public class TemplateSecureSessionValidator extends SessionValidator
DefaultSessionValidator
, users will be able to
bypass login by directly addressing the template using
template/index.wm. This is because the Page class looks for the
keyword "template" in the Path information and if it finds it will
reset the screen using it's lookup mechanism and thereby bypass
Login.
Note that you will need to set the template.login property to the
login template.screenHomepage, screenInvalidState, security, templateHomepage, templateInvalidState
CACHE_SIZE_DEFAULT, CACHE_SIZE_KEY, NAME, PREFIX
Constructor and Description |
---|
TemplateSecureSessionValidator() |
Modifier and Type | Method and Description |
---|---|
void |
doPerform(PipelineData pipelineData)
doPerform is virtually identical to DefaultSessionValidator
except that it calls template methods instead of bare screen
methods.
|
handleFormCounterToken
getRunData
public TemplateSecureSessionValidator()
public void doPerform(PipelineData pipelineData) throws Exception
setScreenTemplate
to
load the tr.props TEMPLATE_LOGIN instead of the default's
setScreen to TurbineConstants.SCREEN_LOGIN.doPerform
in class Action
pipelineData
- Turbine information.Exception
- The anonymous user could not be obtained
from the security serviceDefaultSessionValidator
Copyright © 2000–2018 The Apache Software Foundation. All rights reserved.