001: package org.apache.turbine.modules.actions.sessionvalidator;
002:
003: /*
004: * Copyright 2001-2005 The Apache Software Foundation.
005: *
006: * Licensed under the Apache License, Version 2.0 (the "License")
007: * you may not use this file except in compliance with the License.
008: * You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing, software
013: * distributed under the License is distributed on an "AS IS" BASIS,
014: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015: * See the License for the specific language governing permissions and
016: * limitations under the License.
017: */
018:
019: import org.apache.commons.configuration.Configuration;
020:
021: import org.apache.commons.lang.StringUtils;
022:
023: import org.apache.commons.logging.Log;
024: import org.apache.commons.logging.LogFactory;
025:
026: import org.apache.turbine.Turbine;
027: import org.apache.turbine.TurbineConstants;
028:
029: import org.apache.turbine.services.security.TurbineSecurity;
030:
031: import org.apache.turbine.util.RunData;
032: import org.apache.turbine.util.TurbineException;
033:
034: /**
035: * SessionValidator for use with the Template Service, the
036: * TemplateSessionValidator is virtually identical to the
037: * TemplateSecureValidator except that it does not transfer to the
038: * login page when it detects a null user (or a user not logged in).
039: *
040: * <p>The Template Service requires a different Session Validator
041: * because of the way it handles screens.
042: *
043: * <p>Note that you will need to set the template.login property to the
044: * login template.
045: *
046: * @see TemplateSecureSessionValidator
047: * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
048: * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
049: * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
050: * @version $Id: TemplateSessionValidator.java 264148 2005-08-29 14:21:04Z henning $
051: */
052: public class TemplateSessionValidator extends SessionValidator {
053: /** Logging */
054: private static Log log = LogFactory
055: .getLog(TemplateSessionValidator.class);
056:
057: /**
058: * Execute the action.
059: *
060: * @param data Turbine information.
061: * @exception TurbineException The anonymous user could not be obtained
062: * from the security service
063: */
064: public void doPerform(RunData data) throws TurbineException {
065: Configuration conf = Turbine.getConfiguration();
066:
067: // Pull user from session.
068: data.populate();
069:
070: // The user may have not logged in, so create a "guest/anonymous" user.
071: if (data.getUser() == null) {
072: log.debug("Fixing up empty User Object!");
073: data.setUser(TurbineSecurity.getAnonymousUser());
074: data.save();
075: }
076:
077: // make sure we have some way to return a response
078: if (!data.hasScreen()
079: && StringUtils.isEmpty(data.getTemplateInfo()
080: .getScreenTemplate())) {
081: String template = conf
082: .getString(TurbineConstants.TEMPLATE_HOMEPAGE);
083:
084: if (StringUtils.isNotEmpty(template)) {
085: data.getTemplateInfo().setScreenTemplate(template);
086: } else {
087: data.setScreen(conf
088: .getString(TurbineConstants.SCREEN_HOMEPAGE));
089: }
090: }
091: // the session_access_counter can be placed as a hidden field in
092: // forms. This can be used to prevent a user from using the
093: // browsers back button and submitting stale data.
094: else if (data.getParameters().containsKey(
095: "_session_access_counter")
096: && !TurbineSecurity.isAnonymousUser(data.getUser())) {
097: // See comments in screens.error.InvalidState.
098: if (data.getParameters().getInt("_session_access_counter") < (((Integer) data
099: .getUser().getTemp("_session_access_counter"))
100: .intValue() - 1)) {
101: if (data.getTemplateInfo().getScreenTemplate() != null) {
102: data.getUser().setTemp(
103: "prev_template",
104: data.getTemplateInfo().getScreenTemplate()
105: .replace('/', ','));
106: data
107: .getTemplateInfo()
108: .setScreenTemplate(
109: conf
110: .getString(TurbineConstants.TEMPLATE_INVALID_STATE));
111: } else {
112: data.getUser().setTemp("prev_screen",
113: data.getScreen().replace('/', ','));
114: data
115: .setScreen(conf
116: .getString(TurbineConstants.SCREEN_INVALID_STATE));
117: }
118: data.getUser().setTemp("prev_parameters",
119: data.getParameters());
120: data.setAction("");
121: }
122: }
123:
124: // we do not want to allow both a screen and template parameter.
125: // The template parameter is dominant.
126: if (data.getTemplateInfo().getScreenTemplate() != null) {
127: data.setScreen(null);
128: }
129: }
130: }
|