1   package org.apache.turbine.modules.actions.sessionvalidator;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.commons.configuration.Configuration;
23  
24  import org.apache.commons.lang.StringUtils;
25  
26  import org.apache.commons.logging.Log;
27  import org.apache.commons.logging.LogFactory;
28  
29  import org.apache.turbine.Turbine;
30  import org.apache.turbine.TurbineConstants;
31  
32  import org.apache.turbine.pipeline.PipelineData;
33  import org.apache.turbine.services.security.TurbineSecurity;
34  
35  import org.apache.turbine.util.RunData;
36  import org.apache.turbine.util.TurbineException;
37  
38  /**
39   * SessionValidator for use with the Template Service, the
40   * TemplateSessionValidator is virtually identical to the
41   * TemplateSecureValidator except that it does not transfer to the
42   * login page when it detects a null user (or a user not logged in).
43   *
44   * <p>The Template Service requires a different Session Validator
45   * because of the way it handles screens.
46   *
47   * <p>Note that you will need to set the template.login property to the
48   * login template.
49   *
50   * @see TemplateSecureSessionValidator
51   * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
52   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
53   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
54   * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
55   * @version $Id: TemplateSessionValidator.java 1066518 2011-02-02 16:30:53Z ludwig $
56   */
57  public class TemplateSessionValidator
58      extends SessionValidator
59  {
60      /** Logging */
61      private static Log log = LogFactory.getLog(TemplateSessionValidator.class);
62  
63      /**
64       * Execute the action.
65       *
66       * @deprecated Use PipelineData version instead.
67       * @param data Turbine information.
68       * @exception TurbineException The anonymous user could not be obtained
69       *         from the security service
70       */
71      @Deprecated
72      @Override
73      public void doPerform(RunData data)
74              throws TurbineException
75      {
76          Configuration conf = Turbine.getConfiguration();
77  
78          // Pull user from session.
79          data.populate();
80  
81          // The user may have not logged in, so create a "guest/anonymous" user.
82          if (data.getUser() == null)
83          {
84              log.debug("Fixing up empty User Object!");
85              data.setUser(TurbineSecurity.getAnonymousUser());
86              data.save();
87          }
88  
89          // make sure we have some way to return a response
90          if (!data.hasScreen() && StringUtils.isEmpty(
91                  data.getTemplateInfo().getScreenTemplate()))
92          {
93              String template = conf.getString(
94                      TurbineConstants.TEMPLATE_HOMEPAGE);
95  
96              if (StringUtils.isNotEmpty(template))
97              {
98                  data.getTemplateInfo().setScreenTemplate(template);
99              }
100             else
101             {
102                 data.setScreen(conf.getString(
103                         TurbineConstants.SCREEN_HOMEPAGE));
104             }
105         }
106         // the session_access_counter can be placed as a hidden field in
107         // forms.  This can be used to prevent a user from using the
108         // browsers back button and submitting stale data.
109         else if (data.getParameters().containsKey("_session_access_counter")
110                 && !TurbineSecurity.isAnonymousUser(data.getUser()))
111         {
112             // See comments in screens.error.InvalidState.
113             if (data.getParameters().getInt("_session_access_counter")
114                     < (((Integer) data.getUser().getTemp(
115                     "_session_access_counter")).intValue() - 1))
116             {
117                 if (data.getTemplateInfo().getScreenTemplate() != null)
118                 {
119                     data.getUser().setTemp("prev_template",
120                             data.getTemplateInfo().getScreenTemplate()
121                             .replace('/', ','));
122                     data.getTemplateInfo().setScreenTemplate(conf.getString(
123                             TurbineConstants.TEMPLATE_INVALID_STATE));
124                 }
125                 else
126                 {
127                     data.getUser().setTemp("prev_screen",
128                                            data.getScreen().replace('/', ','));
129                     data.setScreen(conf.getString(
130                             TurbineConstants.SCREEN_INVALID_STATE));
131                 }
132                 data.getUser().setTemp("prev_parameters", data.getParameters());
133                 data.setAction("");
134             }
135         }
136 
137         // we do not want to allow both a screen and template parameter.
138         // The template parameter is dominant.
139         if (data.getTemplateInfo().getScreenTemplate() != null)
140         {
141             data.setScreen(null);
142         }
143     }
144 
145     /**
146      * Execute the action.
147      *
148      * @param pipelineData Turbine information.
149      * @exception TurbineException The anonymous user could not be obtained
150      *         from the security service
151      */
152     @Override
153     public void doPerform(PipelineData pipelineData)
154     throws TurbineException
155     {
156         RunData data = getRunData(pipelineData);
157         doPerform(data);
158     }
159 
160 
161 
162 
163 }