faces.event.PhaseEvent;
import javax.faces.event.PhaseId;
import javax.faces.event.PhaseListener;
import javax.servlet.http.HttpServletRequest;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hdiv.config.HDIVConfig;
import org.hdiv.filter.ValidatorError;
import org.hdiv.filter.ValidatorErrorHandler;
import org.hdiv.logs.IUserData;
import org.hdiv.logs.Logger;
import org.hdiv.util.HDIVErrorCodes;
import org.hdiv.util.HDIVUtil;
import org.hdiv.util.UtilsJsf;
import org.hdiv.validation.ComponentTreeValidator;
import org.hdiv.validation.FacesValidatorError;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.jsf.FacesContextUtils;

/**
 * {@link PhaseListener} that verifies that Hdiv validation is executed and is valid. Otherwise, the request will be stopped.
 */
public class ValidatorPhaseListener implements PhaseListener {

	private static final long serialVersionUID = -5951308353665763734L;

	private static final Log log = LogFactory.getLog(ValidatorPhaseListener.class);

	private static final String VALIDATION_ERRORS_ATTR_NAME = "VALIDATION_ERRORS_ATTR_NAME";

	private ComponentTreeValidator componentTreeValidator;

	private HDIVConfig config;

	private Logger logger;

	private IUserData userData;

	private ValidatorErrorHandler validatorErrorHandler;

	public PhaseId getPhaseId() {
		return PhaseId.ANY_PHASE;
	}

	public void beforePhase(final PhaseEvent event) {

		if (logger == null) {

			if (log.isDebugEnabled()) {
				log.debug("Initialize ValidationStatusPhaseListener dependencies.");
			}

			WebApplicationContext wac = FacesContextUtils.getRequiredWebApplicationContext(event.getFacesContext());
			validatorErrorHandler = wac.getBean(ValidatorErrorHandler.class);
			componentTreeValidator = wac.getBean(ComponentTreeValidator.class);
			config = wac.getBean(HDIVConfig.class);
			userData = wac.getBean(IUserData.class);
			logger = wac.getBean(Logger.class);
		}

		if (event.getPhaseId().equals(PhaseId.PROCESS_VALIDATIONS)) {

			@SuppressWarnings("unchecked")
			List<FacesValidatorError> errors = (List<FacesValidatorError>) event.getFacesContext().getAttributes()
					.get(VALIDATION_ERRORS_ATTR_NAME);
			if (errors != null) {
				for (FacesValidatorError error : errors) {
					if (error.getType().equals(HDIVErrorCodes.INVALID_EDITABLE_VALUE)) {
						UIComponent comp = error.getEditableValidationComponent();
						if (comp instanceof UIInput) {
							((UIInput) comp).setValid(false);
						}
						else {
							log.info("Can't set validity to false on component: " + comp.getClientId(event.getFacesContext()));
						}
					}
				}
			}
		}
	}

	public void afterPhase(final PhaseEvent event) {

		if (event.getPhaseId().equals(PhaseId.RESTORE_VIEW)) {

			FacesContext context = event.getFacesContext();
			boolean reqInitialized = UtilsJsf.isRequestInitialized(context);
			if (!reqInitialized) {
				return;
			}

			if (!context.isPostback()) {
				// Don't validate a request if it is not a postback
				return;
			}

			List<FacesValidatorError> errors = null;
			try {
				errors = componentTreeValidator.validateComponentTree(context);
			}
			catch (Exception e) {
				if (log.isErrorEnabled()) {
					log.error("Error in component tree validation.", e);
				}
			}

			if (errors != null && errors.size() > 0) {
				completeErrorData(context, errors);

				context.getAttributes().put(VALIDATION_ERRORS_ATTR_NAME, errors);

				log(context, errors);
				if (mustStopRequest(errors)) {
					forwardToErrorPage(context, errors);
				}
			}
		}
	}

	/**
	 * Complete {@link ValidatorError} containing data including user related info.
	 *
	 * @param context request object
	 * @param errors all validation errors
	 */
	protected void completeErrorData(final FacesContext context, final List<FacesValidatorError> errors) {

		HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();

		String localIp = userData.getLocalIp(request);
		String remoteIp = userData.getRemoteIp(request);
		String userName = userData.getUsername(request);

		String contextPath = request.getContextPath();
		for (ValidatorError error : errors) {

			error.setLocalIp(localIp);
			error.setRemoteIp(remoteIp);
			error.setUserName(userName);

			// Include context path in the target
			String target = error.getTarget();
			if (target != null && !target.startsWith(contextPath)) {
				target = request.getContextPath() + target;
			}
			else if (target == null) {
				target = request.getRequestURI();
			}
			error.setTarget(target);
		}
	}

	protected boolean mustStopRequest(final List<FacesValidatorError> errors) {

		if (errors == null || errors.isEmpty()) {
			return false;
		}

		if (config.isDebugMode()) {
			return false;
		}

		boolean onlyEditable = true;
		if (errors != null && !errors.isEmpty()) {
			for (ValidatorError error : errors) {
				if (!error.getType().equals(HDIVErrorCodes.INVALID_EDITABLE_VALUE)) {
					onlyEditable = false;
					break;
				}
			}
		}

		if (onlyEditable && !config.isShowErrorPageOnEditableValidation()) {
			return false;
		}
		return true;
	}

	/**
	 * Redirects the execution to the HDIV error page
	 * 
	 * @param context Request context
	 * @param validatorErrors validation error data
	 */
	protected void forwardToErrorPage(final FacesContext context, final List<FacesValidatorError> validatorErrors) {

		HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();

		List<ValidatorError> errors = new ArrayList<ValidatorError>();
		if (validatorErrors != null) {
			for (FacesValidatorError error : validatorErrors) {
				errors.add(error);
			}
		}
		validatorErrorHandler.handleValidatorError(HDIVUtil.getRequestContext(request), errors);
	}

	/**
	 * Helper method to write an attack in the log
	 * 
	 * @param context Request context
	 * @param error validation result
	 */
	private void log(final FacesContext context, final List<FacesValidatorError> errors) {

		HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();

		if (errors != null) {
			for (ValidatorError error : errors) {
				error.setTarget(HDIVUtil.getRequestContext(request).getRequestURI());
				logger.log(error);
			}
		}
	}

}