1 package org.apache.turbine.modules.actions;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.commons.configuration.Configuration;
23
24 import org.apache.turbine.Turbine;
25 import org.apache.turbine.TurbineConstants;
26 import org.apache.turbine.modules.Action;
27 import org.apache.turbine.om.security.User;
28 import org.apache.turbine.services.security.TurbineSecurity;
29 import org.apache.turbine.util.RunData;
30 import org.apache.turbine.util.security.AccessControlList;
31 import org.apache.turbine.util.security.TurbineSecurityException;
32
33 /***
34 * This action removes a user from the session. It makes sure to save
35 * the User object in the session.
36 *
37 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
38 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
39 * @version $Id: LogoutUser.java 534527 2007-05-02 16:10:59Z tv $
40 */
41 public class LogoutUser
42 extends Action
43 {
44 /***
45 * Clears the RunData user object back to an anonymous status not
46 * logged in, and with a null ACL. If the tr.props ACTION_LOGIN
47 * is anthing except "LogoutUser", flow is transfered to the
48 * SCREEN_HOMEPAGE
49 *
50 * If this action name is the value of action.logout then we are
51 * being run before the session validator, so we don't need to
52 * set the screen (we assume that the session validator will handle
53 * that). This is basically still here simply to preserve old behaviour
54 * - it is recommended that action.logout is set to "LogoutUser" and
55 * that the session validator does handle setting the screen/template
56 * for a logged out (read not-logged-in) user.
57 *
58 * @param data Turbine information.
59 * @exception TurbineSecurityException a problem occured in the security
60 * service.
61 */
62 public void doPerform(RunData data)
63 throws TurbineSecurityException
64 {
65 User user = data.getUser();
66
67 if (!TurbineSecurity.isAnonymousUser(user))
68 {
69
70 if (!user.hasLoggedIn())
71 {
72 return;
73 }
74
75 user.setHasLoggedIn(Boolean.FALSE);
76 TurbineSecurity.saveUser(user);
77 }
78
79 Configuration conf = Turbine.getConfiguration();
80
81 data.setMessage(conf.getString(TurbineConstants.LOGOUT_MESSAGE, ""));
82
83
84
85 data.setACL(null);
86
87
88 data.setUser(TurbineSecurity.getAnonymousUser());
89 data.save();
90
91
92
93
94 data.getSession().removeAttribute(AccessControlList.SESSION_KEY);
95
96
97
98
99
100
101
102
103 if (!conf.getString(TurbineConstants.ACTION_LOGOUT_KEY,
104 TurbineConstants.ACTION_LOGOUT_DEFAULT)
105 .equals(TurbineConstants.ACTION_LOGOUT_DEFAULT))
106 {
107 data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE));
108 }
109 }
110 }