1 package org.apache.turbine.modules.actions.sessionvalidator;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import org.apache.commons.configuration.Configuration;
20
21 import org.apache.commons.lang.StringUtils;
22
23 import org.apache.commons.logging.Log;
24 import org.apache.commons.logging.LogFactory;
25
26 import org.apache.turbine.Turbine;
27 import org.apache.turbine.TurbineConstants;
28
29 import org.apache.turbine.services.security.TurbineSecurity;
30
31 import org.apache.turbine.util.RunData;
32 import org.apache.turbine.util.TurbineException;
33
34 /***
35 * The SessionValidator attempts to retrieve the User object from the
36 * Servlet API session that is associated with the request. If the
37 * data cannot be retrieved, it is handled here. If the user has not
38 * been marked as being logged into the system, the user is rejected
39 * and the screen is set to the screen.homepage value in
40 * TurbineResources.properties.
41 *
42 * <p>
43 *
44 * Other systems generally have a database table which stores this
45 * information, but we take advantage of the Servlet API here to save
46 * a hit to the database for each and every connection that a user
47 * makes.
48 *
49 * <p>
50 *
51 * This action is special in that it should only be executed by the
52 * Turbine servlet.
53 *
54 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
55 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
56 * @version $Id: DefaultSessionValidator.java 264148 2005-08-29 14:21:04Z henning $
57 */
58 public class DefaultSessionValidator
59 extends SessionValidator
60 {
61 /*** Logging */
62 private static Log log = LogFactory.getLog(DefaultSessionValidator.class);
63
64 /***
65 * Execute the action. The default is to populate the RunData
66 * object and, if the user is unknown, to force a login screen (as
67 * set in the tr.props).
68 *
69 * @see org.apache.turbine.modules.screens.error.InvalidState
70 * @param data Turbine RunData context information.
71 * @throws TurbineException The anonymous user could not be obtained
72 * from the security service
73 */
74 public void doPerform(RunData data)
75 throws TurbineException
76 {
77 Configuration conf = Turbine.getConfiguration();
78
79
80 data.populate();
81
82
83 if (data.getUser() == null)
84 {
85 log.debug("Fixing up empty User Object!");
86 data.setUser(TurbineSecurity.getAnonymousUser());
87 data.save();
88 }
89
90
91 if (!data.getUser().hasLoggedIn())
92 {
93
94
95 if (StringUtils.isEmpty(data.getMessage()))
96 {
97 data.setMessage(conf.getString(TurbineConstants.LOGIN_MESSAGE));
98 }
99
100
101 data.setScreen(conf.getString(TurbineConstants.SCREEN_LOGIN));
102
103
104
105 data.setAction(null);
106 }
107
108 if (!data.hasScreen())
109 {
110 data.setMessage(conf.getString(
111 TurbineConstants.LOGIN_MESSAGE_NOSCREEN));
112 data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE));
113 }
114
115 if (data.getParameters().containsKey("_session_access_counter"))
116 {
117
118 if (data.getParameters().getInt("_session_access_counter")
119 < (((Integer) data.getUser().getTemp(
120 "_session_access_counter")).intValue() - 1))
121 {
122 data.getUser().setTemp("prev_screen", data.getScreen());
123 data.getUser().setTemp("prev_parameters", data.getParameters());
124 data.setScreen(conf.getString(
125 TurbineConstants.SCREEN_INVALID_STATE));
126 data.setAction("");
127 }
128 }
129 }
130 }