Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
LogoutUser |
|
| 5.0;5 |
1 | package org.apache.turbine.modules.actions; | |
2 | ||
3 | /* | |
4 | * Licensed to the Apache Software Foundation (ASF) under one | |
5 | * or more contributor license agreements. See the NOTICE file | |
6 | * distributed with this work for additional information | |
7 | * regarding copyright ownership. The ASF licenses this file | |
8 | * to you under the Apache License, Version 2.0 (the | |
9 | * "License"); you may not use this file except in compliance | |
10 | * with the License. You may obtain a copy of the License at | |
11 | * | |
12 | * http://www.apache.org/licenses/LICENSE-2.0 | |
13 | * | |
14 | * Unless required by applicable law or agreed to in writing, | |
15 | * software distributed under the License is distributed on an | |
16 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
17 | * KIND, either express or implied. See the License for the | |
18 | * specific language governing permissions and limitations | |
19 | * under the License. | |
20 | */ | |
21 | ||
22 | import org.apache.fulcrum.security.util.FulcrumSecurityException; | |
23 | import org.apache.turbine.TurbineConstants; | |
24 | import org.apache.turbine.annotation.TurbineConfiguration; | |
25 | import org.apache.turbine.annotation.TurbineService; | |
26 | import org.apache.turbine.modules.Action; | |
27 | import org.apache.turbine.om.security.User; | |
28 | import org.apache.turbine.pipeline.PipelineData; | |
29 | import org.apache.turbine.services.security.SecurityService; | |
30 | import org.apache.turbine.util.RunData; | |
31 | ||
32 | /** | |
33 | * This action removes a user from the session. It makes sure to save | |
34 | * the User object in the session. | |
35 | * | |
36 | * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> | |
37 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> | |
38 | * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> | |
39 | * @version $Id: LogoutUser.java 1854797 2019-03-04 20:41:39Z tv $ | |
40 | */ | |
41 | 3 | public class LogoutUser implements Action |
42 | { | |
43 | /** Injected service instance */ | |
44 | @TurbineService | |
45 | private SecurityService security; | |
46 | ||
47 | @TurbineConfiguration( TurbineConstants.LOGOUT_MESSAGE ) | |
48 | private String logoutMessage; | |
49 | ||
50 | 3 | @TurbineConfiguration( TurbineConstants.ACTION_LOGOUT_KEY ) |
51 | private String actionLogout = TurbineConstants.ACTION_LOGOUT_DEFAULT; | |
52 | ||
53 | @TurbineConfiguration( TurbineConstants.SCREEN_HOMEPAGE ) | |
54 | private String screenHomepage; | |
55 | ||
56 | /** | |
57 | * Clears the PipelineData user object back to an anonymous status not | |
58 | * logged in, and with a null ACL. If the tr.props ACTION_LOGIN | |
59 | * is anything except "LogoutUser", flow is transfered to the | |
60 | * SCREEN_HOMEPAGE | |
61 | * | |
62 | * If this action name is the value of action.logout then we are | |
63 | * being run before the session validator, so we don't need to | |
64 | * set the screen (we assume that the session validator will handle | |
65 | * that). This is basically still here simply to preserve old behavior | |
66 | * - it is recommended that action.logout is set to "LogoutUser" and | |
67 | * that the session validator does handle setting the screen/template | |
68 | * for a logged out (read not-logged-in) user. | |
69 | * | |
70 | * @param pipelineData Turbine information. | |
71 | * @throws FulcrumSecurityException a problem occurred in the security | |
72 | * service. | |
73 | */ | |
74 | @Override | |
75 | public void doPerform(PipelineData pipelineData) | |
76 | throws FulcrumSecurityException | |
77 | { | |
78 | 3 | RunData data = pipelineData.getRunData(); |
79 | ||
80 | // Session validator did not run, so RunData is not populated | |
81 | 3 | User user = data.getUserFromSession(); |
82 | ||
83 | 3 | if (!security.isAnonymousUser(user)) |
84 | { | |
85 | // Make sure that the user has really logged in... | |
86 | 3 | if (!user.hasLoggedIn()) |
87 | { | |
88 | 0 | return; |
89 | } | |
90 | ||
91 | 3 | user.setHasLoggedIn(Boolean.FALSE); |
92 | 3 | security.saveUser(user); |
93 | } | |
94 | ||
95 | 3 | data.setMessage(logoutMessage); |
96 | ||
97 | // This will cause the acl to be removed from the session in | |
98 | // the Turbine servlet code. | |
99 | 3 | data.setACL(null); |
100 | ||
101 | // Retrieve an anonymous user. | |
102 | 3 | User anonymousUser = security.getAnonymousUser(); |
103 | 3 | data.setUser(anonymousUser); |
104 | 3 | data.save(); |
105 | ||
106 | // In the event that the current screen or related navigations | |
107 | // require acl info, we cannot wait for Turbine to handle | |
108 | // regenerating acl. | |
109 | 3 | data.getSession().removeAttribute(TurbineConstants.ACL_SESSION_KEY); |
110 | ||
111 | // If this action name is the value of action.logout then we are | |
112 | // being run before the session validator, so we don't need to | |
113 | // set the screen (we assume that the session validator will handle | |
114 | // that). This is basically still here simply to preserve old behavior | |
115 | // - it is recommended that action.logout is set to "LogoutUser" and | |
116 | // that the session validator does handle setting the screen/template | |
117 | // for a logged out (read not-logged-in) user. | |
118 | 3 | if (!actionLogout.equals(TurbineConstants.ACTION_LOGOUT_DEFAULT)) |
119 | { | |
120 | 0 | data.setScreen(screenHomepage); |
121 | } | |
122 | 3 | } |
123 | } |