Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
LogoutUser |
|
| 5.0;5 |
1 | package org.apache.turbine.modules.actions; | |
2 | ||
3 | /* | |
4 | * Licensed to the Apache Software Foundation (ASF) under one | |
5 | * or more contributor license agreements. See the NOTICE file | |
6 | * distributed with this work for additional information | |
7 | * regarding copyright ownership. The ASF licenses this file | |
8 | * to you under the Apache License, Version 2.0 (the | |
9 | * "License"); you may not use this file except in compliance | |
10 | * with the License. You may obtain a copy of the License at | |
11 | * | |
12 | * http://www.apache.org/licenses/LICENSE-2.0 | |
13 | * | |
14 | * Unless required by applicable law or agreed to in writing, | |
15 | * software distributed under the License is distributed on an | |
16 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
17 | * KIND, either express or implied. See the License for the | |
18 | * specific language governing permissions and limitations | |
19 | * under the License. | |
20 | */ | |
21 | ||
22 | import org.apache.commons.configuration.Configuration; | |
23 | import org.apache.fulcrum.security.util.FulcrumSecurityException; | |
24 | import org.apache.turbine.TurbineConstants; | |
25 | import org.apache.turbine.annotation.TurbineConfiguration; | |
26 | import org.apache.turbine.annotation.TurbineService; | |
27 | import org.apache.turbine.modules.Action; | |
28 | import org.apache.turbine.om.security.User; | |
29 | import org.apache.turbine.pipeline.PipelineData; | |
30 | import org.apache.turbine.services.security.SecurityService; | |
31 | import org.apache.turbine.util.RunData; | |
32 | ||
33 | /** | |
34 | * This action removes a user from the session. It makes sure to save | |
35 | * the User object in the session. | |
36 | * | |
37 | * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> | |
38 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> | |
39 | * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> | |
40 | * @version $Id: LogoutUser.java 1706239 2015-10-01 13:18:35Z tv $ | |
41 | */ | |
42 | 0 | public class LogoutUser |
43 | extends Action | |
44 | { | |
45 | /** Injected service instance */ | |
46 | @TurbineService | |
47 | private SecurityService security; | |
48 | ||
49 | /** Injected configuration instance */ | |
50 | @TurbineConfiguration | |
51 | private Configuration conf; | |
52 | ||
53 | /** | |
54 | * Clears the PipelineData user object back to an anonymous status not | |
55 | * logged in, and with a null ACL. If the tr.props ACTION_LOGIN | |
56 | * is anything except "LogoutUser", flow is transfered to the | |
57 | * SCREEN_HOMEPAGE | |
58 | * | |
59 | * If this action name is the value of action.logout then we are | |
60 | * being run before the session validator, so we don't need to | |
61 | * set the screen (we assume that the session validator will handle | |
62 | * that). This is basically still here simply to preserve old behaviour | |
63 | * - it is recommended that action.logout is set to "LogoutUser" and | |
64 | * that the session validator does handle setting the screen/template | |
65 | * for a logged out (read not-logged-in) user. | |
66 | * | |
67 | * @param pipelineData Turbine information. | |
68 | * @exception FulcrumSecurityException a problem occurred in the security | |
69 | * service. | |
70 | */ | |
71 | @Override | |
72 | public void doPerform(PipelineData pipelineData) | |
73 | throws FulcrumSecurityException | |
74 | { | |
75 | 0 | RunData data = getRunData(pipelineData); |
76 | 0 | User user = data.getUser(); |
77 | ||
78 | 0 | if (!security.isAnonymousUser(user)) |
79 | { | |
80 | // Make sure that the user has really logged in... | |
81 | 0 | if (!user.hasLoggedIn()) |
82 | { | |
83 | 0 | return; |
84 | } | |
85 | ||
86 | 0 | user.setHasLoggedIn(Boolean.FALSE); |
87 | 0 | security.saveUser(user); |
88 | } | |
89 | ||
90 | 0 | data.setMessage(conf.getString(TurbineConstants.LOGOUT_MESSAGE)); |
91 | ||
92 | // This will cause the acl to be removed from the session in | |
93 | // the Turbine servlet code. | |
94 | 0 | data.setACL(null); |
95 | ||
96 | // Retrieve an anonymous user. | |
97 | 0 | User anonymousUser = security.getAnonymousUser(); |
98 | 0 | data.setUser(anonymousUser); |
99 | 0 | data.save(); |
100 | ||
101 | // In the event that the current screen or related navigations | |
102 | // require acl info, we cannot wait for Turbine to handle | |
103 | // regenerating acl. | |
104 | 0 | data.getSession().removeAttribute(TurbineConstants.ACL_SESSION_KEY); |
105 | ||
106 | // If this action name is the value of action.logout then we are | |
107 | // being run before the session validator, so we don't need to | |
108 | // set the screen (we assume that the session validator will handle | |
109 | // that). This is basically still here simply to preserve old behavior | |
110 | // - it is recommended that action.logout is set to "LogoutUser" and | |
111 | // that the session validator does handle setting the screen/template | |
112 | // for a logged out (read not-logged-in) user. | |
113 | 0 | if (!conf.getString(TurbineConstants.ACTION_LOGOUT_KEY, |
114 | TurbineConstants.ACTION_LOGOUT_DEFAULT) | |
115 | .equals(TurbineConstants.ACTION_LOGOUT_DEFAULT)) | |
116 | { | |
117 | 0 | data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE)); |
118 | } | |
119 | 0 | } |
120 | } |