View Javadoc

1   package org.apache.turbine.modules.actions;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import org.apache.commons.configuration.Configuration;
20  
21  import org.apache.turbine.Turbine;
22  import org.apache.turbine.TurbineConstants;
23  import org.apache.turbine.modules.Action;
24  import org.apache.turbine.om.security.User;
25  import org.apache.turbine.services.security.TurbineSecurity;
26  import org.apache.turbine.util.RunData;
27  import org.apache.turbine.util.security.AccessControlList;
28  import org.apache.turbine.util.security.TurbineSecurityException;
29  
30  /***
31   * This action removes a user from the session. It makes sure to save
32   * the User object in the session.
33   *
34   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
35   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
36   * @version $Id: LogoutUser.java 264148 2005-08-29 14:21:04Z henning $
37   */
38  public class LogoutUser
39          extends Action
40  {
41      /***
42       * Clears the RunData user object back to an anonymous status not
43       * logged in, and with a null ACL.  If the tr.props ACTION_LOGIN
44       * is anthing except "LogoutUser", flow is transfered to the
45       * SCREEN_HOMEPAGE
46       *
47       * If this action name is the value of action.logout then we are
48       * being run before the session validator, so we don't need to
49       * set the screen (we assume that the session validator will handle
50       * that). This is basically still here simply to preserve old behaviour
51       * - it is recommended that action.logout is set to "LogoutUser" and
52       * that the session validator does handle setting the screen/template
53       * for a logged out (read not-logged-in) user.
54       *
55       * @param data Turbine information.
56       * @exception TurbineSecurityException a problem occured in the security
57       *            service.
58       */
59      public void doPerform(RunData data)
60              throws TurbineSecurityException
61      {
62          User user = data.getUser();
63  
64          if (!TurbineSecurity.isAnonymousUser(user))
65          {
66              // Make sure that the user has really logged in...
67              if (!user.hasLoggedIn())
68              {
69                  return;
70              }
71  
72              user.setHasLoggedIn(Boolean.FALSE);
73              TurbineSecurity.saveUser(user);
74          }
75  
76          Configuration conf = Turbine.getConfiguration();
77  
78          data.setMessage(conf.getString(TurbineConstants.LOGOUT_MESSAGE, ""));
79  
80          // This will cause the acl to be removed from the session in
81          // the Turbine servlet code.
82          data.setACL(null);
83  
84          // Retrieve an anonymous user.
85          data.setUser(TurbineSecurity.getAnonymousUser());
86          data.save();
87  
88          // In the event that the current screen or related navigations
89          // require acl info, we cannot wait for Turbine to handle
90          // regenerating acl.
91          data.getSession().removeAttribute(AccessControlList.SESSION_KEY);
92  
93          // If this action name is the value of action.logout then we are
94          // being run before the session validator, so we don't need to
95          // set the screen (we assume that the session validator will handle
96          // that). This is basically still here simply to preserve old behaviour
97          // - it is recommended that action.logout is set to "LogoutUser" and
98          // that the session validator does handle setting the screen/template
99          // for a logged out (read not-logged-in) user.
100         if (!conf.getString(TurbineConstants.ACTION_LOGOUT_KEY,
101                             TurbineConstants.ACTION_LOGOUT_DEFAULT)
102             .equals(TurbineConstants.ACTION_LOGOUT_DEFAULT))
103         {
104             data.setScreen(conf.getString(TurbineConstants.SCREEN_HOMEPAGE));
105         }
106     }
107 }