1 package org.apache.turbine.modules.actions; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 22 import org.apache.commons.configuration.Configuration; 23 24 import org.apache.turbine.Turbine; 25 import org.apache.turbine.TurbineConstants; 26 import org.apache.turbine.modules.Action; 27 import org.apache.turbine.om.security.User; 28 import org.apache.turbine.pipeline.PipelineData; 29 import org.apache.turbine.services.security.TurbineSecurity; 30 import org.apache.turbine.util.RunData; 31 import org.apache.turbine.util.security.AccessControlList; 32 import org.apache.turbine.util.security.TurbineSecurityException; 33 34 /** 35 * This action removes a user from the session. It makes sure to save 36 * the User object in the session. 37 * 38 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 39 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 40 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 41 * @version $Id: LogoutUser.java 1066529 2011-02-02 17:01:46Z ludwig $ 42 */ 43 public class LogoutUser 44 extends Action 45 { 46 /** 47 * Clears the RunData user object back to an anonymous status not 48 * logged in, and with a null ACL. If the tr.props ACTION_LOGIN 49 * is anthing except "LogoutUser", flow is transfered to the 50 * SCREEN_HOMEPAGE 51 * 52 * If this action name is the value of action.logout then we are 53 * being run before the session validator, so we don't need to 54 * set the screen (we assume that the session validator will handle 55 * that). This is basically still here simply to preserve old behaviour 56 * - it is recommended that action.logout is set to "LogoutUser" and 57 * that the session validator does handle setting the screen/template 58 * for a logged out (read not-logged-in) user. 59 * 60 * @deprecated Use PipelineData version instead 61 * @param data Turbine information. 62 * @exception TurbineSecurityException a problem occured in the security 63 * service. 64 */ 65 @Deprecated 66 @Override 67 public void doPerform(RunData data) 68 throws TurbineSecurityException 69 { 70 User user = data.getUser(); 71 72 if (!TurbineSecurity.isAnonymousUser(user)) 73 { 74 // Make sure that the user has really logged in... 75 if (!user.hasLoggedIn()) 76 { 77 return; 78 } 79 80 user.setHasLoggedIn(Boolean.FALSE); 81 TurbineSecurity.saveUser(user); 82 } 83 84 Configuration conf = Turbine.getConfiguration(); 85 86 data.setMessage(conf.getString(TurbineConstants.LOGOUT_MESSAGE)); 87 88 // This will cause the acl to be removed from the session in 89 // the Turbine servlet code. 90 data.setACL(null); 91 92 // Retrieve an anonymous user. 93 data.setUser(TurbineSecurity.getAnonymousUser()); 94 data.save(); 95 96 // In the event that the current screen or related navigations 97 // require acl info, we cannot wait for Turbine to handle 98 // regenerating acl. 99 data.getSession().removeAttribute(AccessControlList.SESSION_KEY); 100 101 // If this action name is the value of action.logout then we are 102 // being run before the session validator, so we don't need to 103 // set the screen (we assume that the session validator will handle 104 // that). This is basically still here simply to preserve old behaviour 105 // - it is recommended that action.logout is set to "LogoutUser" and 106 // that the session validator does handle setting the screen/template 107 // for a logged out (read not-logged-in) user. 108 if (!conf.getString(TurbineConstants.ACTION_LOGOUT_KEY, 109 TurbineConstants.ACTION_LOGOUT_DEFAULT) 110 .equals(TurbineConstants.ACTION_LOGOUT_DEFAULT)) 111 { 112 data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE)); 113 } 114 } 115 116 /** 117 * Clears the RunData user object back to an anonymous status not 118 * logged in, and with a null ACL. If the tr.props ACTION_LOGIN 119 * is anthing except "LogoutUser", flow is transfered to the 120 * SCREEN_HOMEPAGE 121 * 122 * If this action name is the value of action.logout then we are 123 * being run before the session validator, so we don't need to 124 * set the screen (we assume that the session validator will handle 125 * that). This is basically still here simply to preserve old behaviour 126 * - it is recommended that action.logout is set to "LogoutUser" and 127 * that the session validator does handle setting the screen/template 128 * for a logged out (read not-logged-in) user. 129 * 130 * @param data Turbine information. 131 * @exception TurbineSecurityException a problem occured in the security 132 * service. 133 */ 134 @Override 135 public void doPerform(PipelineData pipelineData) 136 throws TurbineSecurityException 137 { 138 RunData data = getRunData(pipelineData); 139 doPerform(data); 140 } 141 }