001 package org.apache.turbine.modules.actions; 002 003 /* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022 import org.apache.commons.logging.Log; 023 import org.apache.commons.logging.LogFactory; 024 025 import org.apache.turbine.modules.Action; 026 import org.apache.turbine.services.security.TurbineSecurity; 027 import org.apache.turbine.util.RunData; 028 import org.apache.turbine.util.security.AccessControlList; 029 import org.apache.turbine.util.security.TurbineSecurityException; 030 031 import org.apache.turbine.om.security.User; 032 import org.apache.turbine.pipeline.PipelineData; 033 034 /** 035 * This action doPerforms an Access Control List and places it into 036 * the RunData object, so it is easily available to modules. The ACL 037 * is also placed into the session. Modules can null out the ACL to 038 * force it to be rebuilt based on more information. 039 * 040 * <p> 041 * 042 * Turbine uses a User-Role-Permission arrangement for access control. 043 * Users are assigned Roles. Roles are assigned Permissions. Turbine 044 * modules then check the Permission required for an action or 045 * information with the set of Permissions currently associated with 046 * the session (which are dependent on the user associated with the 047 * session.) 048 * 049 * <p> 050 * 051 * The criteria for assigning Roles/Permissions is application 052 * dependent, in some cases an application may change a User's Roles 053 * during the session. To achieve flexibility, the ACL takes an 054 * Object parameter, which the application can use to doPerform the 055 * ACL. 056 * 057 * <p> 058 * 059 * This action is special in that it should only be executed by the 060 * Turbine servlet. 061 * 062 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a> 063 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> 064 * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a> 065 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 066 * @version $Id: AccessController.java 1066529 2011-02-02 17:01:46Z ludwig $ 067 */ 068 public class AccessController 069 extends Action 070 { 071 072 /** Logging */ 073 private static Log log = LogFactory.getLog(AccessController.class); 074 075 /** 076 * If there is a user and the user is logged in, doPerform will 077 * set the RunData ACL. The list is first sought from the current 078 * session, otherwise it is loaded through 079 * <code>TurbineSecurity.getACL()</code> and added to the current 080 * session. 081 * @deprecated Use PipelineData version instead. 082 * @see org.apache.turbine.services.security.TurbineSecurity 083 * @param data Turbine information. 084 * @exception TurbineSecurityException problem with the security service. 085 */ 086 @Deprecated 087 @Override 088 public void doPerform(RunData data) 089 throws TurbineSecurityException 090 { 091 User user = data.getUser(); 092 093 if (!TurbineSecurity.isAnonymousUser(user) 094 && user.hasLoggedIn()) 095 { 096 log.debug("Fetching ACL for " + user.getName()); 097 AccessControlList acl = (AccessControlList) 098 data.getSession().getAttribute( 099 AccessControlList.SESSION_KEY); 100 if (acl == null) 101 { 102 log.debug("No ACL found in Session, building fresh ACL"); 103 acl = TurbineSecurity.getACL(user); 104 data.getSession().setAttribute( 105 AccessControlList.SESSION_KEY, acl); 106 107 log.debug("ACL is " + acl); 108 } 109 data.setACL(acl); 110 } 111 } 112 113 /** 114 * If there is a user and the user is logged in, doPerform will 115 * set the RunData ACL. The list is first sought from the current 116 * session, otherwise it is loaded through 117 * <code>TurbineSecurity.getACL()</code> and added to the current 118 * session. 119 * 120 * @see org.apache.turbine.services.security.TurbineSecurity 121 * @param data Turbine information. 122 * @exception TurbineSecurityException problem with the security service. 123 */ 124 @Override 125 public void doPerform(PipelineData pipelineData) 126 throws TurbineSecurityException 127 { 128 RunData data = getRunData(pipelineData); 129 doPerform(data); 130 } 131 }