001 package org.apache.turbine.modules.actions.sessionvalidator; 002 003 /* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022 import org.apache.commons.configuration.Configuration; 023 024 import org.apache.commons.lang.StringUtils; 025 026 import org.apache.commons.logging.Log; 027 import org.apache.commons.logging.LogFactory; 028 029 import org.apache.turbine.Turbine; 030 import org.apache.turbine.TurbineConstants; 031 032 import org.apache.turbine.pipeline.PipelineData; 033 import org.apache.turbine.services.security.TurbineSecurity; 034 035 import org.apache.turbine.util.RunData; 036 import org.apache.turbine.util.TurbineException; 037 038 /** 039 * SessionValidator for use with the Template Service, the 040 * TemplateSessionValidator is virtually identical to the 041 * TemplateSecureValidator except that it does not transfer to the 042 * login page when it detects a null user (or a user not logged in). 043 * 044 * <p>The Template Service requires a different Session Validator 045 * because of the way it handles screens. 046 * 047 * <p>Note that you will need to set the template.login property to the 048 * login template. 049 * 050 * @see TemplateSecureSessionValidator 051 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a> 052 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 053 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 054 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 055 * @version $Id: TemplateSessionValidator.java 1066518 2011-02-02 16:30:53Z ludwig $ 056 */ 057 public class TemplateSessionValidator 058 extends SessionValidator 059 { 060 /** Logging */ 061 private static Log log = LogFactory.getLog(TemplateSessionValidator.class); 062 063 /** 064 * Execute the action. 065 * 066 * @deprecated Use PipelineData version instead. 067 * @param data Turbine information. 068 * @exception TurbineException The anonymous user could not be obtained 069 * from the security service 070 */ 071 @Deprecated 072 @Override 073 public void doPerform(RunData data) 074 throws TurbineException 075 { 076 Configuration conf = Turbine.getConfiguration(); 077 078 // Pull user from session. 079 data.populate(); 080 081 // The user may have not logged in, so create a "guest/anonymous" user. 082 if (data.getUser() == null) 083 { 084 log.debug("Fixing up empty User Object!"); 085 data.setUser(TurbineSecurity.getAnonymousUser()); 086 data.save(); 087 } 088 089 // make sure we have some way to return a response 090 if (!data.hasScreen() && StringUtils.isEmpty( 091 data.getTemplateInfo().getScreenTemplate())) 092 { 093 String template = conf.getString( 094 TurbineConstants.TEMPLATE_HOMEPAGE); 095 096 if (StringUtils.isNotEmpty(template)) 097 { 098 data.getTemplateInfo().setScreenTemplate(template); 099 } 100 else 101 { 102 data.setScreen(conf.getString( 103 TurbineConstants.SCREEN_HOMEPAGE)); 104 } 105 } 106 // the session_access_counter can be placed as a hidden field in 107 // forms. This can be used to prevent a user from using the 108 // browsers back button and submitting stale data. 109 else if (data.getParameters().containsKey("_session_access_counter") 110 && !TurbineSecurity.isAnonymousUser(data.getUser())) 111 { 112 // See comments in screens.error.InvalidState. 113 if (data.getParameters().getInt("_session_access_counter") 114 < (((Integer) data.getUser().getTemp( 115 "_session_access_counter")).intValue() - 1)) 116 { 117 if (data.getTemplateInfo().getScreenTemplate() != null) 118 { 119 data.getUser().setTemp("prev_template", 120 data.getTemplateInfo().getScreenTemplate() 121 .replace('/', ',')); 122 data.getTemplateInfo().setScreenTemplate(conf.getString( 123 TurbineConstants.TEMPLATE_INVALID_STATE)); 124 } 125 else 126 { 127 data.getUser().setTemp("prev_screen", 128 data.getScreen().replace('/', ',')); 129 data.setScreen(conf.getString( 130 TurbineConstants.SCREEN_INVALID_STATE)); 131 } 132 data.getUser().setTemp("prev_parameters", data.getParameters()); 133 data.setAction(""); 134 } 135 } 136 137 // we do not want to allow both a screen and template parameter. 138 // The template parameter is dominant. 139 if (data.getTemplateInfo().getScreenTemplate() != null) 140 { 141 data.setScreen(null); 142 } 143 } 144 145 /** 146 * Execute the action. 147 * 148 * @param pipelineData Turbine information. 149 * @exception TurbineException The anonymous user could not be obtained 150 * from the security service 151 */ 152 @Override 153 public void doPerform(PipelineData pipelineData) 154 throws TurbineException 155 { 156 RunData data = getRunData(pipelineData); 157 doPerform(data); 158 } 159 160 161 162 163 }