jacoco/org.apache.turbine.modules.actions.sessionvalidator/DefaultSessionValidator.java.html - turbine-core.git - Git at Google

 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang=""><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../jacoco-resources/report.gif" type="image/gif"/><title>DefaultSessionValidator.java</title><link rel="stylesheet" href="../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Apache Turbine</a> &gt; <a href="index.source.html" class="el_package">org.apache.turbine.modules.actions.sessionvalidator</a> &gt; <span class="el_source">DefaultSessionValidator.java</span></div><h1>DefaultSessionValidator.java</h1><pre class="source lang-java linenums">package org.apache.turbine.modules.actions.sessionvalidator;

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * &quot;License&quot;); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
 import org.apache.turbine.Turbine;
 import org.apache.turbine.TurbineConstants;
 import org.apache.turbine.annotation.TurbineConfiguration;
 import org.apache.turbine.om.security.User;
 import org.apache.turbine.pipeline.PipelineData;
 import org.apache.turbine.util.RunData;

 /**
  * The SessionValidator attempts to retrieve the User object from the
  * Servlet API session that is associated with the request.  If the
  * data cannot be retrieved, it is handled here.  If the user has not
  * been marked as being logged into the system, the user is rejected
  * and the screen is set to the screen.homepage value in
  * TurbineResources.properties.
  *
  * &lt;p&gt;
  *
  * Other systems generally have a database table which stores this
  * information, but we take advantage of the Servlet API here to save
  * a hit to the database for each and every connection that a user
  * makes.
  *
  * &lt;p&gt;
  *
  * This action is special in that it should only be executed by the
  * Turbine servlet.
  *
  * @author &lt;a href=&quot;mailto:mbryson@mont.mindspring.com&quot;&gt;Dave Bryson&lt;/a&gt;
  * @author &lt;a href=&quot;mailto:hps@intermeta.de&quot;&gt;Henning P. Schmiedehausen&lt;/a&gt;
  * @author &lt;a href=&quot;mailto:peter@courcoux.biz&quot;&gt;Peter Courcoux&lt;/a&gt;
  * @version $Id$
  */
 <span class="nc" id="L57">public class DefaultSessionValidator</span>
     extends SessionValidator
 {
     /** Logging */
 <span class="nc" id="L61">    private static Logger log = LogManager.getLogger(DefaultSessionValidator.class);</span>

     @TurbineConfiguration( TurbineConstants.LOGIN_MESSAGE )
     private String loginMessage;

     @TurbineConfiguration( TurbineConstants.SCREEN_LOGIN )
     private String screenLogin;

     @TurbineConfiguration( TurbineConstants.LOGIN_MESSAGE_NOSCREEN )
     private String loginMessageNoScreen;


     /**
      * Execute the action. The default behavior is to populate the PipelineData
      * object, and if the user is unknown, to then force a redirect
      * to the login screen (as set in the tr.props).
      *
      * @see org.apache.turbine.modules.screens.error.InvalidState
      * @param pipelineData Turbine PipelineData context information.
      * @throws Exception The anonymous user could not be obtained
      *         from the security service
      */
     @Override
     public void doPerform(PipelineData pipelineData)
             throws Exception
     {
 <span class="nc" id="L87">        RunData data = pipelineData.getRunData();</span>
         // Pull user from session.
 <span class="nc" id="L89">        data.populate();</span>

         // The user may have not logged in, so create a &quot;guest/anonymous&quot; user.
 <span class="nc bnc" id="L92" title="All 2 branches missed.">        if (data.getUser() == null)</span>
         {
 <span class="nc" id="L94">            log.debug(&quot;Creating an anonymous user object!&quot;);</span>
 <span class="nc" id="L95">            User anonymousUser = security.getAnonymousUser();</span>
 <span class="nc" id="L96">            data.setUser(anonymousUser);</span>
 <span class="nc" id="L97">            data.save();</span>
         }

         // Make sure the User has logged into the system.
 <span class="nc bnc" id="L101" title="All 2 branches missed.">        if (!data.getUser().hasLoggedIn())</span>
         {
             // only set the message if nothing else has already set it
             // (e.g. the LogoutUser action).
 <span class="nc bnc" id="L105" title="All 2 branches missed.">            if (StringUtils.isEmpty(data.getMessage()))</span>
             {
 <span class="nc" id="L107">                data.setMessage(loginMessage);</span>
             }

             // set the screen to be the login page
 <span class="nc" id="L111">            data.setScreen(screenLogin);</span>

             // We're not doing any actions buddy! (except action.login which
             // will have been performed already)
 <span class="nc" id="L115">            data.setAction(null);</span>
         }

 <span class="nc bnc" id="L118" title="All 2 branches missed.">        if (!data.hasScreen())</span>
         {
 <span class="nc" id="L120">            data.setMessage(loginMessageNoScreen);</span>
 <span class="nc" id="L121">            data.setScreen(screenHomepage);</span>
         }

 <span class="nc" id="L124">        handleFormCounterToken(data,true);</span>

         // Comply with Turbine 4.0 standards
 <span class="nc" id="L127">        pipelineData.get(Turbine.class).put(User.class, data.getUser());</span>
 <span class="nc" id="L128">    }</span>
 }
 </pre><div class="footer"><span class="right">Created with <a href="http://www.jacoco.org/jacoco">JaCoCo</a> 0.8.12.202403310830</span></div></body></html>
	<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang=""><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../jacoco-resources/report.gif" type="image/gif"/><title>DefaultSessionValidator.java</title><link rel="stylesheet" href="../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Apache Turbine</a> > <a href="index.source.html" class="el_package">org.apache.turbine.modules.actions.sessionvalidator</a> > <span class="el_source">DefaultSessionValidator.java</span></div><h1>DefaultSessionValidator.java</h1><pre class="source lang-java linenums">package org.apache.turbine.modules.actions.sessionvalidator;

	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	import org.apache.commons.lang3.StringUtils;
	import org.apache.logging.log4j.Logger;
	import org.apache.logging.log4j.LogManager;
	import org.apache.turbine.Turbine;
	import org.apache.turbine.TurbineConstants;
	import org.apache.turbine.annotation.TurbineConfiguration;
	import org.apache.turbine.om.security.User;
	import org.apache.turbine.pipeline.PipelineData;
	import org.apache.turbine.util.RunData;

	/**
	* The SessionValidator attempts to retrieve the User object from the
	* Servlet API session that is associated with the request. If the
	* data cannot be retrieved, it is handled here. If the user has not
	* been marked as being logged into the system, the user is rejected
	* and the screen is set to the screen.homepage value in
	* TurbineResources.properties.
	*
	* <p>
	*
	* Other systems generally have a database table which stores this
	* information, but we take advantage of the Servlet API here to save
	* a hit to the database for each and every connection that a user
	* makes.
	*
	* <p>
	*
	* This action is special in that it should only be executed by the
	* Turbine servlet.
	*
	* @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
	* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
	* @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
	* @version $Id$
	*/
	<span class="nc" id="L57">public class DefaultSessionValidator</span>
	extends SessionValidator
	{
	/** Logging */
	<span class="nc" id="L61"> private static Logger log = LogManager.getLogger(DefaultSessionValidator.class);</span>

	@TurbineConfiguration( TurbineConstants.LOGIN_MESSAGE )
	private String loginMessage;

	@TurbineConfiguration( TurbineConstants.SCREEN_LOGIN )
	private String screenLogin;

	@TurbineConfiguration( TurbineConstants.LOGIN_MESSAGE_NOSCREEN )
	private String loginMessageNoScreen;


	/**
	* Execute the action. The default behavior is to populate the PipelineData
	* object, and if the user is unknown, to then force a redirect
	* to the login screen (as set in the tr.props).
	*
	* @see org.apache.turbine.modules.screens.error.InvalidState
	* @param pipelineData Turbine PipelineData context information.
	* @throws Exception The anonymous user could not be obtained
	* from the security service
	*/
	@Override
	public void doPerform(PipelineData pipelineData)
	throws Exception
	{
	<span class="nc" id="L87"> RunData data = pipelineData.getRunData();</span>
	// Pull user from session.
	<span class="nc" id="L89"> data.populate();</span>

	// The user may have not logged in, so create a "guest/anonymous" user.
	<span class="nc bnc" id="L92" title="All 2 branches missed."> if (data.getUser() == null)</span>
	{
	<span class="nc" id="L94"> log.debug("Creating an anonymous user object!");</span>
	<span class="nc" id="L95"> User anonymousUser = security.getAnonymousUser();</span>
	<span class="nc" id="L96"> data.setUser(anonymousUser);</span>
	<span class="nc" id="L97"> data.save();</span>
	}

	// Make sure the User has logged into the system.
	<span class="nc bnc" id="L101" title="All 2 branches missed."> if (!data.getUser().hasLoggedIn())</span>
	{
	// only set the message if nothing else has already set it
	// (e.g. the LogoutUser action).
	<span class="nc bnc" id="L105" title="All 2 branches missed."> if (StringUtils.isEmpty(data.getMessage()))</span>
	{
	<span class="nc" id="L107"> data.setMessage(loginMessage);</span>
	}

	// set the screen to be the login page
	<span class="nc" id="L111"> data.setScreen(screenLogin);</span>

	// We're not doing any actions buddy! (except action.login which
	// will have been performed already)
	<span class="nc" id="L115"> data.setAction(null);</span>
	}

	<span class="nc bnc" id="L118" title="All 2 branches missed."> if (!data.hasScreen())</span>
	{
	<span class="nc" id="L120"> data.setMessage(loginMessageNoScreen);</span>
	<span class="nc" id="L121"> data.setScreen(screenHomepage);</span>
	}

	<span class="nc" id="L124"> handleFormCounterToken(data,true);</span>

	// Comply with Turbine 4.0 standards
	<span class="nc" id="L127"> pipelineData.get(Turbine.class).put(User.class, data.getUser());</span>
	<span class="nc" id="L128"> }</span>
	}
	</pre><div class="footer"><span class="right">Created with <a href="http://www.jacoco.org/jacoco">JaCoCo</a> 0.8.12.202403310830</span></div></body></html>