1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portlet.enterpriseadmin.action;
24  
25  import com.liferay.portal.kernel.log.Log;
26  import com.liferay.portal.kernel.log.LogFactoryUtil;
27  import com.liferay.portal.kernel.servlet.SessionErrors;
28  import com.liferay.portal.kernel.util.ParamUtil;
29  import com.liferay.portal.security.auth.PrincipalException;
30  import com.liferay.portal.security.permission.PermissionChecker;
31  import com.liferay.portal.servlet.PortalSessionContext;
32  import com.liferay.portal.struts.PortletAction;
33  import com.liferay.portal.theme.ThemeDisplay;
34  import com.liferay.portal.util.WebKeys;
35  
36  import javax.portlet.ActionRequest;
37  import javax.portlet.ActionResponse;
38  import javax.portlet.PortletConfig;
39  import javax.portlet.RenderRequest;
40  import javax.portlet.RenderResponse;
41  
42  import javax.servlet.http.HttpSession;
43  
44  import org.apache.struts.action.ActionForm;
45  import org.apache.struts.action.ActionForward;
46  import org.apache.struts.action.ActionMapping;
47  
48  /**
49   * <a href="EditSessionAction.java.html"><b><i>View Source</i></b></a>
50   *
51   * @author Brian Wing Shun Chan
52   *
53   */
54  public class EditSessionAction extends PortletAction {
55  
56      public void processAction(
57              ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
58              ActionRequest actionRequest, ActionResponse actionResponse)
59          throws Exception {
60  
61          ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
62              WebKeys.THEME_DISPLAY);
63  
64          PermissionChecker permissionChecker =
65              themeDisplay.getPermissionChecker();
66  
67          if (!permissionChecker.isOmniadmin()) {
68              SessionErrors.add(
69                  actionRequest, PrincipalException.class.getName());
70  
71              setForward(actionRequest, "portlet.enterprise_admin.error");
72  
73              return;
74          }
75  
76          invalidateSession(actionRequest);
77  
78          sendRedirect(actionRequest, actionResponse);
79      }
80  
81      public ActionForward render(
82              ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
83              RenderRequest renderRequest, RenderResponse renderResponse)
84          throws Exception {
85  
86          return mapping.findForward(
87              getForward(renderRequest, "portlet.enterprise_admin.edit_session"));
88      }
89  
90      protected void invalidateSession(ActionRequest actionRequest)
91          throws Exception {
92  
93          String sessionId = ParamUtil.getString(actionRequest, "sessionId");
94  
95          HttpSession userSession = PortalSessionContext.get(sessionId);
96  
97          if (userSession != null) {
98              try {
99                  if (!actionRequest.getPortletSession().getId().equals(
100                         sessionId)) {
101 
102                     userSession.invalidate();
103                 }
104             }
105             catch (Exception e) {
106                 _log.error(e);
107             }
108         }
109     }
110 
111     private static Log _log = LogFactoryUtil.getLog(EditSessionAction.class);
112 
113 }