View Javadoc

1   package org.apache.turbine.pipeline;
2   
3   
4   /*
5    * Licensed to the Apache Software Foundation (ASF) under one
6    * or more contributor license agreements.  See the NOTICE file
7    * distributed with this work for additional information
8    * regarding copyright ownership.  The ASF licenses this file
9    * to you under the Apache License, Version 2.0 (the
10   * "License"); you may not use this file except in compliance
11   * with the License.  You may obtain a copy of the License at
12   *
13   *   http://www.apache.org/licenses/LICENSE-2.0
14   *
15   * Unless required by applicable law or agreed to in writing,
16   * software distributed under the License is distributed on an
17   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18   * KIND, either express or implied.  See the License for the
19   * specific language governing permissions and limitations
20   * under the License.
21   */
22  
23  
24  import java.io.IOException;
25  import java.util.ArrayList;
26  import java.util.Enumeration;
27  import java.util.List;
28  
29  import javax.servlet.http.HttpSession;
30  
31  import org.apache.commons.configuration.Configuration;
32  import org.apache.turbine.TurbineConstants;
33  import org.apache.turbine.annotation.TurbineConfiguration;
34  import org.apache.turbine.annotation.TurbineLoader;
35  import org.apache.turbine.modules.Action;
36  import org.apache.turbine.modules.ActionLoader;
37  import org.apache.turbine.services.velocity.VelocityService;
38  import org.apache.turbine.util.RunData;
39  import org.apache.turbine.util.TurbineException;
40  import org.apache.turbine.util.template.TemplateInfo;
41  
42  /**
43   * Handles the Login and Logout actions in the request process
44   * cycle.
45   *
46   * @author <a href="mailto:jvanzyl@apache.org">Jason van Zyl</a>
47   * @author <a href="mailto:dlr@apache.org">Daniel Rall</a>
48   * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
49   * @version $Id: DefaultLoginValve.java 1706239 2015-10-01 13:18:35Z tv $
50   */
51  public class DefaultLoginValve
52      extends AbstractValve
53  {
54      /** Injected loader instance */
55      @TurbineLoader( Action.class )
56      private ActionLoader actionLoader;
57  
58      /** Injected configuration instance */
59      @TurbineConfiguration
60      private Configuration config;
61  
62      /**
63       * @see org.apache.turbine.pipeline.Valve#invoke(PipelineData, ValveContext)
64       */
65      @Override
66      public void invoke(PipelineData pipelineData, ValveContext context)
67          throws IOException, TurbineException
68      {
69          try
70          {
71              process(pipelineData);
72          }
73          catch (Exception e)
74          {
75              throw new TurbineException(e);
76          }
77  
78          // Pass control to the next Valve in the Pipeline
79          context.invokeNext(pipelineData);
80      }
81  
82      /**
83       * Handles user sessions, parsing of the action from the query
84       * string, and access control.
85       *
86       * @param pipelineData The run-time data.
87       */
88      protected void process(PipelineData pipelineData)
89          throws Exception
90      {
91          RunData data = getRunData(pipelineData);
92          // Special case for login and logout, this must happen before the
93          // session validator is executed in order either to allow a user to
94          // even login, or to ensure that the session validator gets to
95          // mandate its page selection policy for non-logged in users
96          // after the logout has taken place.
97          String actionName = data.getAction();
98          if (data.hasAction() &&
99              actionName.equalsIgnoreCase
100             (config.getString(TurbineConstants.ACTION_LOGIN_KEY)) ||
101             actionName.equalsIgnoreCase
102             (config.getString(TurbineConstants.ACTION_LOGOUT_KEY)))
103         {
104             // If a User is logging in, we should refresh the
105             // session here.  Invalidating session and starting a
106             // new session would seem to be a good method, but I
107             // (JDM) could not get this to work well (it always
108             // required the user to login twice).  Maybe related
109             // to JServ?  If we do not clear out the session, it
110             // is possible a new User may accidently (if they
111             // login incorrectly) continue on with information
112             // associated with the previous User.  Currently the
113             // only keys stored in the session are "turbine.user"
114             // and "turbine.acl".
115             if (actionName.equalsIgnoreCase
116                 (config.getString(TurbineConstants.ACTION_LOGIN_KEY)))
117             {
118                 @SuppressWarnings("unchecked")
119                 Enumeration<String> names = data.getSession().getAttributeNames();
120                 if (names != null)
121                 {
122                     // copy keys into a new list, so we can clear the session
123                     // and not get ConcurrentModificationException
124                     List<String> nameList = new ArrayList<String>();
125                     while (names.hasMoreElements())
126                     {
127                         nameList.add(names.nextElement());
128                     }
129 
130                     HttpSession session = data.getSession();
131                     for (String name : nameList)
132                     {
133                         try
134                         {
135                             session.removeAttribute(name);
136                         }
137                         catch (IllegalStateException invalidatedSession)
138                         {
139                             break;
140                         }
141                     }
142                 }
143             }
144 
145             actionLoader.exec(pipelineData, data.getAction());
146             cleanupTemplateContext(data);
147             data.setAction(null);
148         }
149     }
150     /**
151      * cleans the Velocity Context if available.
152      *
153      * @param pipelineData A RunData Object
154      *
155      * @throws Exception A problem while cleaning out the Template Context occured.
156      */
157     private void cleanupTemplateContext(RunData data)
158     throws Exception
159     {
160         // This is Velocity specific and shouldn't be done here.
161         // But this is a band aid until we get real listeners
162         // here.
163         TemplateInfo ti = data.getTemplateInfo();
164         if (ti != null)
165         {
166             ti.removeTemp(VelocityService.CONTEXT);
167         }
168     }
169 }