Source Code Cross Referenced for LogoutUser.java in  » Web-Framework » TURBINE » org » apache » turbine » modules » actions » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        package org.apache.turbine.modules.actions;
002:
003:        /*
004:         * Licensed to the Apache Software Foundation (ASF) under one
005:         * or more contributor license agreements.  See the NOTICE file
006:         * distributed with this work for additional information
007:         * regarding copyright ownership.  The ASF licenses this file
008:         * to you under the Apache License, Version 2.0 (the
009:         * "License"); you may not use this file except in compliance
010:         * with the License.  You may obtain a copy of the License at
011:         *
012:         *   http://www.apache.org/licenses/LICENSE-2.0
013:         *
014:         * Unless required by applicable law or agreed to in writing,
015:         * software distributed under the License is distributed on an
016:         * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017:         * KIND, either express or implied.  See the License for the
018:         * specific language governing permissions and limitations
019:         * under the License.
020:         */
021:
022:        import org.apache.commons.configuration.Configuration;
023:
024:        import org.apache.turbine.Turbine;
025:        import org.apache.turbine.TurbineConstants;
026:        import org.apache.turbine.modules.Action;
027:        import org.apache.turbine.om.security.User;
028:        import org.apache.turbine.services.security.TurbineSecurity;
029:        import org.apache.turbine.util.RunData;
030:        import org.apache.turbine.util.security.AccessControlList;
031:        import org.apache.turbine.util.security.TurbineSecurityException;
032:
033:        /**
034:         * This action removes a user from the session. It makes sure to save
035:         * the User object in the session.
036:         *
037:         * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
038:         * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
039:         * @version $Id: LogoutUser.java 534527 2007-05-02 16:10:59Z tv $
040:         */
041:        public class LogoutUser extends Action {
042:            /**
043:             * Clears the RunData user object back to an anonymous status not
044:             * logged in, and with a null ACL.  If the tr.props ACTION_LOGIN
045:             * is anthing except "LogoutUser", flow is transfered to the
046:             * SCREEN_HOMEPAGE
047:             *
048:             * If this action name is the value of action.logout then we are
049:             * being run before the session validator, so we don't need to
050:             * set the screen (we assume that the session validator will handle
051:             * that). This is basically still here simply to preserve old behaviour
052:             * - it is recommended that action.logout is set to "LogoutUser" and
053:             * that the session validator does handle setting the screen/template
054:             * for a logged out (read not-logged-in) user.
055:             *
056:             * @param data Turbine information.
057:             * @exception TurbineSecurityException a problem occured in the security
058:             *            service.
059:             */
060:            public void doPerform(RunData data) throws TurbineSecurityException {
061:                User user = data.getUser();
062:
063:                if (!TurbineSecurity.isAnonymousUser(user)) {
064:                    // Make sure that the user has really logged in...
065:                    if (!user.hasLoggedIn()) {
066:                        return;
067:                    }
068:
069:                    user.setHasLoggedIn(Boolean.FALSE);
070:                    TurbineSecurity.saveUser(user);
071:                }
072:
073:                Configuration conf = Turbine.getConfiguration();
074:
075:                data.setMessage(conf.getString(TurbineConstants.LOGOUT_MESSAGE,
076:                        ""));
077:
078:                // This will cause the acl to be removed from the session in
079:                // the Turbine servlet code.
080:                data.setACL(null);
081:
082:                // Retrieve an anonymous user.
083:                data.setUser(TurbineSecurity.getAnonymousUser());
084:                data.save();
085:
086:                // In the event that the current screen or related navigations
087:                // require acl info, we cannot wait for Turbine to handle
088:                // regenerating acl.
089:                data.getSession()
090:                        .removeAttribute(AccessControlList.SESSION_KEY);
091:
092:                // If this action name is the value of action.logout then we are
093:                // being run before the session validator, so we don't need to
094:                // set the screen (we assume that the session validator will handle
095:                // that). This is basically still here simply to preserve old behaviour
096:                // - it is recommended that action.logout is set to "LogoutUser" and
097:                // that the session validator does handle setting the screen/template
098:                // for a logged out (read not-logged-in) user.
099:                if (!conf.getString(TurbineConstants.ACTION_LOGOUT_KEY,
100:                        TurbineConstants.ACTION_LOGOUT_DEFAULT).equals(
101:                        TurbineConstants.ACTION_LOGOUT_DEFAULT)) {
102:                    data.setScreen(conf
103:                            .getString(TurbineConstants.SCREEN_HOMEPAGE));
104:                }
105:            }
106:        }