1   /**
2    * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portlet.enterpriseadmin.action;
24  
25  import com.liferay.portal.kernel.util.ParamUtil;
26  import com.liferay.portal.security.auth.PrincipalException;
27  import com.liferay.portal.security.permission.PermissionChecker;
28  import com.liferay.portal.servlet.PortalSessionContext;
29  import com.liferay.portal.struts.PortletAction;
30  import com.liferay.portal.theme.ThemeDisplay;
31  import com.liferay.portal.util.WebKeys;
32  import com.liferay.util.servlet.SessionErrors;
33  
34  import javax.portlet.ActionRequest;
35  import javax.portlet.ActionResponse;
36  import javax.portlet.PortletConfig;
37  import javax.portlet.RenderRequest;
38  import javax.portlet.RenderResponse;
39  
40  import javax.servlet.http.HttpSession;
41  
42  import org.apache.commons.logging.Log;
43  import org.apache.commons.logging.LogFactory;
44  import org.apache.struts.action.ActionForm;
45  import org.apache.struts.action.ActionForward;
46  import org.apache.struts.action.ActionMapping;
47  
48  /**
49   * <a href="EditSessionAction.java.html"><b><i>View Source</i></b></a>
50   *
51   * @author Brian Wing Shun Chan
52   *
53   */
54  public class EditSessionAction extends PortletAction {
55  
56      public void processAction(
57              ActionMapping mapping, ActionForm form, PortletConfig config,
58              ActionRequest req, ActionResponse res)
59          throws Exception {
60  
61          ThemeDisplay themeDisplay =
62              (ThemeDisplay)req.getAttribute(WebKeys.THEME_DISPLAY);
63  
64          PermissionChecker permissionChecker =
65              themeDisplay.getPermissionChecker();
66  
67          if (!permissionChecker.isOmniadmin()) {
68              SessionErrors.add(req, PrincipalException.class.getName());
69  
70              setForward(req, "portlet.enterprise_admin.error");
71  
72              return;
73          }
74  
75          invalidateSession(req);
76  
77          sendRedirect(req, res);
78      }
79  
80      public ActionForward render(
81              ActionMapping mapping, ActionForm form, PortletConfig config,
82              RenderRequest req, RenderResponse res)
83          throws Exception {
84  
85          return mapping.findForward(
86              getForward(req, "portlet.enterprise_admin.edit_session"));
87      }
88  
89      protected void invalidateSession(ActionRequest req) throws Exception {
90          String sessionId = ParamUtil.getString(req, "sessionId");
91  
92          HttpSession userSession = PortalSessionContext.get(sessionId);
93  
94          if (userSession != null) {
95              try {
96                  if (!req.getPortletSession().getId().equals(sessionId)) {
97                      userSession.invalidate();
98                  }
99              }
100             catch (Exception e) {
101                 _log.error(e);
102             }
103         }
104     }
105 
106     private static Log _log = LogFactory.getLog(EditSessionAction.class);
107 
108 }