LogoutUser


1   package org.apache.turbine.modules.actions;
2   
3   /* ====================================================================
4    * The Apache Software License, Version 1.1
5    *
6    * Copyright (c) 2001 The Apache Software Foundation.  All rights
7    * reserved.
8    *
9    * Redistribution and use in source and binary forms, with or without
10   * modification, are permitted provided that the following conditions
11   * are met:
12   *
13   * 1. Redistributions of source code must retain the above copyright
14   *    notice, this list of conditions and the following disclaimer.
15   *
16   * 2. Redistributions in binary form must reproduce the above copyright
17   *    notice, this list of conditions and the following disclaimer in
18   *    the documentation and/or other materials provided with the
19   *    distribution.
20   *
21   * 3. The end-user documentation included with the redistribution,
22   *    if any, must include the following acknowledgment:
23   *       "This product includes software developed by the
24   *        Apache Software Foundation (http://www.apache.org/)."
25   *    Alternately, this acknowledgment may appear in the software itself,
26   *    if and wherever such third-party acknowledgments normally appear.
27   *
28   * 4. The names "Apache" and "Apache Software Foundation" and
29   *    "Apache Turbine" must not be used to endorse or promote products
30   *    derived from this software without prior written permission. For
31   *    written permission, please contact apache@apache.org.
32   *
33   * 5. Products derived from this software may not be called "Apache",
34   *    "Apache Turbine", nor may "Apache" appear in their name, without
35   *    prior written permission of the Apache Software Foundation.
36   *
37   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48   * SUCH DAMAGE.
49   * ====================================================================
50   *
51   * This software consists of voluntary contributions made by many
52   * individuals on behalf of the Apache Software Foundation.  For more
53   * information on the Apache Software Foundation, please see
54   * <http://www.apache.org/>.
55   */
56  
57  import javax.servlet.http.HttpSession  ;
58  
59  import org.apache.turbine.Turbine;
60  import org.apache.turbine.RunData;
61  import org.apache.turbine.modules.Action;
62  import org.apache.fulcrum.security.entity.User;
63  import org.apache.fulcrum.security.TurbineSecurity;
64  import org.apache.fulcrum.security.util.AccessControlList;
65  
66  /**
67   * This action removes a user from the session. It makes sure to save
68   * the User object in the session.
69   *
70   * @author <a HREF="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
71   * @version $Id: LogoutUser.java,v 1.5 2002/04/23 16:03:33 dlr Exp $
72   */
73  public class LogoutUser
74      extends Action
75  {
76      /**
77       * Clears the RunData user object back to an anonymous status not
78       * logged in, and with a null ACL.  If the tr.props ACTION_LOGIN
79       * is anthing except "LogoutUser", flow is transfered to the
80       * SCREEN_HOMEPAGE
81       *
82       * If this action name is the value of action.logout then we are
83       * being run before the session validator, so we don't need to
84       * set the screen (we assume that the session validator will handle
85       * that). This is basically still here simply to preserve old behaviour
86       * - it is recommended that action.logout is set to "LogoutUser" and
87       * that the session validator does handle setting the screen/template
88       * for a logged out (read not-logged-in) user.
89       *
90       * @param data Turbine information.
91       * @exception Exception a generic exception.
92       */
93      public void doPerform( RunData data )
94          throws Exception  
95      {
96          User user = data.getUser();
97  
98          if ( user != null )
99          {
100             // Make sure that the user has really logged in...
101             if (!user.hasLoggedIn() )
102                 return;
103 
104             user.setHasLoggedIn( new Boolean  (false) );
105             TurbineSecurity.saveUser( user );
106         }
107 
108         data.setMessage(Turbine.getConfiguration().getString(
109             Turbine.LOGOUT_MESSAGE));
110 
111         // This will cause the acl to be removed from the session in
112         // the Turbine servlet code.
113         data.setACL(null);
114 
115         // Retrieve an anonymous user.
116         data.setUser( TurbineSecurity.getAnonymousUser() );
117         data.save();
118 
119         // In the event that the current screen or related navigations
120         // require acl info, we cannot wait for Turbine to handle
121         // regenerating acl.
122         HttpSession   session = data.getSession();
123         if (session != null)
124         {
125             try
126             {
127                 session.removeAttribute(AccessControlList.SESSION_KEY);
128             }
129             catch (IllegalStateException   invalidatedSession)
130             {
131             }
132         }
133 
134         // If this action name is the value of action.logout then we are
135         // being run before the session validator, so we don't need to
136         // set the screen (we assume that the session validator will handle
137         // that). This is basically still here simply to preserve old behaviour
138         // - it is recommended that action.logout is set to "LogoutUser" and
139         // that the session validator does handle setting the screen/template
140         // for a logged out (read not-logged-in) user.
141         if (!Turbine.getConfiguration().getString(Turbine.ACTION_LOGOUT, "")
142                 .equals("LogoutUser"))
143         {
144             data.setTarget(Turbine.getConfiguration().getString(
145                 Turbine.TEMPLATE_HOMEPAGE));
146         }
147     }
148 }
149
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags