View Javadoc

1   package org.apache.turbine.modules.actions;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.commons.configuration.Configuration;
23  
24  import org.apache.turbine.Turbine;
25  import org.apache.turbine.TurbineConstants;
26  import org.apache.turbine.modules.Action;
27  import org.apache.turbine.om.security.User;
28  import org.apache.turbine.pipeline.PipelineData;
29  import org.apache.turbine.services.security.TurbineSecurity;
30  import org.apache.turbine.util.RunData;
31  import org.apache.turbine.util.security.AccessControlList;
32  import org.apache.turbine.util.security.TurbineSecurityException;
33  
34  /**
35   * This action removes a user from the session. It makes sure to save
36   * the User object in the session.
37   *
38   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
39   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
40   * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
41   * @version $Id: LogoutUser.java 1066529 2011-02-02 17:01:46Z ludwig $
42   */
43  public class LogoutUser
44          extends Action
45  {
46      /**
47       * Clears the RunData user object back to an anonymous status not
48       * logged in, and with a null ACL.  If the tr.props ACTION_LOGIN
49       * is anthing except "LogoutUser", flow is transfered to the
50       * SCREEN_HOMEPAGE
51       *
52       * If this action name is the value of action.logout then we are
53       * being run before the session validator, so we don't need to
54       * set the screen (we assume that the session validator will handle
55       * that). This is basically still here simply to preserve old behaviour
56       * - it is recommended that action.logout is set to "LogoutUser" and
57       * that the session validator does handle setting the screen/template
58       * for a logged out (read not-logged-in) user.
59       *
60       * @deprecated Use PipelineData version instead
61       * @param data Turbine information.
62       * @exception TurbineSecurityException a problem occured in the security
63       *            service.
64       */
65      @Deprecated
66      @Override
67      public void doPerform(RunData data)
68              throws TurbineSecurityException
69      {
70          User user = data.getUser();
71  
72          if (!TurbineSecurity.isAnonymousUser(user))
73          {
74              // Make sure that the user has really logged in...
75              if (!user.hasLoggedIn())
76              {
77                  return;
78              }
79  
80              user.setHasLoggedIn(Boolean.FALSE);
81              TurbineSecurity.saveUser(user);
82          }
83  
84          Configuration conf = Turbine.getConfiguration();
85  
86          data.setMessage(conf.getString(TurbineConstants.LOGOUT_MESSAGE));
87  
88          // This will cause the acl to be removed from the session in
89          // the Turbine servlet code.
90          data.setACL(null);
91  
92          // Retrieve an anonymous user.
93          data.setUser(TurbineSecurity.getAnonymousUser());
94          data.save();
95  
96          // In the event that the current screen or related navigations
97          // require acl info, we cannot wait for Turbine to handle
98          // regenerating acl.
99          data.getSession().removeAttribute(AccessControlList.SESSION_KEY);
100 
101         // If this action name is the value of action.logout then we are
102         // being run before the session validator, so we don't need to
103         // set the screen (we assume that the session validator will handle
104         // that). This is basically still here simply to preserve old behaviour
105         // - it is recommended that action.logout is set to "LogoutUser" and
106         // that the session validator does handle setting the screen/template
107         // for a logged out (read not-logged-in) user.
108         if (!conf.getString(TurbineConstants.ACTION_LOGOUT_KEY,
109                             TurbineConstants.ACTION_LOGOUT_DEFAULT)
110             .equals(TurbineConstants.ACTION_LOGOUT_DEFAULT))
111         {
112             data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE));
113         }
114     }
115 
116     /**
117      * Clears the RunData user object back to an anonymous status not
118      * logged in, and with a null ACL.  If the tr.props ACTION_LOGIN
119      * is anthing except "LogoutUser", flow is transfered to the
120      * SCREEN_HOMEPAGE
121      *
122      * If this action name is the value of action.logout then we are
123      * being run before the session validator, so we don't need to
124      * set the screen (we assume that the session validator will handle
125      * that). This is basically still here simply to preserve old behaviour
126      * - it is recommended that action.logout is set to "LogoutUser" and
127      * that the session validator does handle setting the screen/template
128      * for a logged out (read not-logged-in) user.
129      *
130      * @param data Turbine information.
131      * @exception TurbineSecurityException a problem occured in the security
132      *            service.
133      */
134     @Override
135     public void doPerform(PipelineData pipelineData)
136             throws TurbineSecurityException
137     {
138         RunData data = getRunData(pipelineData);
139         doPerform(data);
140     }
141 }