View Javadoc

1   package org.apache.turbine.modules.actions.sessionvalidator;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import org.apache.commons.configuration.Configuration;
20  
21  import org.apache.commons.lang.StringUtils;
22  
23  import org.apache.commons.logging.Log;
24  import org.apache.commons.logging.LogFactory;
25  
26  import org.apache.turbine.Turbine;
27  import org.apache.turbine.TurbineConstants;
28  
29  import org.apache.turbine.services.security.TurbineSecurity;
30  
31  import org.apache.turbine.util.RunData;
32  import org.apache.turbine.util.TurbineException;
33  
34  /***
35   * SessionValidator for use with the Template Service, the
36   * TemplateSessionValidator is virtually identical to the
37   * TemplateSecureValidator except that it does not transfer to the
38   * login page when it detects a null user (or a user not logged in).
39   *
40   * <p>The Template Service requires a different Session Validator
41   * because of the way it handles screens.
42   *
43   * <p>Note that you will need to set the template.login property to the
44   * login template.
45   *
46   * @see TemplateSecureSessionValidator
47   * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
48   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
49   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
50   * @version $Id: TemplateSessionValidator.java 264148 2005-08-29 14:21:04Z henning $
51   */
52  public class TemplateSessionValidator
53      extends SessionValidator
54  {
55      /*** Logging */
56      private static Log log = LogFactory.getLog(TemplateSessionValidator.class);
57  
58      /***
59       * Execute the action.
60       *
61       * @param data Turbine information.
62       * @exception TurbineException The anonymous user could not be obtained
63       *         from the security service
64       */
65      public void doPerform(RunData data)
66              throws TurbineException
67      {
68          Configuration conf = Turbine.getConfiguration();
69  
70          // Pull user from session.
71          data.populate();
72  
73          // The user may have not logged in, so create a "guest/anonymous" user.
74          if (data.getUser() == null)
75          {
76              log.debug("Fixing up empty User Object!");
77              data.setUser(TurbineSecurity.getAnonymousUser());
78              data.save();
79          }
80  
81          // make sure we have some way to return a response
82          if (!data.hasScreen() && StringUtils.isEmpty(
83                  data.getTemplateInfo().getScreenTemplate()))
84          {
85              String template = conf.getString(
86                      TurbineConstants.TEMPLATE_HOMEPAGE);
87  
88              if (StringUtils.isNotEmpty(template))
89              {
90                  data.getTemplateInfo().setScreenTemplate(template);
91              }
92              else
93              {
94                  data.setScreen(conf.getString(
95                          TurbineConstants.SCREEN_HOMEPAGE));
96              }
97          }
98          // the session_access_counter can be placed as a hidden field in
99          // forms.  This can be used to prevent a user from using the
100         // browsers back button and submitting stale data.
101         else if (data.getParameters().containsKey("_session_access_counter")
102                 && !TurbineSecurity.isAnonymousUser(data.getUser()))
103         {
104             // See comments in screens.error.InvalidState.
105             if (data.getParameters().getInt("_session_access_counter")
106                     < (((Integer) data.getUser().getTemp(
107                     "_session_access_counter")).intValue() - 1))
108             {
109                 if (data.getTemplateInfo().getScreenTemplate() != null)
110                 {
111                     data.getUser().setTemp("prev_template",
112                             data.getTemplateInfo().getScreenTemplate()
113                             .replace('/', ','));
114                     data.getTemplateInfo().setScreenTemplate(conf.getString(
115                             TurbineConstants.TEMPLATE_INVALID_STATE));
116                 }
117                 else
118                 {
119                     data.getUser().setTemp("prev_screen",
120                                            data.getScreen().replace('/', ','));
121                     data.setScreen(conf.getString(
122                             TurbineConstants.SCREEN_INVALID_STATE));
123                 }
124                 data.getUser().setTemp("prev_parameters", data.getParameters());
125                 data.setAction("");
126             }
127         }
128 
129         // we do not want to allow both a screen and template parameter.
130         // The template parameter is dominant.
131         if (data.getTemplateInfo().getScreenTemplate() != null)
132         {
133             data.setScreen(null);
134         }
135     }
136 }