DefaultLoginValve


1   package org.apache.turbine.pipeline;
2   
3   /* ====================================================================
4    * The Apache Software License, Version 1.1
5    *
6    * Copyright (c) 2001-2003 The Apache Software Foundation.  All rights
7    * reserved.
8    *
9    * Redistribution and use in source and binary forms, with or without
10   * modification, are permitted provided that the following conditions
11   * are met:
12   *
13   * 1. Redistributions of source code must retain the above copyright
14   *    notice, this list of conditions and the following disclaimer.
15   *
16   * 2. Redistributions in binary form must reproduce the above copyright
17   *    notice, this list of conditions and the following disclaimer in
18   *    the documentation and/or other materials provided with the
19   *    distribution.
20   *
21   * 3. The end-user documentation included with the redistribution,
22   *    if any, must include the following acknowledgment:
23   *       "This product includes software developed by the
24   *        Apache Software Foundation (http://www.apache.org/)."
25   *    Alternately, this acknowledgment may appear in the software itself,
26   *    if and wherever such third-party acknowledgments normally appear.
27   *
28   * 4. The names "Apache" and "Apache Software Foundation" and
29   *    "Apache Turbine" must not be used to endorse or promote products
30   *    derived from this software without prior written permission. For
31   *    written permission, please contact apache@apache.org.
32   *
33   * 5. Products derived from this software may not be called "Apache",
34   *    "Apache Turbine", nor may "Apache" appear in their name, without
35   *    prior written permission of the Apache Software Foundation.
36   *
37   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48   * SUCH DAMAGE.
49   * ====================================================================
50   *
51   * This software consists of voluntary contributions made by many
52   * individuals on behalf of the Apache Software Foundation.  For more
53   * information on the Apache Software Foundation, please see
54   * <http://www.apache.org/>.
55   */
56  
57  import java.io.IOException  ;
58  import java.util.Enumeration  ;
59  import java.util.ArrayList  ;
60  import java.util.List  ;
61  import java.util.Iterator  ;
62  import javax.servlet.http.HttpSession  ;
63  
64  import org.apache.turbine.Turbine;
65  import org.apache.turbine.TurbineConstants;
66  import org.apache.turbine.RunData;
67  import org.apache.turbine.TurbineException;
68  import org.apache.turbine.ValveContext;
69  import org.apache.turbine.modules.Action;
70  
71  /**
72   * Handles the Login and Logout actions in the request process
73   * cycle.
74   *
75   * @author <a HREF="mailto:jvanzyl@apache.org">Jason van Zyl</a>
76   * @author <a HREF="mailto:dlr@apache.org">Daniel Rall</a>
77   * @version $Id: DefaultLoginValve.java,v 1.9 2003/11/23 00:42:22 mpoeschl Exp $
78   */
79  public class DefaultLoginValve
80      extends AbstractValve
81      implements TurbineConstants
82  {
83      /**
84       * Here we can setup objects that are thread safe and can be
85       * reused. We setup the session validator and the access
86       * controller.
87       */
88      public DefaultLoginValve()
89          throws Exception  
90      {
91      }
92  
93      /**
94       * @see org.apache.turbine.Valve#invoke(RunData, ValveContext)
95       */
96      public void invoke(RunData data, ValveContext context)
97          throws IOException  , TurbineException
98      {
99          try
100         { 
101             process(data);
102         }
103         catch (Exception   e)
104         {
105             throw new TurbineException(e);
106         }
107 
108         // Pass control to the next Valve in the Pipeline
109         context.invokeNext(data);
110     }
111 
112     /**
113      * Handles user sessions, parsing of the action from the query
114      * string, and access control.
115      *
116      * @param data The run-time data.
117      */
118     protected void process(RunData data)
119         throws Exception  
120     {
121         // Special case for login and logout, this must happen before the
122         // session validator is executed in order either to allow a user to
123         // even login, or to ensure that the session validator gets to
124         // mandate its page selection policy for non-logged in users
125         // after the logout has taken place.
126         String   actionName = data.getAction();
127         if (data.hasAction() &&
128             actionName.equalsIgnoreCase
129             (Turbine.getConfiguration().getString(ACTION_LOGIN)) ||
130             actionName.equalsIgnoreCase
131             (Turbine.getConfiguration().getString(ACTION_LOGOUT)))
132         {
133             // If a User is logging in, we should refresh the
134             // session here.  Invalidating session and starting a
135             // new session would seem to be a good method, but I
136             // (JDM) could not get this to work well (it always
137             // required the user to login twice).  Maybe related
138             // to JServ?  If we do not clear out the session, it
139             // is possible a new User may accidently (if they
140             // login incorrectly) continue on with information
141             // associated with the previous User.  Currently the
142             // only keys stored in the session are "turbine.user"
143             // and "turbine.acl".
144             if (actionName.equalsIgnoreCase
145                 (Turbine.getConfiguration().getString(ACTION_LOGIN)))
146             {
147                 Enumeration   names = data.getSession().getAttributeNames();
148                 if (names != null)
149                 {
150                     // copy keys into a new list, so we can clear the session
151                     // and not get ConcurrentModificationException
152                     List   nameList = new ArrayList  ();
153                     while (names.hasMoreElements())
154                     {
155                         nameList.add(names.nextElement());
156                     }
157 
158                     HttpSession   session = data.getSession();
159                     Iterator   nameIter = nameList.iterator();
160                     while (nameIter.hasNext())
161                     {
162                         try
163                         {
164                             session.removeAttribute((String  )nameIter.next());
165                         }
166                         catch (IllegalStateException   invalidatedSession)
167                         {
168                             break;
169                         }
170                     }
171                 }
172             }
173 
174             Action action = (Action) Turbine.getResolver()
175                 .getModule( ACTIONS, actionName );
176             
177             action.execute(data);
178             data.setAction(null);
179         }
180     }
181 }
182
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags