1 package org.apache.turbine.modules.actions; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 22 import org.apache.commons.logging.Log; 23 import org.apache.commons.logging.LogFactory; 24 25 import org.apache.turbine.modules.Action; 26 import org.apache.turbine.services.security.TurbineSecurity; 27 import org.apache.turbine.util.RunData; 28 import org.apache.turbine.util.security.AccessControlList; 29 import org.apache.turbine.util.security.TurbineSecurityException; 30 31 import org.apache.turbine.om.security.User; 32 import org.apache.turbine.pipeline.PipelineData; 33 34 /** 35 * This action doPerforms an Access Control List and places it into 36 * the RunData object, so it is easily available to modules. The ACL 37 * is also placed into the session. Modules can null out the ACL to 38 * force it to be rebuilt based on more information. 39 * 40 * <p> 41 * 42 * Turbine uses a User-Role-Permission arrangement for access control. 43 * Users are assigned Roles. Roles are assigned Permissions. Turbine 44 * modules then check the Permission required for an action or 45 * information with the set of Permissions currently associated with 46 * the session (which are dependent on the user associated with the 47 * session.) 48 * 49 * <p> 50 * 51 * The criteria for assigning Roles/Permissions is application 52 * dependent, in some cases an application may change a User's Roles 53 * during the session. To achieve flexibility, the ACL takes an 54 * Object parameter, which the application can use to doPerform the 55 * ACL. 56 * 57 * <p> 58 * 59 * This action is special in that it should only be executed by the 60 * Turbine servlet. 61 * 62 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a> 63 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> 64 * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a> 65 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 66 * @version $Id: AccessController.java 1066529 2011-02-02 17:01:46Z ludwig $ 67 */ 68 public class AccessController 69 extends Action 70 { 71 72 /** Logging */ 73 private static Log log = LogFactory.getLog(AccessController.class); 74 75 /** 76 * If there is a user and the user is logged in, doPerform will 77 * set the RunData ACL. The list is first sought from the current 78 * session, otherwise it is loaded through 79 * <code>TurbineSecurity.getACL()</code> and added to the current 80 * session. 81 * @deprecated Use PipelineData version instead. 82 * @see org.apache.turbine.services.security.TurbineSecurity 83 * @param data Turbine information. 84 * @exception TurbineSecurityException problem with the security service. 85 */ 86 @Deprecated 87 @Override 88 public void doPerform(RunData data) 89 throws TurbineSecurityException 90 { 91 User user = data.getUser(); 92 93 if (!TurbineSecurity.isAnonymousUser(user) 94 && user.hasLoggedIn()) 95 { 96 log.debug("Fetching ACL for " + user.getName()); 97 AccessControlList acl = (AccessControlList) 98 data.getSession().getAttribute( 99 AccessControlList.SESSION_KEY); 100 if (acl == null) 101 { 102 log.debug("No ACL found in Session, building fresh ACL"); 103 acl = TurbineSecurity.getACL(user); 104 data.getSession().setAttribute( 105 AccessControlList.SESSION_KEY, acl); 106 107 log.debug("ACL is " + acl); 108 } 109 data.setACL(acl); 110 } 111 } 112 113 /** 114 * If there is a user and the user is logged in, doPerform will 115 * set the RunData ACL. The list is first sought from the current 116 * session, otherwise it is loaded through 117 * <code>TurbineSecurity.getACL()</code> and added to the current 118 * session. 119 * 120 * @see org.apache.turbine.services.security.TurbineSecurity 121 * @param data Turbine information. 122 * @exception TurbineSecurityException problem with the security service. 123 */ 124 @Override 125 public void doPerform(PipelineData pipelineData) 126 throws TurbineSecurityException 127 { 128 RunData data = getRunData(pipelineData); 129 doPerform(data); 130 } 131 }