DotRequestProxy requestProxy = (DotRequestProxy) Proxy
.newProxyInstance(DotRequestProxy.class.getClassLoader(),
new Class[] { DotRequestProxy.class },
dotInvocationHandler);
DotResponseProxy responseProxy = (DotResponseProxy) Proxy
.newProxyInstance(DotResponseProxy.class.getClassLoader(),
new Class[] { DotResponseProxy.class },
dotInvocationHandler);
StringWriter out = new StringWriter();
Context context = null;
uri = UtilMethods.cleanURI(uri);
// Map with all identifier inodes for a given uri.
String idInode = APILocator.getIdentifierAPI().find(host, uri)
.getInode();
// Checking the path is really live using the livecache
String cachedUri = (liveMode) ? LiveCache.getPathFromCache(uri, host) : WorkingCache.getPathFromCache(uri, host);
// if we still have nothing.
if (!InodeUtils.isSet(idInode) || cachedUri == null) {
throw new ResourceNotFoundException(String.format(
"Resource %s not found in Live mode!", uri));
}
responseProxy.setContentType( "text/html" );
requestProxy.setAttribute( "User-Agent", userAgent );
requestProxy.setAttribute("idInode", String.valueOf(idInode));
/* Set long lived cookie regardless of who this is */
String _dotCMSID = UtilMethods.getCookieValue(
requestProxy.getCookies(),
com.dotmarketing.util.WebKeys.LONG_LIVED_DOTCMS_ID_COOKIE);
if (!UtilMethods.isSet(_dotCMSID)) {
/* create unique generator engine */
Cookie idCookie = CookieUtil.createCookie();
responseProxy.addCookie(idCookie);
}
requestProxy.put("host", host);
requestProxy.put("host_id", host.getIdentifier());
requestProxy.put("uri", uri);
requestProxy.put("user", user);
if(!liveMode){
requestProxy.setAttribute(WebKeys.PREVIEW_MODE_SESSION, "true");
}
boolean signedIn = false;
if (user != null) {
signedIn = true;
}
Identifier ident = APILocator.getIdentifierAPI().find(host, uri);
Logger.debug(HTMLPageAPIImpl.class, "Page Permissions for URI=" + uri);
HTMLPage pageProxy = new HTMLPage();
pageProxy.setIdentifier(ident.getInode());
// Check if the page is visible by a CMS Anonymous role
try {
if (!permissionAPI.doesUserHavePermission(pageProxy,
PermissionAPI.PERMISSION_READ, user, true)) {
// this page is protected. not anonymous access
/*******************************************************************
* If we need to redirect someone somewhere to login before
* seeing a page, we need to edit the /portal/401.jsp page to
* sendRedirect the user to the proper login page. We are not
* using the REDIRECT_TO_LOGIN variable in the config any
* longer.
******************************************************************/
if (!signedIn) {
// No need for the below LAST_PATH attribute on the front
// end http://jira.dotmarketing.net/browse/DOTCMS-2675
// request.getSession().setAttribute(WebKeys.LAST_PATH,
// new ObjectValuePair(uri, request.getParameterMap()));
requestProxy.getSession().setAttribute(
com.dotmarketing.util.WebKeys.REDIRECT_AFTER_LOGIN,
uri);
Logger.debug(HTMLPageAPIImpl.class,
"VELOCITY CHECKING PERMISSION: Page doesn't have anonymous access"
+ uri);
Logger.debug(HTMLPageAPIImpl.class, "401 URI = " + uri);
Logger.debug(HTMLPageAPIImpl.class, "Unauthorized URI = "
+ uri);
responseProxy.sendError(401,
"The requested page/file is unauthorized");
return "An SYSTEM ERROR OCCURED !";
} else if (!permissionAPI.getReadRoles(ident).contains(
APILocator.getRoleAPI().loadLoggedinSiteRole())) {
// user is logged in need to check user permissions
Logger.debug(HTMLPageAPIImpl.class,
"VELOCITY CHECKING PERMISSION: User signed in");
// check user permissions on this asset
if (!permissionAPI.doesUserHavePermission(ident,
PermissionAPI.PERMISSION_READ, user, true)) {
// the user doesn't have permissions to see this page
// go to unauthorized page
Logger
.warn(HTMLPageAPIImpl.class,
"VELOCITY CHECKING PERMISSION: Page doesn't have any access for this user");
responseProxy.sendError(403,
"The requested page/file is forbidden");
return "PAGE NOT FOUND!";
}
}
}