001: package org.apache.turbine.modules.actions.sessionvalidator;
002:
003: /*
004: * Licensed to the Apache Software Foundation (ASF) under one
005: * or more contributor license agreements. See the NOTICE file
006: * distributed with this work for additional information
007: * regarding copyright ownership. The ASF licenses this file
008: * to you under the Apache License, Version 2.0 (the
009: * "License"); you may not use this file except in compliance
010: * with the License. You may obtain a copy of the License at
011: *
012: * http://www.apache.org/licenses/LICENSE-2.0
013: *
014: * Unless required by applicable law or agreed to in writing,
015: * software distributed under the License is distributed on an
016: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017: * KIND, either express or implied. See the License for the
018: * specific language governing permissions and limitations
019: * under the License.
020: */
021:
022: import org.apache.commons.configuration.Configuration;
023:
024: import org.apache.commons.lang.StringUtils;
025:
026: import org.apache.commons.logging.Log;
027: import org.apache.commons.logging.LogFactory;
028:
029: import org.apache.turbine.Turbine;
030: import org.apache.turbine.TurbineConstants;
031:
032: import org.apache.turbine.services.security.TurbineSecurity;
033:
034: import org.apache.turbine.util.RunData;
035: import org.apache.turbine.util.TurbineException;
036:
037: /**
038: * SessionValidator for use with the Template Service, the
039: * TemplateSessionValidator is virtually identical to the
040: * TemplateSecureValidator except that it does not transfer to the
041: * login page when it detects a null user (or a user not logged in).
042: *
043: * <p>The Template Service requires a different Session Validator
044: * because of the way it handles screens.
045: *
046: * <p>Note that you will need to set the template.login property to the
047: * login template.
048: *
049: * @see TemplateSecureSessionValidator
050: * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
051: * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
052: * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
053: * @version $Id: TemplateSessionValidator.java 534527 2007-05-02 16:10:59Z tv $
054: */
055: public class TemplateSessionValidator extends SessionValidator {
056: /** Logging */
057: private static Log log = LogFactory
058: .getLog(TemplateSessionValidator.class);
059:
060: /**
061: * Execute the action.
062: *
063: * @param data Turbine information.
064: * @exception TurbineException The anonymous user could not be obtained
065: * from the security service
066: */
067: public void doPerform(RunData data) throws TurbineException {
068: Configuration conf = Turbine.getConfiguration();
069:
070: // Pull user from session.
071: data.populate();
072:
073: // The user may have not logged in, so create a "guest/anonymous" user.
074: if (data.getUser() == null) {
075: log.debug("Fixing up empty User Object!");
076: data.setUser(TurbineSecurity.getAnonymousUser());
077: data.save();
078: }
079:
080: // make sure we have some way to return a response
081: if (!data.hasScreen()
082: && StringUtils.isEmpty(data.getTemplateInfo()
083: .getScreenTemplate())) {
084: String template = conf
085: .getString(TurbineConstants.TEMPLATE_HOMEPAGE);
086:
087: if (StringUtils.isNotEmpty(template)) {
088: data.getTemplateInfo().setScreenTemplate(template);
089: } else {
090: data.setScreen(conf
091: .getString(TurbineConstants.SCREEN_HOMEPAGE));
092: }
093: }
094: // the session_access_counter can be placed as a hidden field in
095: // forms. This can be used to prevent a user from using the
096: // browsers back button and submitting stale data.
097: else if (data.getParameters().containsKey(
098: "_session_access_counter")
099: && !TurbineSecurity.isAnonymousUser(data.getUser())) {
100: // See comments in screens.error.InvalidState.
101: if (data.getParameters().getInt("_session_access_counter") < (((Integer) data
102: .getUser().getTemp("_session_access_counter"))
103: .intValue() - 1)) {
104: if (data.getTemplateInfo().getScreenTemplate() != null) {
105: data.getUser().setTemp(
106: "prev_template",
107: data.getTemplateInfo().getScreenTemplate()
108: .replace('/', ','));
109: data
110: .getTemplateInfo()
111: .setScreenTemplate(
112: conf
113: .getString(TurbineConstants.TEMPLATE_INVALID_STATE));
114: } else {
115: data.getUser().setTemp("prev_screen",
116: data.getScreen().replace('/', ','));
117: data
118: .setScreen(conf
119: .getString(TurbineConstants.SCREEN_INVALID_STATE));
120: }
121: data.getUser().setTemp("prev_parameters",
122: data.getParameters());
123: data.setAction("");
124: }
125: }
126:
127: // we do not want to allow both a screen and template parameter.
128: // The template parameter is dominant.
129: if (data.getTemplateInfo().getScreenTemplate() != null) {
130: data.setScreen(null);
131: }
132: }
133: }
|