1 package org.apache.turbine.modules.actions.sessionvalidator;
2
3 import org.apache.turbine.TurbineConstants;
4 import org.apache.turbine.annotation.TurbineConfiguration;
5 import org.apache.turbine.annotation.TurbineService;
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26 import org.apache.turbine.modules.Action;
27 import org.apache.turbine.services.security.SecurityService;
28 import org.apache.turbine.util.RunData;
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53 public abstract class SessionValidator implements Action
54 {
55
56 @TurbineService
57 protected SecurityService security;
58
59 @TurbineConfiguration( TurbineConstants.TEMPLATE_HOMEPAGE )
60 protected String templateHomepage;
61
62 @TurbineConfiguration( TurbineConstants.SCREEN_HOMEPAGE )
63 protected String screenHomepage;
64
65 @TurbineConfiguration( TurbineConstants.TEMPLATE_INVALID_STATE )
66 protected String templateInvalidState;
67
68 @TurbineConfiguration( TurbineConstants.SCREEN_INVALID_STATE )
69 protected String screenInvalidState;
70
71
72
73
74
75
76
77
78
79 protected void handleFormCounterToken( RunData data, boolean screenOnly )
80 {
81 if (data.getParameters().containsKey("_session_access_counter"))
82 {
83 if (screenOnly) {
84
85 if (data.getParameters().getInt("_session_access_counter")
86 < (((Integer) data.getUser().getTemp(
87 "_session_access_counter")).intValue() - 1))
88 {
89 data.getUser().setTemp("prev_screen", data.getScreen());
90 data.getUser().setTemp("prev_parameters", data.getParameters());
91 data.setScreen(screenInvalidState);
92 data.setAction("");
93 }
94 } else {
95 if (!security.isAnonymousUser(data.getUser()))
96 {
97
98 if (data.getParameters().getInt("_session_access_counter")
99 < (((Integer) data.getUser().getTemp(
100 "_session_access_counter")).intValue() - 1))
101 {
102 if (data.getTemplateInfo().getScreenTemplate() != null)
103 {
104 data.getUser().setTemp("prev_template",
105 data.getTemplateInfo().getScreenTemplate()
106 .replace('/', ','));
107 data.getTemplateInfo().setScreenTemplate(templateInvalidState);
108 }
109 else
110 {
111 data.getUser().setTemp("prev_screen",
112 data.getScreen().replace('/', ','));
113 data.setScreen(screenInvalidState);
114 }
115 data.getUser().setTemp("prev_parameters", data.getParameters());
116 data.setAction("");
117 }
118 }
119 }
120 }
121
122 }
123
124 }