1 package org.apache.turbine.pipeline;
2
3
4 /*
5 * Licensed to the Apache Software Foundation (ASF) under one
6 * or more contributor license agreements. See the NOTICE file
7 * distributed with this work for additional information
8 * regarding copyright ownership. The ASF licenses this file
9 * to you under the Apache License, Version 2.0 (the
10 * "License"); you may not use this file except in compliance
11 * with the License. You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing,
16 * software distributed under the License is distributed on an
17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 * KIND, either express or implied. See the License for the
19 * specific language governing permissions and limitations
20 * under the License.
21 */
22
23
24 import java.io.IOException;
25 import java.util.ArrayList;
26 import java.util.Enumeration;
27 import java.util.List;
28
29 import javax.servlet.http.HttpSession;
30
31 import org.apache.commons.configuration.Configuration;
32 import org.apache.turbine.TurbineConstants;
33 import org.apache.turbine.annotation.TurbineConfiguration;
34 import org.apache.turbine.annotation.TurbineLoader;
35 import org.apache.turbine.modules.Action;
36 import org.apache.turbine.modules.ActionLoader;
37 import org.apache.turbine.services.velocity.VelocityService;
38 import org.apache.turbine.util.RunData;
39 import org.apache.turbine.util.TurbineException;
40 import org.apache.turbine.util.template.TemplateInfo;
41
42 /**
43 * Handles the Login and Logout actions in the request process
44 * cycle.
45 *
46 * @author <a href="mailto:jvanzyl@apache.org">Jason van Zyl</a>
47 * @author <a href="mailto:dlr@apache.org">Daniel Rall</a>
48 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
49 * @version $Id: DefaultLoginValve.java 1706239 2015-10-01 13:18:35Z tv $
50 */
51 public class DefaultLoginValve
52 extends AbstractValve
53 {
54 /** Injected loader instance */
55 @TurbineLoader( Action.class )
56 private ActionLoader actionLoader;
57
58 /** Injected configuration instance */
59 @TurbineConfiguration
60 private Configuration config;
61
62 /**
63 * @see org.apache.turbine.pipeline.Valve#invoke(PipelineData, ValveContext)
64 */
65 @Override
66 public void invoke(PipelineData pipelineData, ValveContext context)
67 throws IOException, TurbineException
68 {
69 try
70 {
71 process(pipelineData);
72 }
73 catch (Exception e)
74 {
75 throw new TurbineException(e);
76 }
77
78 // Pass control to the next Valve in the Pipeline
79 context.invokeNext(pipelineData);
80 }
81
82 /**
83 * Handles user sessions, parsing of the action from the query
84 * string, and access control.
85 *
86 * @param pipelineData The run-time data.
87 */
88 protected void process(PipelineData pipelineData)
89 throws Exception
90 {
91 RunData data = getRunData(pipelineData);
92 // Special case for login and logout, this must happen before the
93 // session validator is executed in order either to allow a user to
94 // even login, or to ensure that the session validator gets to
95 // mandate its page selection policy for non-logged in users
96 // after the logout has taken place.
97 String actionName = data.getAction();
98 if (data.hasAction() &&
99 actionName.equalsIgnoreCase
100 (config.getString(TurbineConstants.ACTION_LOGIN_KEY)) ||
101 actionName.equalsIgnoreCase
102 (config.getString(TurbineConstants.ACTION_LOGOUT_KEY)))
103 {
104 // If a User is logging in, we should refresh the
105 // session here. Invalidating session and starting a
106 // new session would seem to be a good method, but I
107 // (JDM) could not get this to work well (it always
108 // required the user to login twice). Maybe related
109 // to JServ? If we do not clear out the session, it
110 // is possible a new User may accidently (if they
111 // login incorrectly) continue on with information
112 // associated with the previous User. Currently the
113 // only keys stored in the session are "turbine.user"
114 // and "turbine.acl".
115 if (actionName.equalsIgnoreCase
116 (config.getString(TurbineConstants.ACTION_LOGIN_KEY)))
117 {
118 @SuppressWarnings("unchecked")
119 Enumeration<String> names = data.getSession().getAttributeNames();
120 if (names != null)
121 {
122 // copy keys into a new list, so we can clear the session
123 // and not get ConcurrentModificationException
124 List<String> nameList = new ArrayList<String>();
125 while (names.hasMoreElements())
126 {
127 nameList.add(names.nextElement());
128 }
129
130 HttpSession session = data.getSession();
131 for (String name : nameList)
132 {
133 try
134 {
135 session.removeAttribute(name);
136 }
137 catch (IllegalStateException invalidatedSession)
138 {
139 break;
140 }
141 }
142 }
143 }
144
145 actionLoader.exec(pipelineData, data.getAction());
146 cleanupTemplateContext(data);
147 data.setAction(null);
148 }
149 }
150 /**
151 * cleans the Velocity Context if available.
152 *
153 * @param pipelineData A RunData Object
154 *
155 * @throws Exception A problem while cleaning out the Template Context occured.
156 */
157 private void cleanupTemplateContext(RunData data)
158 throws Exception
159 {
160 // This is Velocity specific and shouldn't be done here.
161 // But this is a band aid until we get real listeners
162 // here.
163 TemplateInfo ti = data.getTemplateInfo();
164 if (ti != null)
165 {
166 ti.removeTemp(VelocityService.CONTEXT);
167 }
168 }
169 }