Coverage Report

Coverage Report - org.apache.turbine.modules.actions.sessionvalidator.SessionValidator

Classes in this File

1/25

0/12

 package org.apache.turbine.modules.actions.sessionvalidator;
 
 import org.apache.turbine.TurbineConstants;
 import org.apache.turbine.annotation.TurbineConfiguration;
 import org.apache.turbine.annotation.TurbineService;
 
 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 
 import org.apache.turbine.modules.Action;
 import org.apache.turbine.services.security.SecurityService;
 import org.apache.turbine.util.RunData;
 
 /**
  * The SessionValidator attempts to retrieve the User object from the
  * Servlet API session that is associated with the request.  If the
  * data cannot be retrieved, it is handled here.  If the user has not
  * been marked as being logged into the system, the user is rejected
  * and the screen is set to the screen.homepage value in
  * TurbineResources.properties.
  *
  * <p>
  * Other systems generally have a database table which stores this
  * information, but we take advantage of the Servlet API here to save
  * a hit to the database for each and every connection that a user
  * makes.
  * </p>
  *
  * <p>
  * This action is special in that it should only be executed by the
  * Turbine servlet.
  * </p>
  *
  * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
  * @version $Id: SessionValidator.java 1854786 2019-03-04 18:29:18Z tv $
  */
 public abstract class SessionValidator implements Action
 {
 
     @TurbineService
     protected SecurityService security;
 
     @TurbineConfiguration( TurbineConstants.TEMPLATE_HOMEPAGE )
     protected String templateHomepage;
 
     @TurbineConfiguration( TurbineConstants.SCREEN_HOMEPAGE )
     protected String screenHomepage;
 
     @TurbineConfiguration( TurbineConstants.TEMPLATE_INVALID_STATE )
     protected String templateInvalidState;
 
     @TurbineConfiguration( TurbineConstants.SCREEN_INVALID_STATE )
     protected String screenInvalidState;
 
     // the session_access_counter can be placed as a hidden field in
     // forms.  This can be used to prevent a user from using the
     // browsers back button and submitting stale data.
     /**
      *
      * @param data RunData object
      * @param screenOnly {@link DefaultSessionValidator}
      */
     protected void handleFormCounterToken( RunData data, boolean screenOnly )
     {
         if (data.getParameters().containsKey("_session_access_counter"))
         {
             if (screenOnly) {
                 // See comments in screens.error.InvalidState.
                 if (data.getParameters().getInt("_session_access_counter")
                         < (((Integer) data.getUser().getTemp(
                         "_session_access_counter")).intValue() - 1))
                 {
                     data.getUser().setTemp("prev_screen", data.getScreen());
                     data.getUser().setTemp("prev_parameters", data.getParameters());
                     data.setScreen(screenInvalidState);
                     data.setAction("");
                 }
             } else {
                 if (!security.isAnonymousUser(data.getUser()))
                 {
                     // See comments in screens.error.InvalidState.
                     if (data.getParameters().getInt("_session_access_counter")
                             < (((Integer) data.getUser().getTemp(
                             "_session_access_counter")).intValue() - 1))
                     {
                         if (data.getTemplateInfo().getScreenTemplate() != null)
                         {
                             data.getUser().setTemp("prev_template",
                                     data.getTemplateInfo().getScreenTemplate()
                                     .replace('/', ','));
                             data.getTemplateInfo().setScreenTemplate(templateInvalidState);
                         }
                         else
                         {
                             data.getUser().setTemp("prev_screen",
                                                    data.getScreen().replace('/', ','));
                             data.setScreen(screenInvalidState);
                         }
                         data.getUser().setTemp("prev_parameters", data.getParameters());
                         data.setAction("");
                     }
                 }
             }
         }
 
     }
     // empty
 }

1		package org.apache.turbine.modules.actions.sessionvalidator;
2
3		import org.apache.turbine.TurbineConstants;
4		import org.apache.turbine.annotation.TurbineConfiguration;
5		import org.apache.turbine.annotation.TurbineService;
6
7		/*
8		* Licensed to the Apache Software Foundation (ASF) under one
9		* or more contributor license agreements. See the NOTICE file
10		* distributed with this work for additional information
11		* regarding copyright ownership. The ASF licenses this file
12		* to you under the Apache License, Version 2.0 (the
13		* "License"); you may not use this file except in compliance
14		* with the License. You may obtain a copy of the License at
15		*
16		* http://www.apache.org/licenses/LICENSE-2.0
17		*
18		* Unless required by applicable law or agreed to in writing,
19		* software distributed under the License is distributed on an
20		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
21		* KIND, either express or implied. See the License for the
22		* specific language governing permissions and limitations
23		* under the License.
24		*/
25
26		import org.apache.turbine.modules.Action;
27		import org.apache.turbine.services.security.SecurityService;
28		import org.apache.turbine.util.RunData;
29
30		/**
31		* The SessionValidator attempts to retrieve the User object from the
32		* Servlet API session that is associated with the request. If the
33		* data cannot be retrieved, it is handled here. If the user has not
34		* been marked as being logged into the system, the user is rejected
35		* and the screen is set to the screen.homepage value in
36		* TurbineResources.properties.
37		*
38		* <p>
39		* Other systems generally have a database table which stores this
40		* information, but we take advantage of the Servlet API here to save
41		* a hit to the database for each and every connection that a user
42		* makes.
43		* </p>
44		*
45		* <p>
46		* This action is special in that it should only be executed by the
47		* Turbine servlet.
48		* </p>
49		*
50		* @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
51		* @version $Id: SessionValidator.java 1854786 2019-03-04 18:29:18Z tv $
52		*/
53	9	public abstract class SessionValidator implements Action
54		{
55
56		@TurbineService
57		protected SecurityService security;
58
59		@TurbineConfiguration( TurbineConstants.TEMPLATE_HOMEPAGE )
60		protected String templateHomepage;
61
62		@TurbineConfiguration( TurbineConstants.SCREEN_HOMEPAGE )
63		protected String screenHomepage;
64
65		@TurbineConfiguration( TurbineConstants.TEMPLATE_INVALID_STATE )
66		protected String templateInvalidState;
67
68		@TurbineConfiguration( TurbineConstants.SCREEN_INVALID_STATE )
69		protected String screenInvalidState;
70
71		// the session_access_counter can be placed as a hidden field in
72		// forms. This can be used to prevent a user from using the
73		// browsers back button and submitting stale data.
74		/**
75		*
76		* @param data RunData object
77		* @param screenOnly {@link DefaultSessionValidator}
78		*/
79		protected void handleFormCounterToken( RunData data, boolean screenOnly )
80		{
81	0	if (data.getParameters().containsKey("_session_access_counter"))
82		{
83	0	if (screenOnly) {
84		// See comments in screens.error.InvalidState.
85	0	if (data.getParameters().getInt("_session_access_counter")
86	0	< (((Integer) data.getUser().getTemp(
87	0	"_session_access_counter")).intValue() - 1))
88		{
89	0	data.getUser().setTemp("prev_screen", data.getScreen());
90	0	data.getUser().setTemp("prev_parameters", data.getParameters());
91	0	data.setScreen(screenInvalidState);
92	0	data.setAction("");
93		}
94		} else {
95	0	if (!security.isAnonymousUser(data.getUser()))
96		{
97		// See comments in screens.error.InvalidState.
98	0	if (data.getParameters().getInt("_session_access_counter")
99	0	< (((Integer) data.getUser().getTemp(
100	0	"_session_access_counter")).intValue() - 1))
101		{
102	0	if (data.getTemplateInfo().getScreenTemplate() != null)
103		{
104	0	data.getUser().setTemp("prev_template",
105	0	data.getTemplateInfo().getScreenTemplate()
106	0	.replace('/', ','));
107	0	data.getTemplateInfo().setScreenTemplate(templateInvalidState);
108		}
109		else
110		{
111	0	data.getUser().setTemp("prev_screen",
112	0	data.getScreen().replace('/', ','));
113	0	data.setScreen(screenInvalidState);
114		}
115	0	data.getUser().setTemp("prev_parameters", data.getParameters());
116	0	data.setAction("");
117		}
118		}
119		}
120		}
121
122	0	}
123		// empty
124		}