Coverage Report - org.apache.turbine.pipeline.DefaultLoginValve
 
Classes in this File Line Coverage Branch Coverage Complexity
DefaultLoginValve
61%
19/31
43%
7/16
4,667
 
 1  
 package org.apache.turbine.pipeline;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import java.io.IOException;
 25  
 import java.util.ArrayList;
 26  
 import java.util.Enumeration;
 27  
 import java.util.List;
 28  
 
 29  
 import javax.servlet.http.HttpSession;
 30  
 
 31  
 import org.apache.commons.configuration.Configuration;
 32  
 import org.apache.turbine.TurbineConstants;
 33  
 import org.apache.turbine.annotation.TurbineConfiguration;
 34  
 import org.apache.turbine.annotation.TurbineLoader;
 35  
 import org.apache.turbine.modules.Action;
 36  
 import org.apache.turbine.modules.ActionLoader;
 37  
 import org.apache.turbine.services.velocity.VelocityService;
 38  
 import org.apache.turbine.util.RunData;
 39  
 import org.apache.turbine.util.TurbineException;
 40  
 import org.apache.turbine.util.template.TemplateInfo;
 41  
 
 42  
 /**
 43  
  * Handles the Login and Logout actions in the request process
 44  
  * cycle.
 45  
  *
 46  
  * @author <a href="mailto:jvanzyl@apache.org">Jason van Zyl</a>
 47  
  * @author <a href="mailto:dlr@apache.org">Daniel Rall</a>
 48  
  * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
 49  
  * @version $Id: DefaultLoginValve.java 1706239 2015-10-01 13:18:35Z tv $
 50  
  */
 51  1
 public class DefaultLoginValve
 52  
     extends AbstractValve
 53  
 {
 54  
     /** Injected loader instance */
 55  
     @TurbineLoader( Action.class )
 56  
     private ActionLoader actionLoader;
 57  
 
 58  
     /** Injected configuration instance */
 59  
     @TurbineConfiguration
 60  
     private Configuration config;
 61  
 
 62  
     /**
 63  
      * @see org.apache.turbine.pipeline.Valve#invoke(PipelineData, ValveContext)
 64  
      */
 65  
     @Override
 66  
     public void invoke(PipelineData pipelineData, ValveContext context)
 67  
         throws IOException, TurbineException
 68  
     {
 69  
         try
 70  
         {
 71  2
             process(pipelineData);
 72  
         }
 73  0
         catch (Exception e)
 74  
         {
 75  0
             throw new TurbineException(e);
 76  2
         }
 77  
 
 78  
         // Pass control to the next Valve in the Pipeline
 79  2
         context.invokeNext(pipelineData);
 80  1
     }
 81  
 
 82  
     /**
 83  
      * Handles user sessions, parsing of the action from the query
 84  
      * string, and access control.
 85  
      *
 86  
      * @param pipelineData The run-time data.
 87  
      */
 88  
     protected void process(PipelineData pipelineData)
 89  
         throws Exception
 90  
     {
 91  2
         RunData data = getRunData(pipelineData);
 92  
         // Special case for login and logout, this must happen before the
 93  
         // session validator is executed in order either to allow a user to
 94  
         // even login, or to ensure that the session validator gets to
 95  
         // mandate its page selection policy for non-logged in users
 96  
         // after the logout has taken place.
 97  2
         String actionName = data.getAction();
 98  2
         if (data.hasAction() &&
 99  
             actionName.equalsIgnoreCase
 100  
             (config.getString(TurbineConstants.ACTION_LOGIN_KEY)) ||
 101  
             actionName.equalsIgnoreCase
 102  
             (config.getString(TurbineConstants.ACTION_LOGOUT_KEY)))
 103  
         {
 104  
             // If a User is logging in, we should refresh the
 105  
             // session here.  Invalidating session and starting a
 106  
             // new session would seem to be a good method, but I
 107  
             // (JDM) could not get this to work well (it always
 108  
             // required the user to login twice).  Maybe related
 109  
             // to JServ?  If we do not clear out the session, it
 110  
             // is possible a new User may accidently (if they
 111  
             // login incorrectly) continue on with information
 112  
             // associated with the previous User.  Currently the
 113  
             // only keys stored in the session are "turbine.user"
 114  
             // and "turbine.acl".
 115  1
             if (actionName.equalsIgnoreCase
 116  
                 (config.getString(TurbineConstants.ACTION_LOGIN_KEY)))
 117  
             {
 118  
                 @SuppressWarnings("unchecked")
 119  1
                 Enumeration<String> names = data.getSession().getAttributeNames();
 120  1
                 if (names != null)
 121  
                 {
 122  
                     // copy keys into a new list, so we can clear the session
 123  
                     // and not get ConcurrentModificationException
 124  0
                     List<String> nameList = new ArrayList<String>();
 125  0
                     while (names.hasMoreElements())
 126  
                     {
 127  0
                         nameList.add(names.nextElement());
 128  
                     }
 129  
 
 130  0
                     HttpSession session = data.getSession();
 131  0
                     for (String name : nameList)
 132  
                     {
 133  
                         try
 134  
                         {
 135  0
                             session.removeAttribute(name);
 136  
                         }
 137  0
                         catch (IllegalStateException invalidatedSession)
 138  
                         {
 139  0
                             break;
 140  0
                         }
 141  0
                     }
 142  
                 }
 143  
             }
 144  
 
 145  1
             actionLoader.exec(pipelineData, data.getAction());
 146  1
             cleanupTemplateContext(data);
 147  1
             data.setAction(null);
 148  
         }
 149  2
     }
 150  
     /**
 151  
      * cleans the Velocity Context if available.
 152  
      *
 153  
      * @param pipelineData A RunData Object
 154  
      *
 155  
      * @throws Exception A problem while cleaning out the Template Context occured.
 156  
      */
 157  
     private void cleanupTemplateContext(RunData data)
 158  
     throws Exception
 159  
     {
 160  
         // This is Velocity specific and shouldn't be done here.
 161  
         // But this is a band aid until we get real listeners
 162  
         // here.
 163  1
         TemplateInfo ti = data.getTemplateInfo();
 164  1
         if (ti != null)
 165  
         {
 166  1
             ti.removeTemp(VelocityService.CONTEXT);
 167  
         }
 168  1
     }
 169  
 }