JetspeedSessionValidator xref

View Javadoc

1   /*
2    * Copyright 2000-2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16   
17  package org.apache.jetspeed.modules.actions;
18  
19  import java.util.Locale;
20  
21  import org.apache.turbine.util.RunData;
22  import org.apache.turbine.services.resources.TurbineResources;
23  import org.apache.turbine.services.localization.LocalizationService;
24  import org.apache.turbine.TurbineConstants;
25  
26  import org.apache.jetspeed.om.security.JetspeedUser;
27  import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
28  import org.apache.jetspeed.services.logging.JetspeedLogger;
29  import org.apache.jetspeed.services.JetspeedSecurity;
30  import org.apache.jetspeed.services.security.LoginException;
31  import org.apache.jetspeed.services.rundata.JetspeedRunData;
32  import org.apache.jetspeed.services.resources.JetspeedResources;
33  import org.apache.jetspeed.util.ServiceUtil;
34  import org.apache.jetspeed.services.customlocalization.CustomLocalizationService;
35  
36  
37  /***
38  Just like org.apache.turbine.modules.actions.sessionvalidator.TemplateSessionValidator except:
39  <ul>
40  <li> it doesn't check the session_access_counter
41  <li> it doesn't require you to always logon
42  <li> expects a JetspeedRunData object and put there the additionnal jetspeed
43    properties
44  </ul>
45    
46  @see org.apache.turbine.modules.actions.sessionvalidator.TemplateSessionValidator
47  @author <a href="mailto:ingo@raleigh.ibm.com">Ingo Schuster</a>
48  @author <a href="mailto:raphael@apache.org">Raphaël Luta</a>
49  @author <a href="mailto:sgala@apache.org">Santiago Gala</a>
50  @version $Id: JetspeedSessionValidator.java,v 1.27 2004/02/23 02:59:06 jford Exp $
51  */
52  public class JetspeedSessionValidator extends TemplateSessionValidator
53  {
54  
55      
56      /***
57       * Static initialization of the logger for this class
58       */    
59      private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(JetspeedSessionValidator.class.getName());
60      
61      /***
62       * Execute the action.
63       *
64       * @param data Turbine information.
65       * @exception Exception, a generic exception.
66       */
67      public void doPerform( RunData data ) throws Exception
68      {
69          //first, invoke our superclass action to make sure 
70          //we follow Turbine evolutions
71          //FIXME: if the user is not found (this can happen, for instance,
72          // if the anonymous user is not in the DB), it throws a terrible exception
73          // in the user's face
74          try 
75          {
76              super.doPerform(data);         
77          }
78          catch (Throwable other)
79          {
80              data.setScreenTemplate(JetspeedResources.getString(TurbineConstants.TEMPLATE_ERROR));
81              String message = other.getMessage() != null ? other.getMessage() : other.toString();
82              data.setMessage(message);
83              data.setStackTrace(org.apache.turbine.util.StringUtils.stackTrace(other), other);
84              return;
85          }
86       
87          JetspeedUser user = (JetspeedUser)data.getUser();
88  
89          //if the user is not logged in and auto-login is enable - try and do it.
90          if ( ( user==null || !user.hasLoggedIn() ) && JetspeedResources.getBoolean("automatic.logon.enable", false) ) {
91            // need to make sure there are cookies - turbine does not handle this currently
92            if ( data.getRequest().getCookies() != null )
93            {
94              //check for user in cookie 
95              String userName = data.getCookies().getString("username","");
96              String loginCookieValue = data.getCookies().getString("logincookie","");
97  
98              if ( userName.length() > 0 && loginCookieValue.length() >0 )
99              {
100               try {
101                 user = JetspeedSecurity.getUser(userName);
102                 if (user.getPerm("logincookie","").equals(loginCookieValue)) {
103                   //cookie is present and correct - log the user in
104                   data.setUser(user);
105                   user.setHasLoggedIn(new Boolean(true));
106                   user.updateLastLogin();
107                   data.save();
108                 }
109               } catch (LoginException noSuchUser) {
110                 //user not found - ignore it - they will not be logged in automatically
111 			  } catch (org.apache.jetspeed.services.security.UnknownUserException unknownUser) {
112 				//user not found - ignore it - they will not be logged in automatically
113 				logger.warn("Username from the cookie was not found: " + userName);
114 			  } catch (Exception other){
115 				logger.error(other);			  	
116 			  }
117             }
118           }
119         }
120 
121         // now, define Jetspeed specific properties, using the customized
122         // RunData properties
123         JetspeedRunData jdata = null;
124         
125         try
126         {
127             jdata = (JetspeedRunData)data;
128         }
129         catch (ClassCastException e)
130         {
131             logger.error("The RunData object does not implement the expected interface, "
132                        + "please verify the RunData factory settings", e);
133             return;
134         }
135         String language = (String) data.getRequest().getParameter("js_language");
136 
137         if (null != language) 
138         {
139             user.setPerm("language", language);
140         }
141         
142         // Get the locale store it in the user object
143         CustomLocalizationService locService = (CustomLocalizationService) ServiceUtil.getServiceByName(
144             LocalizationService.SERVICE_NAME);
145         Locale locale = locService.getLocale(data);
146 
147         if (locale == null) {
148             locale = new Locale(
149                      TurbineResources.getString("locale.default.language", "en"),
150                      TurbineResources.getString("locale.default.country", "US"));
151         }
152         
153         data.getUser().setTemp("locale", locale);
154 
155         // if a portlet is referenced in the parameters request, store it
156         // in the RunData object
157         String paramPortlet = jdata.getParameters().getString("js_peid");
158         if (paramPortlet != null && paramPortlet.length() > 0) {
159             jdata.setJs_peid(paramPortlet);
160         }
161         
162     }
163 
164     /***
165     */
166     public boolean requiresNewSession( RunData data )
167     {
168         return false;
169     }
170     
171 }