1 package org.apache.turbine.modules.actions.sessionvalidator;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.commons.configuration.Configuration;
23
24 import org.apache.commons.lang.StringUtils;
25
26 import org.apache.commons.logging.Log;
27 import org.apache.commons.logging.LogFactory;
28
29 import org.apache.turbine.Turbine;
30 import org.apache.turbine.TurbineConstants;
31
32 import org.apache.turbine.services.security.TurbineSecurity;
33
34 import org.apache.turbine.util.RunData;
35 import org.apache.turbine.util.TurbineException;
36
37 /***
38 * The SessionValidator attempts to retrieve the User object from the
39 * Servlet API session that is associated with the request. If the
40 * data cannot be retrieved, it is handled here. If the user has not
41 * been marked as being logged into the system, the user is rejected
42 * and the screen is set to the screen.homepage value in
43 * TurbineResources.properties.
44 *
45 * <p>
46 *
47 * Other systems generally have a database table which stores this
48 * information, but we take advantage of the Servlet API here to save
49 * a hit to the database for each and every connection that a user
50 * makes.
51 *
52 * <p>
53 *
54 * This action is special in that it should only be executed by the
55 * Turbine servlet.
56 *
57 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
58 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
59 * @version $Id: DefaultSessionValidator.java 534527 2007-05-02 16:10:59Z tv $
60 */
61 public class DefaultSessionValidator
62 extends SessionValidator
63 {
64 /*** Logging */
65 private static Log log = LogFactory.getLog(DefaultSessionValidator.class);
66
67 /***
68 * Execute the action. The default is to populate the RunData
69 * object and, if the user is unknown, to force a login screen (as
70 * set in the tr.props).
71 *
72 * @see org.apache.turbine.modules.screens.error.InvalidState
73 * @param data Turbine RunData context information.
74 * @throws TurbineException The anonymous user could not be obtained
75 * from the security service
76 */
77 public void doPerform(RunData data)
78 throws TurbineException
79 {
80 Configuration conf = Turbine.getConfiguration();
81
82
83 data.populate();
84
85
86 if (data.getUser() == null)
87 {
88 log.debug("Fixing up empty User Object!");
89 data.setUser(TurbineSecurity.getAnonymousUser());
90 data.save();
91 }
92
93
94 if (!data.getUser().hasLoggedIn())
95 {
96
97
98 if (StringUtils.isEmpty(data.getMessage()))
99 {
100 data.setMessage(conf.getString(TurbineConstants.LOGIN_MESSAGE));
101 }
102
103
104 data.setScreen(conf.getString(TurbineConstants.SCREEN_LOGIN));
105
106
107
108 data.setAction(null);
109 }
110
111 if (!data.hasScreen())
112 {
113 data.setMessage(conf.getString(
114 TurbineConstants.LOGIN_MESSAGE_NOSCREEN));
115 data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE));
116 }
117
118 if (data.getParameters().containsKey("_session_access_counter"))
119 {
120
121 if (data.getParameters().getInt("_session_access_counter")
122 < (((Integer) data.getUser().getTemp(
123 "_session_access_counter")).intValue() - 1))
124 {
125 data.getUser().setTemp("prev_screen", data.getScreen());
126 data.getUser().setTemp("prev_parameters", data.getParameters());
127 data.setScreen(conf.getString(
128 TurbineConstants.SCREEN_INVALID_STATE));
129 data.setAction("");
130 }
131 }
132 }
133 }