View Javadoc

1   package org.apache.turbine.modules.actions;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.commons.logging.Log;
23  import org.apache.commons.logging.LogFactory;
24  
25  import org.apache.turbine.modules.Action;
26  import org.apache.turbine.services.security.TurbineSecurity;
27  import org.apache.turbine.util.RunData;
28  import org.apache.turbine.util.security.AccessControlList;
29  import org.apache.turbine.util.security.TurbineSecurityException;
30  
31  import org.apache.turbine.om.security.User;
32  import org.apache.turbine.pipeline.PipelineData;
33  
34  /**
35   * This action doPerforms an Access Control List and places it into
36   * the RunData object, so it is easily available to modules.  The ACL
37   * is also placed into the session.  Modules can null out the ACL to
38   * force it to be rebuilt based on more information.
39   *
40   * <p>
41   *
42   * Turbine uses a User-Role-Permission arrangement for access control.
43   * Users are assigned Roles.  Roles are assigned Permissions.  Turbine
44   * modules then check the Permission required for an action or
45   * information with the set of Permissions currently associated with
46   * the session (which are dependent on the user associated with the
47   * session.)
48   *
49   * <p>
50   *
51   * The criteria for assigning Roles/Permissions is application
52   * dependent, in some cases an application may change a User's Roles
53   * during the session.  To achieve flexibility, the ACL takes an
54   * Object parameter, which the application can use to doPerform the
55   * ACL.
56   *
57   * <p>
58   *
59   * This action is special in that it should only be executed by the
60   * Turbine servlet.
61   *
62   * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
63   * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
64   * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a>
65   * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
66   * @version $Id: AccessController.java 1066529 2011-02-02 17:01:46Z ludwig $
67   */
68  public class AccessController
69          extends Action
70  {
71  
72      /** Logging */
73      private static Log log = LogFactory.getLog(AccessController.class);
74  
75      /**
76       * If there is a user and the user is logged in, doPerform will
77       * set the RunData ACL.  The list is first sought from the current
78       * session, otherwise it is loaded through
79       * <code>TurbineSecurity.getACL()</code> and added to the current
80       * session.
81       * @deprecated Use PipelineData version instead.
82       * @see org.apache.turbine.services.security.TurbineSecurity
83       * @param data Turbine information.
84       * @exception TurbineSecurityException problem with the security service.
85       */
86      @Deprecated
87      @Override
88      public void doPerform(RunData data)
89              throws TurbineSecurityException
90      {
91          User user = data.getUser();
92  
93          if (!TurbineSecurity.isAnonymousUser(user)
94              && user.hasLoggedIn())
95          {
96              log.debug("Fetching ACL for " + user.getName());
97              AccessControlList acl = (AccessControlList)
98                      data.getSession().getAttribute(
99                              AccessControlList.SESSION_KEY);
100             if (acl == null)
101             {
102                 log.debug("No ACL found in Session, building fresh ACL");
103                 acl = TurbineSecurity.getACL(user);
104                 data.getSession().setAttribute(
105                         AccessControlList.SESSION_KEY, acl);
106 
107                 log.debug("ACL is " + acl);
108             }
109             data.setACL(acl);
110         }
111     }
112 
113     /**
114      * If there is a user and the user is logged in, doPerform will
115      * set the RunData ACL.  The list is first sought from the current
116      * session, otherwise it is loaded through
117      * <code>TurbineSecurity.getACL()</code> and added to the current
118      * session.
119      *
120      * @see org.apache.turbine.services.security.TurbineSecurity
121      * @param data Turbine information.
122      * @exception TurbineSecurityException problem with the security service.
123      */
124     @Override
125     public void doPerform(PipelineData pipelineData)
126     	throws TurbineSecurityException
127     {
128         RunData data = getRunData(pipelineData);
129         doPerform(data);
130     }
131 }