Coverage Report - org.apache.turbine.modules.actions.sessionvalidator.SessionValidator
 
Classes in this File Line Coverage Branch Coverage Complexity
SessionValidator
4%
1/25
0%
0/12
7
 
 1  
 package org.apache.turbine.modules.actions.sessionvalidator;
 2  
 
 3  
 import org.apache.turbine.TurbineConstants;
 4  
 import org.apache.turbine.annotation.TurbineConfiguration;
 5  
 import org.apache.turbine.annotation.TurbineService;
 6  
 
 7  
 /*
 8  
  * Licensed to the Apache Software Foundation (ASF) under one
 9  
  * or more contributor license agreements.  See the NOTICE file
 10  
  * distributed with this work for additional information
 11  
  * regarding copyright ownership.  The ASF licenses this file
 12  
  * to you under the Apache License, Version 2.0 (the
 13  
  * "License"); you may not use this file except in compliance
 14  
  * with the License.  You may obtain a copy of the License at
 15  
  *
 16  
  *   http://www.apache.org/licenses/LICENSE-2.0
 17  
  *
 18  
  * Unless required by applicable law or agreed to in writing,
 19  
  * software distributed under the License is distributed on an
 20  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 21  
  * KIND, either express or implied.  See the License for the
 22  
  * specific language governing permissions and limitations
 23  
  * under the License.
 24  
  */
 25  
 
 26  
 import org.apache.turbine.modules.Action;
 27  
 import org.apache.turbine.services.security.SecurityService;
 28  
 import org.apache.turbine.util.RunData;
 29  
 
 30  
 /**
 31  
  * The SessionValidator attempts to retrieve the User object from the
 32  
  * Servlet API session that is associated with the request.  If the
 33  
  * data cannot be retrieved, it is handled here.  If the user has not
 34  
  * been marked as being logged into the system, the user is rejected
 35  
  * and the screen is set to the screen.homepage value in
 36  
  * TurbineResources.properties.
 37  
  *
 38  
  * <p>
 39  
  * Other systems generally have a database table which stores this
 40  
  * information, but we take advantage of the Servlet API here to save
 41  
  * a hit to the database for each and every connection that a user
 42  
  * makes.
 43  
  * </p>
 44  
  *
 45  
  * <p>
 46  
  * This action is special in that it should only be executed by the
 47  
  * Turbine servlet.
 48  
  * </p>
 49  
  *
 50  
  * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
 51  
  * @version $Id: SessionValidator.java 1854786 2019-03-04 18:29:18Z tv $
 52  
  */
 53  9
 public abstract class SessionValidator implements Action
 54  
 {
 55  
 
 56  
     @TurbineService
 57  
     protected SecurityService security;
 58  
 
 59  
     @TurbineConfiguration( TurbineConstants.TEMPLATE_HOMEPAGE )
 60  
     protected String templateHomepage;
 61  
 
 62  
     @TurbineConfiguration( TurbineConstants.SCREEN_HOMEPAGE )
 63  
     protected String screenHomepage;
 64  
 
 65  
     @TurbineConfiguration( TurbineConstants.TEMPLATE_INVALID_STATE )
 66  
     protected String templateInvalidState;
 67  
 
 68  
     @TurbineConfiguration( TurbineConstants.SCREEN_INVALID_STATE )
 69  
     protected String screenInvalidState;
 70  
 
 71  
     // the session_access_counter can be placed as a hidden field in
 72  
     // forms.  This can be used to prevent a user from using the
 73  
     // browsers back button and submitting stale data.
 74  
     /**
 75  
      *
 76  
      * @param data RunData object
 77  
      * @param screenOnly {@link DefaultSessionValidator}
 78  
      */
 79  
     protected void handleFormCounterToken( RunData data, boolean screenOnly )
 80  
     {
 81  0
         if (data.getParameters().containsKey("_session_access_counter"))
 82  
         {
 83  0
             if (screenOnly) {
 84  
                 // See comments in screens.error.InvalidState.
 85  0
                 if (data.getParameters().getInt("_session_access_counter")
 86  0
                         < (((Integer) data.getUser().getTemp(
 87  0
                         "_session_access_counter")).intValue() - 1))
 88  
                 {
 89  0
                     data.getUser().setTemp("prev_screen", data.getScreen());
 90  0
                     data.getUser().setTemp("prev_parameters", data.getParameters());
 91  0
                     data.setScreen(screenInvalidState);
 92  0
                     data.setAction("");
 93  
                 }
 94  
             } else {
 95  0
                 if (!security.isAnonymousUser(data.getUser()))
 96  
                 {
 97  
                     // See comments in screens.error.InvalidState.
 98  0
                     if (data.getParameters().getInt("_session_access_counter")
 99  0
                             < (((Integer) data.getUser().getTemp(
 100  0
                             "_session_access_counter")).intValue() - 1))
 101  
                     {
 102  0
                         if (data.getTemplateInfo().getScreenTemplate() != null)
 103  
                         {
 104  0
                             data.getUser().setTemp("prev_template",
 105  0
                                     data.getTemplateInfo().getScreenTemplate()
 106  0
                                     .replace('/', ','));
 107  0
                             data.getTemplateInfo().setScreenTemplate(templateInvalidState);
 108  
                         }
 109  
                         else
 110  
                         {
 111  0
                             data.getUser().setTemp("prev_screen",
 112  0
                                                    data.getScreen().replace('/', ','));
 113  0
                             data.setScreen(screenInvalidState);
 114  
                         }
 115  0
                         data.getUser().setTemp("prev_parameters", data.getParameters());
 116  0
                         data.setAction("");
 117  
                     }
 118  
                 }
 119  
             }
 120  
         }
 121  
 
 122  0
     }
 123  
     // empty
 124  
 }