1 package org.apache.turbine.modules.actions.sessionvalidator;
2
3 /* ====================================================================
4 * The Apache Software License, Version 1.1
5 *
6 * Copyright (c) 2001 The Apache Software Foundation. All rights
7 * reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. The end-user documentation included with the redistribution,
22 * if any, must include the following acknowledgment:
23 * "This product includes software developed by the
24 * Apache Software Foundation (http://www.apache.org/)."
25 * Alternately, this acknowledgment may appear in the software itself,
26 * if and wherever such third-party acknowledgments normally appear.
27 *
28 * 4. The names "Apache" and "Apache Software Foundation" and
29 * "Apache Turbine" must not be used to endorse or promote products
30 * derived from this software without prior written permission. For
31 * written permission, please contact apache@apache.org.
32 *
33 * 5. Products derived from this software may not be called "Apache",
34 * "Apache Turbine", nor may "Apache" appear in their name, without
35 * prior written permission of the Apache Software Foundation.
36 *
37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48 * SUCH DAMAGE.
49 * ====================================================================
50 *
51 * This software consists of voluntary contributions made by many
52 * individuals on behalf of the Apache Software Foundation. For more
53 * information on the Apache Software Foundation, please see
54 * <http://www.apache.org/>.
55 */
56
57 import org.apache.turbine.TurbineConstants;
58 import org.apache.turbine.services.resources.TurbineResources;
59 import org.apache.turbine.util.RunData;
60
61 /***
62 * The SessionValidator attempts to retrieve the User object from the
63 * Servlet API session that is associated with the request. If the
64 * data cannot be retrieved, it is handled here. If the user has not
65 * been marked as being logged into the system, the user is rejected
66 * and the screen is set to the screen.homepage value in
67 * TurbineResources.properties.
68 *
69 * <p>
70 *
71 * Other systems generally have a database table which stores this
72 * information, but we take advantage of the Servlet API here to save
73 * a hit to the database for each and every connection that a user
74 * makes.
75 *
76 * <p>
77 *
78 * This action is special in that it should only be executed by the
79 * Turbine servlet.
80 *
81 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
82 * @version $Id: DefaultSessionValidator.java,v 1.4 2002/07/11 16:53:29 mpoeschl Exp $
83 */
84 public class DefaultSessionValidator extends SessionValidator
85 {
86 /***
87 * Execute the action. The default is to populate the RunData
88 * object and, if the user is unknown, to force a login screen (as
89 * set in the tr.props).
90 *
91 * @see org.apache.turbine.modules.screens.error.InvalidState
92 * @param data Turbine RunData context information. * @exception Exception, a generic exception.
93 */
94 public void doPerform( RunData data ) throws Exception
95 {
96 /*
97 * Pull user from session.
98 */
99 data.populate();
100
101 // Make sure the User object exists in the Session and that
102 // the user has logged into the system.
103 if ( (data.getUser() == null) || (! data.getUser().hasLoggedIn()) )
104 {
105 // only set the message if nothing else has already set it
106 // (e.g. the LogoutUser action)
107 if (data.getMessage() == null)
108 data.setMessage(TurbineResources.getString(
109 TurbineConstants.LOGIN_MESSAGE));
110 // set the screen to be the login page
111 data.setScreen(TurbineResources.getString(
112 TurbineConstants.SCREEN_LOGIN));
113 // we're not doing any actions buddy! (except action.login which
114 // will have been performed already)
115 data.setAction(null);
116 }
117 else if ( ! data.hasScreen() )
118 {
119 data.setMessage(TurbineResources.getString(
120 TurbineConstants.LOGIN_MESSAGE_NOSCREEN));
121 data.setScreen(TurbineResources.getString(
122 TurbineConstants.SCREEN_HOMEPAGE));
123 }
124 else if ( data.getParameters().containsKey("_session_access_counter") )
125 {
126 // See comments in screens.error.InvalidState.
127 if ( data.getParameters().getInt("_session_access_counter") <
128 (((Integer)data.getUser().getTemp("_session_access_counter"))
129 .intValue()-1) )
130 {
131 data.getUser().setTemp("prev_screen", data.getScreen());
132 data.getUser().setTemp("prev_parameters", data.getParameters());
133 data.setScreen( TurbineResources.getString(
134 TurbineConstants.SCREEN_INVALID_STATE) );
135 data.setAction( "" );
136 }
137 }
138 }
139 }
This page was automatically generated by Maven