1 package org.apache.turbine.modules.actions;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import org.apache.commons.configuration.Configuration;
20
21 import org.apache.turbine.Turbine;
22 import org.apache.turbine.TurbineConstants;
23 import org.apache.turbine.modules.Action;
24 import org.apache.turbine.om.security.User;
25 import org.apache.turbine.services.security.TurbineSecurity;
26 import org.apache.turbine.util.RunData;
27 import org.apache.turbine.util.security.AccessControlList;
28 import org.apache.turbine.util.security.TurbineSecurityException;
29
30 /***
31 * This action removes a user from the session. It makes sure to save
32 * the User object in the session.
33 *
34 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
35 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
36 * @version $Id: LogoutUser.java 264148 2005-08-29 14:21:04Z henning $
37 */
38 public class LogoutUser
39 extends Action
40 {
41 /***
42 * Clears the RunData user object back to an anonymous status not
43 * logged in, and with a null ACL. If the tr.props ACTION_LOGIN
44 * is anthing except "LogoutUser", flow is transfered to the
45 * SCREEN_HOMEPAGE
46 *
47 * If this action name is the value of action.logout then we are
48 * being run before the session validator, so we don't need to
49 * set the screen (we assume that the session validator will handle
50 * that). This is basically still here simply to preserve old behaviour
51 * - it is recommended that action.logout is set to "LogoutUser" and
52 * that the session validator does handle setting the screen/template
53 * for a logged out (read not-logged-in) user.
54 *
55 * @param data Turbine information.
56 * @exception TurbineSecurityException a problem occured in the security
57 * service.
58 */
59 public void doPerform(RunData data)
60 throws TurbineSecurityException
61 {
62 User user = data.getUser();
63
64 if (!TurbineSecurity.isAnonymousUser(user))
65 {
66
67 if (!user.hasLoggedIn())
68 {
69 return;
70 }
71
72 user.setHasLoggedIn(Boolean.FALSE);
73 TurbineSecurity.saveUser(user);
74 }
75
76 Configuration conf = Turbine.getConfiguration();
77
78 data.setMessage(conf.getString(TurbineConstants.LOGOUT_MESSAGE, ""));
79
80
81
82 data.setACL(null);
83
84
85 data.setUser(TurbineSecurity.getAnonymousUser());
86 data.save();
87
88
89
90
91 data.getSession().removeAttribute(AccessControlList.SESSION_KEY);
92
93
94
95
96
97
98
99
100 if (!conf.getString(TurbineConstants.ACTION_LOGOUT_KEY,
101 TurbineConstants.ACTION_LOGOUT_DEFAULT)
102 .equals(TurbineConstants.ACTION_LOGOUT_DEFAULT))
103 {
104 data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE));
105 }
106 }
107 }