/********************************************************************************************************* * 프로그램명 : HttpGroupDelete.java 프로그램설명 : 사용자 그룹 삭제 작성자 : 작성일 : 변경일 : **********************************************************************************************************/ package kr.co.kihyun.beans.user; import kr.co.kihyun.lang.Encoder; import java.io.IOException; import java.io.PrintWriter; import javax.jdo.PersistenceManager; import javax.jdo.Transaction; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import kr.co.kihyun.beans.entity.UserPart; import kr.co.kihyun.beans.entity.util.*; //import kr.co.kihyun.lang.MLong; import kr.co.kihyun.lang.MString; import kr.co.kihyun.moumi.MoumiConfig; import kr.co.kihyun.text.html.ServletUtil; import kr.co.kihyun.text.javascript.JavaScriptUtil; import org.slf4j.LoggerFactory; import org.slf4j.Logger; @WebServlet("/servlet/kr.co.kihyun.beans.user.HttpGroupDelete") public class HttpGroupDelete extends HttpServlet { private static final Logger LOG = LoggerFactory.getLogger(HttpGroupDelete.class); /** * */ private static final long serialVersionUID = 1L; public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { doPost(req, res); } public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); res.setContentType("text/html;charset=UTF-8"); PrintWriter out = res.getWriter(); /*********** User HttpSSOLogin check ***********/ if (!HttpSSOLogin.isLogin(req)) { String connURL = "parent.parent.location='/totsys/login/login.jsp';"; out.println(ServletUtil.getJavaScript(connURL)); return; } String usID = HttpSSOLogin.getLoginID(req); int sysAuth = HttpSSOLogin.getSysAuth(req); // Long partID = MLong.parseLong(req.getParameter("partID"), -1L); String partID = Encoder.toJava(req.getParameter("partID")); //Long타입으로 되어있던 것을 String 타입으로 변경 String callbackFunc = MString.checkNull(req.getParameter("callbackFunc")); PersistenceManager pm = new MPersistenceManager(PMF.get().getPersistenceManager()); Transaction tx = pm.currentTransaction(); try { tx.begin(); UserPart userPart = pm.getObjectById(UserPart.class, partID); if (sysAuth == MoumiConfig.TOTPER && !usID.equals(userPart.getUser(pm).getId())) { out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notDeleteGroup"))); out.println(JavaScriptUtil .getJavaScript("document.location='/totsys/login/envsetting/group/group_setup.jsp';")); return; } if (userPart.getUserDepts() != null) pm.deletePersistentAll(userPart.getUserDepts()); if (userPart.getUserUsers() != null) pm.deletePersistentAll(userPart.getUserUsers()); pm.deletePersistent(userPart); tx.commit(); out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.deleteGroupSuccess"))); if( MString.isNull(callbackFunc) ) { out.println(JavaScriptUtil .getJavaScript("document.location='/totsys/login/envsetting/group/group_setup.jsp';")); }else{ out.println(ServletUtil.getJavaScript(callbackFunc)); } } catch (Exception e) { e.printStackTrace(); out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.deleteGroupFail"))); //v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN // out.println(JavaScriptUtil // .getJavaScript("document.location='/totsys/login/envsetting/group/group_setup.jsp';")); // 수정 : 외부 입력값 필터링 String callbackFunc2 = "document.location='/totsys/login/envsetting/group/group_setup.jsp';"; String filtered_callbackFunc2 = callbackFunc2.replaceAll("<","").replaceAll(">","").replaceAll("&","").replaceAll(",",""); LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : HttpGroupDelete.doPost() filtered_callbackFunc2={}, Not Test", filtered_callbackFunc2); out.println(ServletUtil.getJavaScript(filtered_callbackFunc2)); //======================================== } finally { if (tx.isActive()) tx.rollback(); pm.close(); } } }