| Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
| AccessController |
|
| 2.5;2,5 |
| 1 | package org.apache.turbine.modules.actions; | |
| 2 | ||
| 3 | /* | |
| 4 | * Licensed to the Apache Software Foundation (ASF) under one | |
| 5 | * or more contributor license agreements. See the NOTICE file | |
| 6 | * distributed with this work for additional information | |
| 7 | * regarding copyright ownership. The ASF licenses this file | |
| 8 | * to you under the Apache License, Version 2.0 (the | |
| 9 | * "License"); you may not use this file except in compliance | |
| 10 | * with the License. You may obtain a copy of the License at | |
| 11 | * | |
| 12 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 13 | * | |
| 14 | * Unless required by applicable law or agreed to in writing, | |
| 15 | * software distributed under the License is distributed on an | |
| 16 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
| 17 | * KIND, either express or implied. See the License for the | |
| 18 | * specific language governing permissions and limitations | |
| 19 | * under the License. | |
| 20 | */ | |
| 21 | ||
| 22 | import org.apache.commons.logging.Log; | |
| 23 | import org.apache.commons.logging.LogFactory; | |
| 24 | ||
| 25 | import org.apache.turbine.modules.Action; | |
| 26 | import org.apache.turbine.services.security.TurbineSecurity; | |
| 27 | import org.apache.turbine.util.RunData; | |
| 28 | import org.apache.turbine.util.security.AccessControlList; | |
| 29 | import org.apache.turbine.util.security.TurbineSecurityException; | |
| 30 | ||
| 31 | import org.apache.turbine.om.security.User; | |
| 32 | import org.apache.turbine.pipeline.PipelineData; | |
| 33 | ||
| 34 | /** | |
| 35 | * This action doPerforms an Access Control List and places it into | |
| 36 | * the RunData object, so it is easily available to modules. The ACL | |
| 37 | * is also placed into the session. Modules can null out the ACL to | |
| 38 | * force it to be rebuilt based on more information. | |
| 39 | * | |
| 40 | * <p> | |
| 41 | * | |
| 42 | * Turbine uses a User-Role-Permission arrangement for access control. | |
| 43 | * Users are assigned Roles. Roles are assigned Permissions. Turbine | |
| 44 | * modules then check the Permission required for an action or | |
| 45 | * information with the set of Permissions currently associated with | |
| 46 | * the session (which are dependent on the user associated with the | |
| 47 | * session.) | |
| 48 | * | |
| 49 | * <p> | |
| 50 | * | |
| 51 | * The criteria for assigning Roles/Permissions is application | |
| 52 | * dependent, in some cases an application may change a User's Roles | |
| 53 | * during the session. To achieve flexibility, the ACL takes an | |
| 54 | * Object parameter, which the application can use to doPerform the | |
| 55 | * ACL. | |
| 56 | * | |
| 57 | * <p> | |
| 58 | * | |
| 59 | * This action is special in that it should only be executed by the | |
| 60 | * Turbine servlet. | |
| 61 | * | |
| 62 | * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a> | |
| 63 | * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> | |
| 64 | * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a> | |
| 65 | * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> | |
| 66 | * @version $Id: AccessController.java 1066529 2011-02-02 17:01:46Z ludwig $ | |
| 67 | */ | |
| 68 | 4 | public class AccessController |
| 69 | extends Action | |
| 70 | { | |
| 71 | ||
| 72 | /** Logging */ | |
| 73 | 4 | private static Log log = LogFactory.getLog(AccessController.class); |
| 74 | ||
| 75 | /** | |
| 76 | * If there is a user and the user is logged in, doPerform will | |
| 77 | * set the RunData ACL. The list is first sought from the current | |
| 78 | * session, otherwise it is loaded through | |
| 79 | * <code>TurbineSecurity.getACL()</code> and added to the current | |
| 80 | * session. | |
| 81 | * @deprecated Use PipelineData version instead. | |
| 82 | * @see org.apache.turbine.services.security.TurbineSecurity | |
| 83 | * @param data Turbine information. | |
| 84 | * @exception TurbineSecurityException problem with the security service. | |
| 85 | */ | |
| 86 | @Deprecated | |
| 87 | @Override | |
| 88 | public void doPerform(RunData data) | |
| 89 | throws TurbineSecurityException | |
| 90 | { | |
| 91 | 4 | User user = data.getUser(); |
| 92 | ||
| 93 | 4 | if (!TurbineSecurity.isAnonymousUser(user) |
| 94 | && user.hasLoggedIn()) | |
| 95 | { | |
| 96 | 2 | log.debug("Fetching ACL for " + user.getName()); |
| 97 | 2 | AccessControlList acl = (AccessControlList) |
| 98 | data.getSession().getAttribute( | |
| 99 | AccessControlList.SESSION_KEY); | |
| 100 | 2 | if (acl == null) |
| 101 | { | |
| 102 | 2 | log.debug("No ACL found in Session, building fresh ACL"); |
| 103 | 2 | acl = TurbineSecurity.getACL(user); |
| 104 | 2 | data.getSession().setAttribute( |
| 105 | AccessControlList.SESSION_KEY, acl); | |
| 106 | ||
| 107 | 2 | log.debug("ACL is " + acl); |
| 108 | } | |
| 109 | 2 | data.setACL(acl); |
| 110 | } | |
| 111 | 4 | } |
| 112 | ||
| 113 | /** | |
| 114 | * If there is a user and the user is logged in, doPerform will | |
| 115 | * set the RunData ACL. The list is first sought from the current | |
| 116 | * session, otherwise it is loaded through | |
| 117 | * <code>TurbineSecurity.getACL()</code> and added to the current | |
| 118 | * session. | |
| 119 | * | |
| 120 | * @see org.apache.turbine.services.security.TurbineSecurity | |
| 121 | * @param data Turbine information. | |
| 122 | * @exception TurbineSecurityException problem with the security service. | |
| 123 | */ | |
| 124 | @Override | |
| 125 | public void doPerform(PipelineData pipelineData) | |
| 126 | throws TurbineSecurityException | |
| 127 | { | |
| 128 | 4 | RunData data = getRunData(pipelineData); |
| 129 | 4 | doPerform(data); |
| 130 | 4 | } |
| 131 | } |