Coverage Report

Coverage Report - org.apache.turbine.pipeline.DefaultLoginValve

Classes in this File

Line Coverage

Branch Coverage

Complexity

DefaultLoginValve

63%

21/33

62%

10/16

4,667

 package org.apache.turbine.pipeline;
 
 
 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 
 
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.List;
 
 import javax.servlet.http.HttpSession;
 
 import org.apache.turbine.TurbineConstants;
 import org.apache.turbine.annotation.TurbineConfiguration;
 import org.apache.turbine.annotation.TurbineLoader;
 import org.apache.turbine.modules.Action;
 import org.apache.turbine.modules.ActionLoader;
 import org.apache.turbine.services.velocity.VelocityService;
 import org.apache.turbine.util.RunData;
 import org.apache.turbine.util.TurbineException;
 import org.apache.turbine.util.template.TemplateInfo;
 
 /**
  * Handles the Login and Logout actions in the request process
  * cycle.
  *
  * @author <a href="mailto:jvanzyl@apache.org">Jason van Zyl</a>
  * @author <a href="mailto:dlr@apache.org">Daniel Rall</a>
  * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
  * @version $Id: DefaultLoginValve.java 1854797 2019-03-04 20:41:39Z tv $
  */
 public class DefaultLoginValve
     implements Valve
 {
     /** Injected loader instance */
     @TurbineLoader( Action.class )
     private ActionLoader actionLoader;
 
     @TurbineConfiguration( TurbineConstants.ACTION_LOGIN_KEY )
     private String actionLogin;
 
     @TurbineConfiguration( TurbineConstants.ACTION_LOGOUT_KEY )
     private String actionLogout;
 
     /**
      * @see org.apache.turbine.pipeline.Valve#invoke(PipelineData, ValveContext)
      */
     @Override
     public void invoke(PipelineData pipelineData, ValveContext context)
         throws IOException, TurbineException
     {
         try
         {
             process(pipelineData);
         }
         catch (Exception e)
         {
             throw new TurbineException(e);
         }
 
         // Pass control to the next Valve in the Pipeline
         context.invokeNext(pipelineData);
     }
 
     /**
      * Handles user sessions, parsing of the action from the query
      * string, and access control.
      *
      * @param pipelineData The run-time data.
      *
      * @throws Exception if executing the action fails
      */
     protected void process(PipelineData pipelineData)
         throws Exception
     {
         RunData data = pipelineData.getRunData();
         // Special case for login and logout, this must happen before the
         // session validator is executed in order either to allow a user to
         // even login, or to ensure that the session validator gets to
         // mandate its page selection policy for non-logged in users
         // after the logout has taken place.
         String actionName = data.getAction();
         if (data.hasAction() &&
             actionName.equalsIgnoreCase(actionLogin) ||
             actionName.equalsIgnoreCase(actionLogout))
         {
             // If a User is logging in, we should refresh the
             // session here.  Invalidating session and starting a
             // new session would seem to be a good method, but I
             // (JDM) could not get this to work well (it always
             // required the user to login twice).  Maybe related
             // to JServ?  If we do not clear out the session, it
             // is possible a new User may accidently (if they
             // login incorrectly) continue on with information
             // associated with the previous User.  Currently the
             // only keys stored in the session are "turbine.user"
             // and "turbine.acl".
             if (actionName.equalsIgnoreCase(actionLogin))
             {
                 Enumeration<String> names = data.getSession().getAttributeNames();
                 if (names != null)
                 {
                     // copy keys into a new list, so we can clear the session
                     // and not get ConcurrentModificationException
                     List<String> nameList = new ArrayList<String>();
                     while (names.hasMoreElements())
                     {
                         nameList.add(names.nextElement());
                     }
 
                     HttpSession session = data.getSession();
                     for (String name : nameList)
                     {
                         try
                         {
                             session.removeAttribute(name);
                         }
                         catch (IllegalStateException invalidatedSession)
                         {
                             break;
                         }
                     }
                 }
             }
 
             actionLoader.exec(pipelineData, data.getAction());
             cleanupTemplateContext(data);
             data.setAction(null);
         }
     }
 
     /**
      * cleans the Velocity Context if available.
      *
      * @param data A RunData Object
      */
     private void cleanupTemplateContext(RunData data)
     {
         // This is Velocity specific and shouldn't be done here.
         // But this is a band aid until we get real listeners
         // here.
         TemplateInfo ti = data.getTemplateInfo();
         if (ti != null)
         {
             ti.removeTemp(VelocityService.CONTEXT);
         }
     }
 }

1		package org.apache.turbine.pipeline;
2
3
4		/*
5		* Licensed to the Apache Software Foundation (ASF) under one
6		* or more contributor license agreements. See the NOTICE file
7		* distributed with this work for additional information
8		* regarding copyright ownership. The ASF licenses this file
9		* to you under the Apache License, Version 2.0 (the
10		* "License"); you may not use this file except in compliance
11		* with the License. You may obtain a copy of the License at
12		*
13		* http://www.apache.org/licenses/LICENSE-2.0
14		*
15		* Unless required by applicable law or agreed to in writing,
16		* software distributed under the License is distributed on an
17		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18		* KIND, either express or implied. See the License for the
19		* specific language governing permissions and limitations
20		* under the License.
21		*/
22
23
24		import java.io.IOException;
25		import java.util.ArrayList;
26		import java.util.Enumeration;
27		import java.util.List;
28
29		import javax.servlet.http.HttpSession;
30
31		import org.apache.turbine.TurbineConstants;
32		import org.apache.turbine.annotation.TurbineConfiguration;
33		import org.apache.turbine.annotation.TurbineLoader;
34		import org.apache.turbine.modules.Action;
35		import org.apache.turbine.modules.ActionLoader;
36		import org.apache.turbine.services.velocity.VelocityService;
37		import org.apache.turbine.util.RunData;
38		import org.apache.turbine.util.TurbineException;
39		import org.apache.turbine.util.template.TemplateInfo;
40
41		/**
42		* Handles the Login and Logout actions in the request process
43		* cycle.
44		*
45		* @author <a href="mailto:jvanzyl@apache.org">Jason van Zyl</a>
46		* @author <a href="mailto:dlr@apache.org">Daniel Rall</a>
47		* @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
48		* @version $Id: DefaultLoginValve.java 1854797 2019-03-04 20:41:39Z tv $
49		*/
50	138	public class DefaultLoginValve
51		implements Valve
52		{
53		/** Injected loader instance */
54		@TurbineLoader( Action.class )
55		private ActionLoader actionLoader;
56
57		@TurbineConfiguration( TurbineConstants.ACTION_LOGIN_KEY )
58		private String actionLogin;
59
60		@TurbineConfiguration( TurbineConstants.ACTION_LOGOUT_KEY )
61		private String actionLogout;
62
63		/**
64		* @see org.apache.turbine.pipeline.Valve#invoke(PipelineData, ValveContext)
65		*/
66		@Override
67		public void invoke(PipelineData pipelineData, ValveContext context)
68		throws IOException, TurbineException
69		{
70		try
71		{
72	9	process(pipelineData);
73		}
74	0	catch (Exception e)
75		{
76	0	throw new TurbineException(e);
77	9	}
78
79		// Pass control to the next Valve in the Pipeline
80	9	context.invokeNext(pipelineData);
81	6	}
82
83		/**
84		* Handles user sessions, parsing of the action from the query
85		* string, and access control.
86		*
87		* @param pipelineData The run-time data.
88		*
89		* @throws Exception if executing the action fails
90		*/
91		protected void process(PipelineData pipelineData)
92		throws Exception
93		{
94	9	RunData data = pipelineData.getRunData();
95		// Special case for login and logout, this must happen before the
96		// session validator is executed in order either to allow a user to
97		// even login, or to ensure that the session validator gets to
98		// mandate its page selection policy for non-logged in users
99		// after the logout has taken place.
100	9	String actionName = data.getAction();
101	9	if (data.hasAction() &&
102	6	actionName.equalsIgnoreCase(actionLogin) \|\|
103	6	actionName.equalsIgnoreCase(actionLogout))
104		{
105		// If a User is logging in, we should refresh the
106		// session here. Invalidating session and starting a
107		// new session would seem to be a good method, but I
108		// (JDM) could not get this to work well (it always
109		// required the user to login twice). Maybe related
110		// to JServ? If we do not clear out the session, it
111		// is possible a new User may accidently (if they
112		// login incorrectly) continue on with information
113		// associated with the previous User. Currently the
114		// only keys stored in the session are "turbine.user"
115		// and "turbine.acl".
116	6	if (actionName.equalsIgnoreCase(actionLogin))
117		{
118	3	Enumeration<String> names = data.getSession().getAttributeNames();
119	3	if (names != null)
120		{
121		// copy keys into a new list, so we can clear the session
122		// and not get ConcurrentModificationException
123	0	List<String> nameList = new ArrayList<String>();
124	0	while (names.hasMoreElements())
125		{
126	0	nameList.add(names.nextElement());
127		}
128
129	0	HttpSession session = data.getSession();
130	0	for (String name : nameList)
131		{
132		try
133		{
134	0	session.removeAttribute(name);
135		}
136	0	catch (IllegalStateException invalidatedSession)
137		{
138	0	break;
139	0	}
140	0	}
141		}
142		}
143
144	6	actionLoader.exec(pipelineData, data.getAction());
145	6	cleanupTemplateContext(data);
146	6	data.setAction(null);
147		}
148	9	}
149
150		/**
151		* cleans the Velocity Context if available.
152		*
153		* @param data A RunData Object
154		*/
155		private void cleanupTemplateContext(RunData data)
156		{
157		// This is Velocity specific and shouldn't be done here.
158		// But this is a band aid until we get real listeners
159		// here.
160	6	TemplateInfo ti = data.getTemplateInfo();
161	6	if (ti != null)
162		{
163	6	ti.removeTemp(VelocityService.CONTEXT);
164		}
165	6	}
166		}