1 package org.apache.turbine.modules.actions; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 22 import org.apache.commons.configuration.Configuration; 23 import org.apache.fulcrum.security.util.FulcrumSecurityException; 24 import org.apache.turbine.TurbineConstants; 25 import org.apache.turbine.annotation.TurbineConfiguration; 26 import org.apache.turbine.annotation.TurbineService; 27 import org.apache.turbine.modules.Action; 28 import org.apache.turbine.om.security.User; 29 import org.apache.turbine.pipeline.PipelineData; 30 import org.apache.turbine.services.security.SecurityService; 31 import org.apache.turbine.util.RunData; 32 33 /** 34 * This action removes a user from the session. It makes sure to save 35 * the User object in the session. 36 * 37 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 38 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 39 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 40 * @version $Id: LogoutUser.java 1706239 2015-10-01 13:18:35Z tv $ 41 */ 42 public class LogoutUser 43 extends Action 44 { 45 /** Injected service instance */ 46 @TurbineService 47 private SecurityService security; 48 49 /** Injected configuration instance */ 50 @TurbineConfiguration 51 private Configuration conf; 52 53 /** 54 * Clears the PipelineData user object back to an anonymous status not 55 * logged in, and with a null ACL. If the tr.props ACTION_LOGIN 56 * is anything except "LogoutUser", flow is transfered to the 57 * SCREEN_HOMEPAGE 58 * 59 * If this action name is the value of action.logout then we are 60 * being run before the session validator, so we don't need to 61 * set the screen (we assume that the session validator will handle 62 * that). This is basically still here simply to preserve old behaviour 63 * - it is recommended that action.logout is set to "LogoutUser" and 64 * that the session validator does handle setting the screen/template 65 * for a logged out (read not-logged-in) user. 66 * 67 * @param pipelineData Turbine information. 68 * @exception FulcrumSecurityException a problem occurred in the security 69 * service. 70 */ 71 @Override 72 public void doPerform(PipelineData pipelineData) 73 throws FulcrumSecurityException 74 { 75 RunData data = getRunData(pipelineData); 76 User user = data.getUser(); 77 78 if (!security.isAnonymousUser(user)) 79 { 80 // Make sure that the user has really logged in... 81 if (!user.hasLoggedIn()) 82 { 83 return; 84 } 85 86 user.setHasLoggedIn(Boolean.FALSE); 87 security.saveUser(user); 88 } 89 90 data.setMessage(conf.getString(TurbineConstants.LOGOUT_MESSAGE)); 91 92 // This will cause the acl to be removed from the session in 93 // the Turbine servlet code. 94 data.setACL(null); 95 96 // Retrieve an anonymous user. 97 User anonymousUser = security.getAnonymousUser(); 98 data.setUser(anonymousUser); 99 data.save(); 100 101 // In the event that the current screen or related navigations 102 // require acl info, we cannot wait for Turbine to handle 103 // regenerating acl. 104 data.getSession().removeAttribute(TurbineConstants.ACL_SESSION_KEY); 105 106 // If this action name is the value of action.logout then we are 107 // being run before the session validator, so we don't need to 108 // set the screen (we assume that the session validator will handle 109 // that). This is basically still here simply to preserve old behavior 110 // - it is recommended that action.logout is set to "LogoutUser" and 111 // that the session validator does handle setting the screen/template 112 // for a logged out (read not-logged-in) user. 113 if (!conf.getString(TurbineConstants.ACTION_LOGOUT_KEY, 114 TurbineConstants.ACTION_LOGOUT_DEFAULT) 115 .equals(TurbineConstants.ACTION_LOGOUT_DEFAULT)) 116 { 117 data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE)); 118 } 119 } 120 }