View Javadoc

1   package org.apache.turbine.modules.actions.sessionvalidator;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import org.apache.commons.configuration.Configuration;
20  
21  import org.apache.commons.lang.StringUtils;
22  
23  import org.apache.commons.logging.Log;
24  import org.apache.commons.logging.LogFactory;
25  
26  import org.apache.turbine.Turbine;
27  import org.apache.turbine.TurbineConstants;
28  
29  import org.apache.turbine.services.security.TurbineSecurity;
30  
31  import org.apache.turbine.util.RunData;
32  import org.apache.turbine.util.TurbineException;
33  
34  /***
35   * The SessionValidator attempts to retrieve the User object from the
36   * Servlet API session that is associated with the request.  If the
37   * data cannot be retrieved, it is handled here.  If the user has not
38   * been marked as being logged into the system, the user is rejected
39   * and the screen is set to the screen.homepage value in
40   * TurbineResources.properties.
41   *
42   * <p>
43   *
44   * Other systems generally have a database table which stores this
45   * information, but we take advantage of the Servlet API here to save
46   * a hit to the database for each and every connection that a user
47   * makes.
48   *
49   * <p>
50   *
51   * This action is special in that it should only be executed by the
52   * Turbine servlet.
53   *
54   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
55   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
56   * @version $Id: DefaultSessionValidator.java 264148 2005-08-29 14:21:04Z henning $
57   */
58  public class DefaultSessionValidator
59      extends SessionValidator
60  {
61      /*** Logging */
62      private static Log log = LogFactory.getLog(DefaultSessionValidator.class);
63  
64      /***
65       * Execute the action.  The default is to populate the RunData
66       * object and, if the user is unknown, to force a login screen (as
67       * set in the tr.props).
68       *
69       * @see org.apache.turbine.modules.screens.error.InvalidState
70       * @param data Turbine RunData context information.
71       * @throws TurbineException The anonymous user could not be obtained
72       *         from the security service
73       */
74      public void doPerform(RunData data)
75              throws TurbineException
76      {
77          Configuration conf = Turbine.getConfiguration();
78  
79          // Pull user from session.
80          data.populate();
81  
82          // The user may have not logged in, so create a "guest/anonymous" user.
83          if (data.getUser() == null)
84          {
85              log.debug("Fixing up empty User Object!");
86              data.setUser(TurbineSecurity.getAnonymousUser());
87              data.save();
88          }
89  
90          // Make sure the User has logged into the system.
91          if (!data.getUser().hasLoggedIn())
92          {
93              // only set the message if nothing else has already set it
94              // (e.g. the LogoutUser action).
95              if (StringUtils.isEmpty(data.getMessage()))
96              {
97                  data.setMessage(conf.getString(TurbineConstants.LOGIN_MESSAGE));
98              }
99  
100             // set the screen to be the login page
101             data.setScreen(conf.getString(TurbineConstants.SCREEN_LOGIN));
102 
103             // We're not doing any actions buddy! (except action.login which
104             // will have been performed already)
105             data.setAction(null);
106         }
107 
108         if (!data.hasScreen())
109         {
110             data.setMessage(conf.getString(
111                     TurbineConstants.LOGIN_MESSAGE_NOSCREEN));
112             data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE));
113         }
114 
115         if (data.getParameters().containsKey("_session_access_counter"))
116         {
117             // See comments in screens.error.InvalidState.
118             if (data.getParameters().getInt("_session_access_counter")
119                     < (((Integer) data.getUser().getTemp(
120                     "_session_access_counter")).intValue() - 1))
121             {
122                 data.getUser().setTemp("prev_screen", data.getScreen());
123                 data.getUser().setTemp("prev_parameters", data.getParameters());
124                 data.setScreen(conf.getString(
125                         TurbineConstants.SCREEN_INVALID_STATE));
126                 data.setAction("");
127             }
128         }
129     }
130 }