org.apache.turbine.modules.actions.sessionvalidator
Class TemplateSecureSessionValidator
java.lang.Object
org.apache.turbine.modules.Assembler
org.apache.turbine.modules.Action
org.apache.turbine.modules.actions.sessionvalidator.SessionValidator
org.apache.turbine.modules.actions.sessionvalidator.TemplateSecureSessionValidator
public class TemplateSecureSessionValidator
- extends SessionValidator
SessionValidator that requires login for use with Template Services
like Velocity or WebMacro.
Templating services requires a different Session Validator
because of the way it handles screens. If you use the WebMacro or
Velocity Service with the DefaultSessionValidator, users will be able to
bypass login by directly addressing the template using
template/index.wm. This is because the Page class looks for the
keyword "template" in the Path information and if it finds it will
reset the screen using it's lookup mechanism and thereby bypass
Login.
Note that you will need to set the template.login property to the
login template.
- Version:
- $Id: TemplateSecureSessionValidator.java 1066518 2011-02-02 16:30:53Z ludwig $
- Author:
- John D. McNally, Dave Bryson, Henning P. Schmiedehausen, Peter Courcoux
Method Summary |
void |
doPerform(PipelineData pipelineData)
doPerform is virtually identical to DefaultSessionValidator
except that it calls template methods instead of bare screen
methods. |
void |
doPerform(RunData data)
Deprecated. Use PipelineData version instead. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
TemplateSecureSessionValidator
public TemplateSecureSessionValidator()
doPerform
@Deprecated
public void doPerform(RunData data)
throws TurbineException
- Deprecated. Use PipelineData version instead.
- doPerform is virtually identical to DefaultSessionValidator
except that it calls template methods instead of bare screen
methods. For example, it uses
setScreenTemplate
to
load the tr.props TEMPLATE_LOGIN instead of the default's
setScreen to TurbineConstants.SCREEN_LOGIN.
- Specified by:
doPerform
in class Action
- Parameters:
data
- Turbine information.
- Throws:
TurbineException
- The anonymous user could not be obtained
from the security service- See Also:
DefaultSessionValidator
doPerform
public void doPerform(PipelineData pipelineData)
throws TurbineException
- doPerform is virtually identical to DefaultSessionValidator
except that it calls template methods instead of bare screen
methods. For example, it uses
setScreenTemplate
to
load the tr.props TEMPLATE_LOGIN instead of the default's
setScreen to TurbineConstants.SCREEN_LOGIN.
- Overrides:
doPerform
in class Action
- Parameters:
pipelineData
- Turbine information.
- Throws:
TurbineException
- The anonymous user could not be obtained
from the security service- See Also:
DefaultSessionValidator
Copyright © 2000-2011 The Apache Software Foundation. All Rights Reserved.