in src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidator.java [84:148]
public void doPerform(PipelineData pipelineData)
throws Exception
{
RunData data = pipelineData.getRunData();
// Pull user from session.
data.populate();
// The user may have not logged in, so create a "guest/anonymous" user.
if (data.getUser() == null)
{
log.debug("Creating an anonymous user object!");
User anonymousUser = security.getAnonymousUser();
data.setUser(anonymousUser);
data.save();
}
// This is the secure session validator, so user must be logged in.
if (!data.getUser().hasLoggedIn())
{
log.debug("User is not logged in!");
// only set the message if nothing else has already set it
// (e.g. the LogoutUser action).
if (StringUtils.isEmpty(data.getMessage()))
{
data.setMessage(loginMessage);
}
// Set the screen template to the login page.
log.debug("Sending User to the Login Screen ({})", templateLogin);
data.getTemplateInfo().setScreenTemplate(templateLogin);
// We're not doing any actions buddy! (except action.login which
// will have been performed already)
data.setAction(null);
}
log.debug("Login Check finished!");
// Make sure we have some way to return a response.
if (!data.hasScreen() && StringUtils.isEmpty(
data.getTemplateInfo().getScreenTemplate()))
{
if (StringUtils.isNotEmpty(templateHomepage))
{
data.getTemplateInfo().setScreenTemplate(templateHomepage);
}
else
{
data.setScreen(screenHomepage);
}
} else {
handleFormCounterToken(data, false);
}
// We do not want to allow both a screen and template parameter.
// The template parameter is dominant.
if (data.getTemplateInfo().getScreenTemplate() != null)
{
data.setScreen(null);
}
// Comply with Turbine 4.0 standards
pipelineData.get(Turbine.class).put(User.class, data.getUser());
}