TemplateSessionValidator xref

View Javadoc

1   package org.apache.turbine.modules.actions.sessionvalidator;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.commons.configuration.Configuration;
23  
24  import org.apache.commons.lang.StringUtils;
25  
26  import org.apache.commons.logging.Log;
27  import org.apache.commons.logging.LogFactory;
28  
29  import org.apache.turbine.Turbine;
30  import org.apache.turbine.TurbineConstants;
31  
32  import org.apache.turbine.services.security.TurbineSecurity;
33  
34  import org.apache.turbine.util.RunData;
35  import org.apache.turbine.util.TurbineException;
36  
37  /***
38   * SessionValidator for use with the Template Service, the
39   * TemplateSessionValidator is virtually identical to the
40   * TemplateSecureValidator except that it does not transfer to the
41   * login page when it detects a null user (or a user not logged in).
42   *
43   * <p>The Template Service requires a different Session Validator
44   * because of the way it handles screens.
45   *
46   * <p>Note that you will need to set the template.login property to the
47   * login template.
48   *
49   * @see TemplateSecureSessionValidator
50   * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
51   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
52   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
53   * @version $Id: TemplateSessionValidator.java 534527 2007-05-02 16:10:59Z tv $
54   */
55  public class TemplateSessionValidator
56      extends SessionValidator
57  {
58      /*** Logging */
59      private static Log log = LogFactory.getLog(TemplateSessionValidator.class);
60  
61      /***
62       * Execute the action.
63       *
64       * @param data Turbine information.
65       * @exception TurbineException The anonymous user could not be obtained
66       *         from the security service
67       */
68      public void doPerform(RunData data)
69              throws TurbineException
70      {
71          Configuration conf = Turbine.getConfiguration();
72  
73          // Pull user from session.
74          data.populate();
75  
76          // The user may have not logged in, so create a "guest/anonymous" user.
77          if (data.getUser() == null)
78          {
79              log.debug("Fixing up empty User Object!");
80              data.setUser(TurbineSecurity.getAnonymousUser());
81              data.save();
82          }
83  
84          // make sure we have some way to return a response
85          if (!data.hasScreen() && StringUtils.isEmpty(
86                  data.getTemplateInfo().getScreenTemplate()))
87          {
88              String template = conf.getString(
89                      TurbineConstants.TEMPLATE_HOMEPAGE);
90  
91              if (StringUtils.isNotEmpty(template))
92              {
93                  data.getTemplateInfo().setScreenTemplate(template);
94              }
95              else
96              {
97                  data.setScreen(conf.getString(
98                          TurbineConstants.SCREEN_HOMEPAGE));
99              }
100         }
101         // the session_access_counter can be placed as a hidden field in
102         // forms.  This can be used to prevent a user from using the
103         // browsers back button and submitting stale data.
104         else if (data.getParameters().containsKey("_session_access_counter")
105                 && !TurbineSecurity.isAnonymousUser(data.getUser()))
106         {
107             // See comments in screens.error.InvalidState.
108             if (data.getParameters().getInt("_session_access_counter")
109                     < (((Integer) data.getUser().getTemp(
110                     "_session_access_counter")).intValue() - 1))
111             {
112                 if (data.getTemplateInfo().getScreenTemplate() != null)
113                 {
114                     data.getUser().setTemp("prev_template",
115                             data.getTemplateInfo().getScreenTemplate()
116                             .replace('/', ','));
117                     data.getTemplateInfo().setScreenTemplate(conf.getString(
118                             TurbineConstants.TEMPLATE_INVALID_STATE));
119                 }
120                 else
121                 {
122                     data.getUser().setTemp("prev_screen",
123                                            data.getScreen().replace('/', ','));
124                     data.setScreen(conf.getString(
125                             TurbineConstants.SCREEN_INVALID_STATE));
126                 }
127                 data.getUser().setTemp("prev_parameters", data.getParameters());
128                 data.setAction("");
129             }
130         }
131 
132         // we do not want to allow both a screen and template parameter.
133         // The template parameter is dominant.
134         if (data.getTemplateInfo().getScreenTemplate() != null)
135         {
136             data.setScreen(null);
137         }
138     }
139 }