001 package org.apache.turbine.modules.actions; 002 003 /* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022 import org.apache.commons.configuration.Configuration; 023 024 import org.apache.turbine.Turbine; 025 import org.apache.turbine.TurbineConstants; 026 import org.apache.turbine.modules.Action; 027 import org.apache.turbine.om.security.User; 028 import org.apache.turbine.pipeline.PipelineData; 029 import org.apache.turbine.services.security.TurbineSecurity; 030 import org.apache.turbine.util.RunData; 031 import org.apache.turbine.util.security.AccessControlList; 032 import org.apache.turbine.util.security.TurbineSecurityException; 033 034 /** 035 * This action removes a user from the session. It makes sure to save 036 * the User object in the session. 037 * 038 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 039 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 040 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 041 * @version $Id: LogoutUser.java 1066529 2011-02-02 17:01:46Z ludwig $ 042 */ 043 public class LogoutUser 044 extends Action 045 { 046 /** 047 * Clears the RunData user object back to an anonymous status not 048 * logged in, and with a null ACL. If the tr.props ACTION_LOGIN 049 * is anthing except "LogoutUser", flow is transfered to the 050 * SCREEN_HOMEPAGE 051 * 052 * If this action name is the value of action.logout then we are 053 * being run before the session validator, so we don't need to 054 * set the screen (we assume that the session validator will handle 055 * that). This is basically still here simply to preserve old behaviour 056 * - it is recommended that action.logout is set to "LogoutUser" and 057 * that the session validator does handle setting the screen/template 058 * for a logged out (read not-logged-in) user. 059 * 060 * @deprecated Use PipelineData version instead 061 * @param data Turbine information. 062 * @exception TurbineSecurityException a problem occured in the security 063 * service. 064 */ 065 @Deprecated 066 @Override 067 public void doPerform(RunData data) 068 throws TurbineSecurityException 069 { 070 User user = data.getUser(); 071 072 if (!TurbineSecurity.isAnonymousUser(user)) 073 { 074 // Make sure that the user has really logged in... 075 if (!user.hasLoggedIn()) 076 { 077 return; 078 } 079 080 user.setHasLoggedIn(Boolean.FALSE); 081 TurbineSecurity.saveUser(user); 082 } 083 084 Configuration conf = Turbine.getConfiguration(); 085 086 data.setMessage(conf.getString(TurbineConstants.LOGOUT_MESSAGE)); 087 088 // This will cause the acl to be removed from the session in 089 // the Turbine servlet code. 090 data.setACL(null); 091 092 // Retrieve an anonymous user. 093 data.setUser(TurbineSecurity.getAnonymousUser()); 094 data.save(); 095 096 // In the event that the current screen or related navigations 097 // require acl info, we cannot wait for Turbine to handle 098 // regenerating acl. 099 data.getSession().removeAttribute(AccessControlList.SESSION_KEY); 100 101 // If this action name is the value of action.logout then we are 102 // being run before the session validator, so we don't need to 103 // set the screen (we assume that the session validator will handle 104 // that). This is basically still here simply to preserve old behaviour 105 // - it is recommended that action.logout is set to "LogoutUser" and 106 // that the session validator does handle setting the screen/template 107 // for a logged out (read not-logged-in) user. 108 if (!conf.getString(TurbineConstants.ACTION_LOGOUT_KEY, 109 TurbineConstants.ACTION_LOGOUT_DEFAULT) 110 .equals(TurbineConstants.ACTION_LOGOUT_DEFAULT)) 111 { 112 data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE)); 113 } 114 } 115 116 /** 117 * Clears the RunData user object back to an anonymous status not 118 * logged in, and with a null ACL. If the tr.props ACTION_LOGIN 119 * is anthing except "LogoutUser", flow is transfered to the 120 * SCREEN_HOMEPAGE 121 * 122 * If this action name is the value of action.logout then we are 123 * being run before the session validator, so we don't need to 124 * set the screen (we assume that the session validator will handle 125 * that). This is basically still here simply to preserve old behaviour 126 * - it is recommended that action.logout is set to "LogoutUser" and 127 * that the session validator does handle setting the screen/template 128 * for a logged out (read not-logged-in) user. 129 * 130 * @param data Turbine information. 131 * @exception TurbineSecurityException a problem occured in the security 132 * service. 133 */ 134 @Override 135 public void doPerform(PipelineData pipelineData) 136 throws TurbineSecurityException 137 { 138 RunData data = getRunData(pipelineData); 139 doPerform(data); 140 } 141 }