org.apache.turbine.modules.actions.sessionvalidator
Class TemplateSecureSessionValidator

java.lang.Object
  |
  +--org.apache.turbine.modules.Assembler
        |
        +--org.apache.turbine.modules.Action
              |
              +--org.apache.turbine.modules.actions.sessionvalidator.SessionValidator
                    |
                    +--org.apache.turbine.modules.actions.sessionvalidator.TemplateSecureSessionValidator

public class TemplateSecureSessionValidator
extends SessionValidator

SessionValidator that requires login for use with the WebMacroSite Service.
The WebMacroSite Service requires a different Session Validator because of the way it handles screens. If you use the WebMacroSite Service with the DefaultSessionValidator, users will be able to bypass login by directly addressing the template using template/index.wm. This is because WebMacroSitePage looks for the keyword "template" in the Path information and if it finds it will reset the screen using it's lookup mechanism and thereby bypass Login. Note that you will need to set the template.login property to the login template.

Version:
$Id: TemplateSecureSessionValidator.java,v 1.3 2001/11/16 03:38:35 jvanzyl Exp $
Author:
John D. McNally, Dave Bryson

Constructor Summary
TemplateSecureSessionValidator()
           
 
Method Summary
 void doPerform(RunData data)
          doPerform is virtually identical to DefaultSessionValidator except that it calls template methods instead of bare screen methods.
 boolean requiresNewSession(RunData data)
          By default, this is true.
 
Methods inherited from class org.apache.turbine.modules.Action
perform
 
Methods inherited from class java.lang.Object
, clone, equals, finalize, getClass, hashCode, notify, notifyAll, registerNatives, toString, wait, wait, wait
 

Constructor Detail

TemplateSecureSessionValidator

public TemplateSecureSessionValidator()
Method Detail

doPerform

public void doPerform(RunData data)
               throws java.lang.Exception
doPerform is virtually identical to DefaultSessionValidator except that it calls template methods instead of bare screen methods. For example, it uses setScreenTemplate to load the tr.props TEMPLATE_LOGIN instead of the default's setScreen to TurbineContants.SCREEN_LOGIN.
Overrides:
doPerform in class Action
Throws:
Exception, - a generic exception.
See Also:
* @param data Turbine information.

requiresNewSession

public boolean requiresNewSession(RunData data)
By default, this is true. It says that we require a new session in order to allow people to access the system. We accomplish this by doing a redirect and using the HttpSession spec.
Overrides:
requiresNewSession in class SessionValidator
Parameters:
data - Turbine information.
Returns:
True if we require a new session in order to allow people to access the system.


Copyright © 2000-2002 Apache Software Foundation. All Rights Reserved.