Coverage Report - org.apache.turbine.pipeline.DefaultLoginValve
 
Classes in this File Line Coverage Branch Coverage Complexity
DefaultLoginValve
67%
23/34
43%
7/16
3,2
 
 1  
 package org.apache.turbine.pipeline;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import java.io.IOException;
 25  
 import java.util.ArrayList;
 26  
 import java.util.Enumeration;
 27  
 import java.util.List;
 28  
 
 29  
 import javax.servlet.http.HttpSession;
 30  
 
 31  
 import org.apache.turbine.Turbine;
 32  
 import org.apache.turbine.TurbineConstants;
 33  
 import org.apache.turbine.modules.Action;
 34  
 import org.apache.turbine.modules.ActionLoader;
 35  
 import org.apache.turbine.services.assemblerbroker.TurbineAssemblerBroker;
 36  
 import org.apache.turbine.services.velocity.VelocityService;
 37  
 import org.apache.turbine.util.RunData;
 38  
 import org.apache.turbine.util.TurbineException;
 39  
 import org.apache.turbine.util.template.TemplateInfo;
 40  
 
 41  
 /**
 42  
  * Handles the Login and Logout actions in the request process
 43  
  * cycle.
 44  
  *
 45  
  * @author <a href="mailto:jvanzyl@apache.org">Jason van Zyl</a>
 46  
  * @author <a href="mailto:dlr@apache.org">Daniel Rall</a>
 47  
  * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
 48  
  * @version $Id: DefaultLoginValve.java 1078552 2011-03-06 19:58:46Z tv $
 49  
  */
 50  
 public class DefaultLoginValve
 51  
     extends AbstractValve
 52  
 {
 53  
     private ActionLoader actionLoader;
 54  
 
 55  
     /**
 56  
      * Here we can setup objects that are thread safe and can be
 57  
      * reused. We setup the session validator and the access
 58  
      * controller.
 59  
      */
 60  
     public DefaultLoginValve()
 61  
         throws Exception
 62  2
     {
 63  
         // empty constructor
 64  2
     }
 65  
 
 66  
     /**
 67  
      * Initialize this valve for use in a pipeline.
 68  
      *
 69  
      * @see org.apache.turbine.pipeline.AbstractValve#initialize()
 70  
      */
 71  
     @Override
 72  
     public void initialize() throws Exception
 73  
     {
 74  96
         super.initialize();
 75  
 
 76  96
         this.actionLoader = (ActionLoader)TurbineAssemblerBroker.getLoader(Action.NAME);
 77  96
     }
 78  
 
 79  
     /**
 80  
      * @see org.apache.turbine.Valve#invoke(RunData, ValveContext)
 81  
      */
 82  
     @Override
 83  
     public void invoke(PipelineData pipelineData, ValveContext context)
 84  
         throws IOException, TurbineException
 85  
     {
 86  
         try
 87  
         {
 88  4
             process(pipelineData);
 89  
         }
 90  0
         catch (Exception e)
 91  
         {
 92  0
             throw new TurbineException(e);
 93  4
         }
 94  
 
 95  
         // Pass control to the next Valve in the Pipeline
 96  4
         context.invokeNext(pipelineData);
 97  2
     }
 98  
 
 99  
     /**
 100  
      * Handles user sessions, parsing of the action from the query
 101  
      * string, and access control.
 102  
      *
 103  
      * @param data The run-time data.
 104  
      */
 105  
     protected void process(PipelineData pipelineData)
 106  
         throws Exception
 107  
     {
 108  4
         RunData data = getRunData(pipelineData);
 109  
         // Special case for login and logout, this must happen before the
 110  
         // session validator is executed in order either to allow a user to
 111  
         // even login, or to ensure that the session validator gets to
 112  
         // mandate its page selection policy for non-logged in users
 113  
         // after the logout has taken place.
 114  4
         String actionName = data.getAction();
 115  4
         if (data.hasAction() &&
 116  
             actionName.equalsIgnoreCase
 117  
             (Turbine.getConfiguration().getString(TurbineConstants.ACTION_LOGIN_KEY)) ||
 118  
             actionName.equalsIgnoreCase
 119  
             (Turbine.getConfiguration().getString(TurbineConstants.ACTION_LOGOUT_KEY)))
 120  
         {
 121  
             // If a User is logging in, we should refresh the
 122  
             // session here.  Invalidating session and starting a
 123  
             // new session would seem to be a good method, but I
 124  
             // (JDM) could not get this to work well (it always
 125  
             // required the user to login twice).  Maybe related
 126  
             // to JServ?  If we do not clear out the session, it
 127  
             // is possible a new User may accidently (if they
 128  
             // login incorrectly) continue on with information
 129  
             // associated with the previous User.  Currently the
 130  
             // only keys stored in the session are "turbine.user"
 131  
             // and "turbine.acl".
 132  2
             if (actionName.equalsIgnoreCase
 133  
                 (Turbine.getConfiguration().getString(TurbineConstants.ACTION_LOGIN_KEY)))
 134  
             {
 135  
                 @SuppressWarnings("unchecked")
 136  2
                 Enumeration<String> names = data.getSession().getAttributeNames();
 137  2
                 if (names != null)
 138  
                 {
 139  
                     // copy keys into a new list, so we can clear the session
 140  
                     // and not get ConcurrentModificationException
 141  0
                     List<String> nameList = new ArrayList<String>();
 142  0
                     while (names.hasMoreElements())
 143  
                     {
 144  0
                         nameList.add(names.nextElement());
 145  
                     }
 146  
 
 147  0
                     HttpSession session = data.getSession();
 148  0
                     for (String name : nameList)
 149  
                     {
 150  
                         try
 151  
                         {
 152  0
                             session.removeAttribute(name);
 153  
                         }
 154  0
                         catch (IllegalStateException invalidatedSession)
 155  
                         {
 156  0
                             break;
 157  0
                         }
 158  
                     }
 159  
                 }
 160  
             }
 161  
 
 162  2
             actionLoader.exec(pipelineData, data.getAction());
 163  2
             cleanupTemplateContext(data);
 164  2
             data.setAction(null);
 165  
         }
 166  4
     }
 167  
     /**
 168  
      * cleans the Velocity Context if available.
 169  
      *
 170  
      * @param data A RunData Object
 171  
      *
 172  
      * @throws Exception A problem while cleaning out the Template Context occured.
 173  
      */
 174  
     private void cleanupTemplateContext(RunData data)
 175  
     throws Exception
 176  
     {
 177  
         // This is Velocity specific and shouldn't be done here.
 178  
         // But this is a band aid until we get real listeners
 179  
         // here.
 180  2
         TemplateInfo ti = data.getTemplateInfo();
 181  2
         if (ti != null)
 182  
         {
 183  2
             ti.removeTemp(VelocityService.CONTEXT);
 184  
         }
 185  2
     }
 186  
 }