KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > turbine > modules > actions > TemplateSecureSessionValidator


1 package org.apache.turbine.modules.actions;
2
3 /* ====================================================================
4  * The Apache Software License, Version 1.1
5  *
6  * Copyright (c) 2001 The Apache Software Foundation. All rights
7  * reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  *
13  * 1. Redistributions of source code must retain the above copyright
14  * notice, this list of conditions and the following disclaimer.
15  *
16  * 2. Redistributions in binary form must reproduce the above copyright
17  * notice, this list of conditions and the following disclaimer in
18  * the documentation and/or other materials provided with the
19  * distribution.
20  *
21  * 3. The end-user documentation included with the redistribution,
22  * if any, must include the following acknowledgment:
23  * "This product includes software developed by the
24  * Apache Software Foundation (http://www.apache.org/)."
25  * Alternately, this acknowledgment may appear in the software itself,
26  * if and wherever such third-party acknowledgments normally appear.
27  *
28  * 4. The names "Apache" and "Apache Software Foundation" and
29  * "Apache Turbine" must not be used to endorse or promote products
30  * derived from this software without prior written permission. For
31  * written permission, please contact apache@apache.org.
32  *
33  * 5. Products derived from this software may not be called "Apache",
34  * "Apache Turbine", nor may "Apache" appear in their name, without
35  * prior written permission of the Apache Software Foundation.
36  *
37  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40  * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48  * SUCH DAMAGE.
49  * ====================================================================
50  *
51  * This software consists of voluntary contributions made by many
52  * individuals on behalf of the Apache Software Foundation. For more
53  * information on the Apache Software Foundation, please see
54  * <http://www.apache.org/>.
55  */
56
57 import org.apache.turbine.Turbine;
58 import org.apache.turbine.RunData;
59
60 /**
61  * SessionValidator that requires login for use with the WebMacroSite
62  * Service.
63  *
64  * <br>
65  *
66  * The WebMacroSite Service requires a different Session Validator
67  * because of the way it handles screens. If you use the WebMacroSite
68  * Service with the DefaultSessionValidator, users will be able to
69  * bypass login by directly addressing the template using
70  * template/index.wm. This is because WebMacroSitePage looks for the
71  * keyword "template" in the Path information and if it finds it will
72  * reset the screen using it's lookup mechanism and thereby bypass
73  * Login.
74  *
75  * Note that you will need to set the template.login property to the
76  * login template.
77  *
78  * @author <a HREF="mailto:jmcnally@collab.net">John D. McNally</a>
79  * @author <a HREF="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
80  * @version $Id: TemplateSecureSessionValidator.java,v 1.2 2002/03/20 01:55:28 brekke Exp $
81  */
82 public class TemplateSecureSessionValidator
83     extends TemplateSessionValidator
84 {
85     /**
86      * doPerform is virtually identical to DefaultSessionValidator
87      * except that it calls template methods instead of bare screen
88      * methods. For example, it uses <code>setScreenTemplate</code> to
89      * load the tr.props TEMPLATE_LOGIN instead of the default's
90      * setScreen to TurbineContants.SCREEN_LOGIN.
91      *
92      * @see TemplateSessionValidator
93      * @param data Turbine information.
94      * @exception Exception a generic exception.
95      */
96     public void doPerform( RunData data )
97         throws Exception JavaDoc
98     {
99         // Pull user from session.
100 data.populate();
101
102         // This is the secure sessionvalidator, so user must be logged in.
103 if ( (data.getUser() == null) || (! data.getUser().hasLoggedIn()) )
104         {
105             // Only set the message if nothing else has already set it
106 // (e.g. the LogoutUser action).
107 if (data.getMessage() == null)
108             {
109                 data.setMessage(Turbine.getConfiguration().getString(
110                     Turbine.LOGIN_MESSAGE));
111             }
112
113             // Set the screen template to the login page.
114 data.setTarget(Turbine.getConfiguration()
115                 .getString(Turbine.TEMPLATE_LOGIN));
116
117             // We're not doing any actions buddy! (except action.login which
118 // will have been performed already)
119 data.setAction(null);
120         }
121
122         // Make sure we have some way to return a response.
123 if (!data.hasTarget())
124         {
125             setTarget(data);
126         }
127         // The session_access_counter can be placed as a hidden field in
128 // forms. This can be used to prevent a user from using the
129 // browsers back button and submitting stale data.
130 // FIXME!! a template needs to be written to use this with templates.
131 else if (data.getParameters().containsKey(COUNTER))
132         {
133             processCounter(data);
134         }
135     }
136 }
137
Popular Tags