View Javadoc
1 package org.apache.turbine.modules.actions.sessionvalidator; 2 3 /* ==================================================================== 4 * The Apache Software License, Version 1.1 5 * 6 * Copyright (c) 2001 The Apache Software Foundation. All rights 7 * reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. The end-user documentation included with the redistribution, 22 * if any, must include the following acknowledgment: 23 * "This product includes software developed by the 24 * Apache Software Foundation (http://www.apache.org/)." 25 * Alternately, this acknowledgment may appear in the software itself, 26 * if and wherever such third-party acknowledgments normally appear. 27 * 28 * 4. The names "Apache" and "Apache Software Foundation" and 29 * "Apache Turbine" must not be used to endorse or promote products 30 * derived from this software without prior written permission. For 31 * written permission, please contact apache@apache.org. 32 * 33 * 5. Products derived from this software may not be called "Apache", 34 * "Apache Turbine", nor may "Apache" appear in their name, without 35 * prior written permission of the Apache Software Foundation. 36 * 37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 48 * SUCH DAMAGE. 49 * ==================================================================== 50 * 51 * This software consists of voluntary contributions made by many 52 * individuals on behalf of the Apache Software Foundation. For more 53 * information on the Apache Software Foundation, please see 54 * <http://www.apache.org/>;. 55 */ 56 57 import org.apache.turbine.TurbineConstants; 58 import org.apache.turbine.services.resources.TurbineResources; 59 import org.apache.turbine.util.RunData; 60 61 /*** 62 * The SessionValidator attempts to retrieve the User object from the 63 * Servlet API session that is associated with the request. If the 64 * data cannot be retrieved, it is handled here. If the user has not 65 * been marked as being logged into the system, the user is rejected 66 * and the screen is set to the screen.homepage value in 67 * TurbineResources.properties. 68 * 69 * <p> 70 * 71 * Other systems generally have a database table which stores this 72 * information, but we take advantage of the Servlet API here to save 73 * a hit to the database for each and every connection that a user 74 * makes. 75 * 76 * <p> 77 * 78 * This action is special in that it should only be executed by the 79 * Turbine servlet. 80 * 81 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 82 * @version $Id: DefaultSessionValidator.java,v 1.4 2002/07/11 16:53:29 mpoeschl Exp $ 83 */ 84 public class DefaultSessionValidator extends SessionValidator 85 { 86 /*** 87 * Execute the action. The default is to populate the RunData 88 * object and, if the user is unknown, to force a login screen (as 89 * set in the tr.props). 90 * 91 * @see org.apache.turbine.modules.screens.error.InvalidState 92 * @param data Turbine RunData context information. * @exception Exception, a generic exception. 93 */ 94 public void doPerform( RunData data ) throws Exception 95 { 96 /* 97 * Pull user from session. 98 */ 99 data.populate(); 100 101 // Make sure the User object exists in the Session and that 102 // the user has logged into the system. 103 if ( (data.getUser() == null) || (! data.getUser().hasLoggedIn()) ) 104 { 105 // only set the message if nothing else has already set it 106 // (e.g. the LogoutUser action) 107 if (data.getMessage() == null) 108 data.setMessage(TurbineResources.getString( 109 TurbineConstants.LOGIN_MESSAGE)); 110 // set the screen to be the login page 111 data.setScreen(TurbineResources.getString( 112 TurbineConstants.SCREEN_LOGIN)); 113 // we're not doing any actions buddy! (except action.login which 114 // will have been performed already) 115 data.setAction(null); 116 } 117 else if ( ! data.hasScreen() ) 118 { 119 data.setMessage(TurbineResources.getString( 120 TurbineConstants.LOGIN_MESSAGE_NOSCREEN)); 121 data.setScreen(TurbineResources.getString( 122 TurbineConstants.SCREEN_HOMEPAGE)); 123 } 124 else if ( data.getParameters().containsKey("_session_access_counter") ) 125 { 126 // See comments in screens.error.InvalidState. 127 if ( data.getParameters().getInt("_session_access_counter") < 128 (((Integer)data.getUser().getTemp("_session_access_counter")) 129 .intValue()-1) ) 130 { 131 data.getUser().setTemp("prev_screen", data.getScreen()); 132 data.getUser().setTemp("prev_parameters", data.getParameters()); 133 data.setScreen( TurbineResources.getString( 134 TurbineConstants.SCREEN_INVALID_STATE) ); 135 data.setAction( "" ); 136 } 137 } 138 } 139 }

This page was automatically generated by Maven