1 package org.apache.turbine.modules.actions.sessionvalidator;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22 import org.apache.commons.lang.StringUtils;
23 import org.apache.commons.logging.Log;
24 import org.apache.commons.logging.LogFactory;
25 import org.apache.turbine.Turbine;
26 import org.apache.turbine.om.security.User;
27 import org.apache.turbine.pipeline.PipelineData;
28 import org.apache.turbine.util.RunData;
29
30 /**
31 * SessionValidator for use with the Template Service, the
32 * TemplateSessionValidator is virtually identical to the
33 * {@link TemplateSecureSessionValidator} except that it does not transfer to the
34 * login page when it detects a null user (or a user not logged in).
35 *
36 * <p>The Template Service requires a different Session Validator
37 * because of the way it handles screens.
38 *
39 * <p>Note that you will need to set the template.login property to the
40 * login template.
41 *
42 * @see TemplateSecureSessionValidator
43 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
44 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
45 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
46 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
47 * @version $Id: TemplateSessionValidator.java 1812601 2017-10-19 06:40:28Z gk $
48 */
49 public class TemplateSessionValidator
50 extends SessionValidator
51 {
52 /** Logging */
53 private static Log log = LogFactory.getLog(TemplateSessionValidator.class);
54
55 /**
56 * Execute the action.
57 *
58 * @param pipelineData Turbine information.
59 * @throws Exception The anonymous user could not be obtained
60 * from the security service
61 */
62 @Override
63 public void doPerform(PipelineData pipelineData) throws Exception
64 {
65 RunData data = getRunData(pipelineData);
66 // Pull user from session.
67 data.populate();
68
69 // The user may have not logged in, so create a "guest/anonymous" user.
70 if (data.getUser() == null)
71 {
72 log.debug("Fixing up empty User Object!");
73 User anonymousUser = security.getAnonymousUser();
74 data.setUser(anonymousUser);
75 data.save();
76 }
77
78 // make sure we have some way to return a response
79 if (!data.hasScreen() && StringUtils.isEmpty(
80 data.getTemplateInfo().getScreenTemplate()))
81 {
82 if (StringUtils.isNotEmpty(templateHomepage))
83 {
84 data.getTemplateInfo().setScreenTemplate(templateHomepage);
85 }
86 else
87 {
88 data.setScreen(screenHomepage);
89 }
90 } else {
91 handleFormCounterToken(data, false);
92 }
93
94 // we do not want to allow both a screen and template parameter.
95 // The template parameter is dominant.
96 if (data.getTemplateInfo().getScreenTemplate() != null)
97 {
98 data.setScreen(null);
99 }
100
101 // Comply with Turbine 4.0 standards
102 pipelineData.get(Turbine.class).put(User.class, data.getUser());
103 }
104 }