Package org.apache.turbine.modules.actions.sessionvalidator

Class TemplateSecureSessionValidator

  • All Implemented Interfaces:
    Action, Assembler
    public class TemplateSecureSessionValidator
extends SessionValidator
    SessionValidator that requires login for use with Template Services like Velocity or WebMacro.
    Templating services requires a different Session Validator because of the way it handles screens. If you use the WebMacro or Velocity Service with the DefaultSessionValidator, users will be able to bypass login by directly addressing the template using template/index.wm. This is because the Page class looks for the keyword "template" in the Path information and if it finds it will reset the screen using it's lookup mechanism and thereby bypass Login. Note that you will need to set the template.login property to the login template.
    Version:
    $Id$
    Author:
    John D. McNally, Dave Bryson, Henning P. Schmiedehausen, Peter Courcoux

    • Method Detail

      • doPerform

        public void doPerform​(PipelineData pipelineData)
               throws Exception
        doPerform is virtually identical to DefaultSessionValidator except that it calls template methods instead of bare screen methods. For example, it uses setScreenTemplate to load the tr.props TEMPLATE_LOGIN instead of the default's setScreen to TurbineConstants.SCREEN_LOGIN.
        Parameters:
        pipelineData - Turbine information.
        Throws:
        Exception - The anonymous user could not be obtained from the security service
        See Also:
        DefaultSessionValidator