View Javadoc
1   package org.apache.turbine.modules.actions;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.fulcrum.security.util.FulcrumSecurityException;
23  import org.apache.turbine.TurbineConstants;
24  import org.apache.turbine.annotation.TurbineConfiguration;
25  import org.apache.turbine.annotation.TurbineService;
26  import org.apache.turbine.modules.Action;
27  import org.apache.turbine.om.security.User;
28  import org.apache.turbine.pipeline.PipelineData;
29  import org.apache.turbine.services.security.SecurityService;
30  import org.apache.turbine.util.RunData;
31  
32  /**
33   * This action removes a user from the session. It makes sure to save
34   * the User object in the session.
35   *
36   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
37   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
38   * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
39   * @version $Id: LogoutUser.java 1773378 2016-12-09 13:19:59Z tv $
40   */
41  public class LogoutUser
42          extends Action
43  {
44      /** Injected service instance */
45      @TurbineService
46      private SecurityService security;
47  
48      @TurbineConfiguration( TurbineConstants.LOGOUT_MESSAGE )
49      private String logoutMessage;
50  
51      @TurbineConfiguration( TurbineConstants.ACTION_LOGOUT_KEY )
52      private String actionLogout = TurbineConstants.ACTION_LOGOUT_DEFAULT;
53  
54      @TurbineConfiguration( TurbineConstants.SCREEN_HOMEPAGE )
55      private String screenHomepage;
56  
57      /**
58       * Clears the PipelineData user object back to an anonymous status not
59       * logged in, and with a null ACL.  If the tr.props ACTION_LOGIN
60       * is anything except "LogoutUser", flow is transfered to the
61       * SCREEN_HOMEPAGE
62       *
63       * If this action name is the value of action.logout then we are
64       * being run before the session validator, so we don't need to
65       * set the screen (we assume that the session validator will handle
66       * that). This is basically still here simply to preserve old behavior
67       * - it is recommended that action.logout is set to "LogoutUser" and
68       * that the session validator does handle setting the screen/template
69       * for a logged out (read not-logged-in) user.
70       *
71       * @param pipelineData Turbine information.
72       * @throws FulcrumSecurityException a problem occurred in the security
73       *            service.
74       */
75      @Override
76      public void doPerform(PipelineData pipelineData)
77              throws FulcrumSecurityException
78      {
79          RunData data = getRunData(pipelineData);
80  
81          // Session validator did not run, so RunData is not populated
82          User user = data.getUserFromSession();
83  
84          if (!security.isAnonymousUser(user))
85          {
86              // Make sure that the user has really logged in...
87              if (!user.hasLoggedIn())
88              {
89                  return;
90              }
91  
92              user.setHasLoggedIn(Boolean.FALSE);
93              security.saveUser(user);
94          }
95  
96          data.setMessage(logoutMessage);
97  
98          // This will cause the acl to be removed from the session in
99          // the Turbine servlet code.
100         data.setACL(null);
101 
102         // Retrieve an anonymous user.
103         User anonymousUser = security.getAnonymousUser();
104         data.setUser(anonymousUser);
105         data.save();
106 
107         // In the event that the current screen or related navigations
108         // require acl info, we cannot wait for Turbine to handle
109         // regenerating acl.
110         data.getSession().removeAttribute(TurbineConstants.ACL_SESSION_KEY);
111 
112         // If this action name is the value of action.logout then we are
113         // being run before the session validator, so we don't need to
114         // set the screen (we assume that the session validator will handle
115         // that). This is basically still here simply to preserve old behavior
116         // - it is recommended that action.logout is set to "LogoutUser" and
117         // that the session validator does handle setting the screen/template
118         // for a logged out (read not-logged-in) user.
119         if (!actionLogout.equals(TurbineConstants.ACTION_LOGOUT_DEFAULT))
120         {
121             data.setScreen(screenHomepage);
122         }
123     }
124 }