View Javadoc

1   /*
2    * Copyright 2001,2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.apache.jetspeed.modules.actions;
17  
18  // Turbine Classes
19  import org.apache.turbine.TurbineConstants;
20  import org.apache.turbine.util.RunData;
21  import org.apache.turbine.modules.actions.sessionvalidator.SessionValidator;
22  import org.apache.jetspeed.services.rundata.JetspeedRunData;
23  import org.apache.jetspeed.services.resources.JetspeedResources;
24  import org.apache.jetspeed.services.JetspeedSecurity;
25  
26  /***
27   * SessionValidator for use with the Template Service, the
28   * TemplateSessionValidator is virtually identical to the
29   * TemplateSecureValidator except that it does not tranfer to the
30   * login page when it detects a null user (or a user not logged in).
31   *
32   * <p>The Template Service requires a different Session Validator
33   * because of the way it handles screens.
34   *
35   * @see TemplateSecureSessionValidator
36   * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
37   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
38   * @version $Id: TemplateSessionValidator.java,v 1.3 2004/02/23 02:59:06 jford Exp $
39   */
40  public class TemplateSessionValidator extends SessionValidator
41  {
42      /***
43       * Execute the action.
44       *
45       * @param data Turbine information.
46       * @exception Exception, a generic exception.
47       */
48      public void doPerform( RunData rundata ) throws Exception
49      {
50          JetspeedRunData data = (JetspeedRunData)rundata;
51          /*
52           * Pull user from session.
53           */
54          data.populate();
55  
56          // The user may have not logged in, so create a "guest" user.
57          if ( data.getUser() == null)
58          {
59              data.setUser(JetspeedSecurity.getAnonymousUser());
60              data.save();
61          }
62  
63          // make sure we have some way to return a response
64          if ( !data.hasScreen() &&
65               data.getTemplateInfo().getScreenTemplate() == null )
66          {
67              String template = JetspeedResources.getString(
68                  TurbineConstants.TEMPLATE_HOMEPAGE);
69  
70              if (template != null)
71              {
72                  data.getTemplateInfo().setScreenTemplate(template);
73              }
74              else
75              {
76                  data.setScreen(JetspeedResources.getString(
77                      TurbineConstants.SCREEN_HOMEPAGE));
78              }
79          }
80          // the session_access_counter can be placed as a hidden field in
81          // forms.  This can be used to prevent a user from using the
82          // browsers back button and submitting stale data.
83          else if ( data.getParameters().containsKey("_session_access_counter") )
84          {
85              // See comments in screens.error.InvalidState.
86              if ( data.getParameters().getInt("_session_access_counter") <
87                  (((Integer)data.getUser().getTemp("_session_access_counter"))
88                  .intValue()-1) )
89              {
90                  if (data.getTemplateInfo().getScreenTemplate() != null)
91                  {
92                      data.getUser().setTemp( "prev_template",
93                          data.getTemplateInfo().getScreenTemplate()
94                          .replace('/', ',') );
95                      data.getTemplateInfo().setScreenTemplate(
96                          JetspeedResources.getString(
97                          TurbineConstants.TEMPLATE_INVALID_STATE) );
98                  }
99                  else
100                 {
101                     data.getUser().setTemp( "prev_screen",
102                         data.getScreen().replace('/', ',') );
103                     data.setScreen( JetspeedResources.getString(
104                         TurbineConstants.SCREEN_INVALID_STATE) );
105                 }
106                 data.getUser().setTemp("prev_parameters", data.getParameters());
107                 data.setAction( "" );
108             }
109         }
110 
111         // we do not want to allow both a screen and template parameter.
112         // The template parameter is dominant.
113         if ( data.getTemplateInfo().getScreenTemplate() != null )
114         {
115             data.setScreen(null);
116         }
117     }
118 
119     /***
120      * By default, this is true. It says that we require a new session
121      * in order to allow people to access the system. We accomplish
122      * this by doing a redirect and using the HttpSession spec.
123      *
124      * @param data Turbine information.
125      * @return True if we require a new session in order to allow
126      * people to access the system.
127      */
128     public boolean requiresNewSession(RunData data)
129     {
130         return true;
131     }
132 }
133