DefaultSessionValidator xref

View Javadoc

1   package org.apache.turbine.modules.actions.sessionvalidator;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.commons.configuration.Configuration;
23  
24  import org.apache.commons.lang.StringUtils;
25  
26  import org.apache.commons.logging.Log;
27  import org.apache.commons.logging.LogFactory;
28  
29  import org.apache.turbine.Turbine;
30  import org.apache.turbine.TurbineConstants;
31  
32  import org.apache.turbine.services.security.TurbineSecurity;
33  
34  import org.apache.turbine.util.RunData;
35  import org.apache.turbine.util.TurbineException;
36  
37  /***
38   * The SessionValidator attempts to retrieve the User object from the
39   * Servlet API session that is associated with the request.  If the
40   * data cannot be retrieved, it is handled here.  If the user has not
41   * been marked as being logged into the system, the user is rejected
42   * and the screen is set to the screen.homepage value in
43   * TurbineResources.properties.
44   *
45   * <p>
46   *
47   * Other systems generally have a database table which stores this
48   * information, but we take advantage of the Servlet API here to save
49   * a hit to the database for each and every connection that a user
50   * makes.
51   *
52   * <p>
53   *
54   * This action is special in that it should only be executed by the
55   * Turbine servlet.
56   *
57   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
58   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
59   * @version $Id: DefaultSessionValidator.java 534527 2007-05-02 16:10:59Z tv $
60   */
61  public class DefaultSessionValidator
62      extends SessionValidator
63  {
64      /*** Logging */
65      private static Log log = LogFactory.getLog(DefaultSessionValidator.class);
66  
67      /***
68       * Execute the action.  The default is to populate the RunData
69       * object and, if the user is unknown, to force a login screen (as
70       * set in the tr.props).
71       *
72       * @see org.apache.turbine.modules.screens.error.InvalidState
73       * @param data Turbine RunData context information.
74       * @throws TurbineException The anonymous user could not be obtained
75       *         from the security service
76       */
77      public void doPerform(RunData data)
78              throws TurbineException
79      {
80          Configuration conf = Turbine.getConfiguration();
81  
82          // Pull user from session.
83          data.populate();
84  
85          // The user may have not logged in, so create a "guest/anonymous" user.
86          if (data.getUser() == null)
87          {
88              log.debug("Fixing up empty User Object!");
89              data.setUser(TurbineSecurity.getAnonymousUser());
90              data.save();
91          }
92  
93          // Make sure the User has logged into the system.
94          if (!data.getUser().hasLoggedIn())
95          {
96              // only set the message if nothing else has already set it
97              // (e.g. the LogoutUser action).
98              if (StringUtils.isEmpty(data.getMessage()))
99              {
100                 data.setMessage(conf.getString(TurbineConstants.LOGIN_MESSAGE));
101             }
102 
103             // set the screen to be the login page
104             data.setScreen(conf.getString(TurbineConstants.SCREEN_LOGIN));
105 
106             // We're not doing any actions buddy! (except action.login which
107             // will have been performed already)
108             data.setAction(null);
109         }
110 
111         if (!data.hasScreen())
112         {
113             data.setMessage(conf.getString(
114                     TurbineConstants.LOGIN_MESSAGE_NOSCREEN));
115             data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE));
116         }
117 
118         if (data.getParameters().containsKey("_session_access_counter"))
119         {
120             // See comments in screens.error.InvalidState.
121             if (data.getParameters().getInt("_session_access_counter")
122                     < (((Integer) data.getUser().getTemp(
123                     "_session_access_counter")).intValue() - 1))
124             {
125                 data.getUser().setTemp("prev_screen", data.getScreen());
126                 data.getUser().setTemp("prev_parameters", data.getParameters());
127                 data.setScreen(conf.getString(
128                         TurbineConstants.SCREEN_INVALID_STATE));
129                 data.setAction("");
130             }
131         }
132     }
133 }