1 package org.apache.turbine.modules.actions;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24
25 import org.apache.turbine.modules.Action;
26 import org.apache.turbine.services.security.TurbineSecurity;
27 import org.apache.turbine.util.RunData;
28 import org.apache.turbine.util.security.AccessControlList;
29 import org.apache.turbine.util.security.TurbineSecurityException;
30
31 import org.apache.turbine.om.security.User;
32 import org.apache.turbine.pipeline.PipelineData;
33
34 /**
35 * This action doPerforms an Access Control List and places it into
36 * the RunData object, so it is easily available to modules. The ACL
37 * is also placed into the session. Modules can null out the ACL to
38 * force it to be rebuilt based on more information.
39 *
40 * <p>
41 *
42 * Turbine uses a User-Role-Permission arrangement for access control.
43 * Users are assigned Roles. Roles are assigned Permissions. Turbine
44 * modules then check the Permission required for an action or
45 * information with the set of Permissions currently associated with
46 * the session (which are dependent on the user associated with the
47 * session.)
48 *
49 * <p>
50 *
51 * The criteria for assigning Roles/Permissions is application
52 * dependent, in some cases an application may change a User's Roles
53 * during the session. To achieve flexibility, the ACL takes an
54 * Object parameter, which the application can use to doPerform the
55 * ACL.
56 *
57 * <p>
58 *
59 * This action is special in that it should only be executed by the
60 * Turbine servlet.
61 *
62 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
63 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
64 * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a>
65 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
66 * @version $Id: AccessController.java 1066529 2011-02-02 17:01:46Z ludwig $
67 */
68 public class AccessController
69 extends Action
70 {
71
72 /** Logging */
73 private static Log log = LogFactory.getLog(AccessController.class);
74
75 /**
76 * If there is a user and the user is logged in, doPerform will
77 * set the RunData ACL. The list is first sought from the current
78 * session, otherwise it is loaded through
79 * <code>TurbineSecurity.getACL()</code> and added to the current
80 * session.
81 * @deprecated Use PipelineData version instead.
82 * @see org.apache.turbine.services.security.TurbineSecurity
83 * @param data Turbine information.
84 * @exception TurbineSecurityException problem with the security service.
85 */
86 @Deprecated
87 @Override
88 public void doPerform(RunData data)
89 throws TurbineSecurityException
90 {
91 User user = data.getUser();
92
93 if (!TurbineSecurity.isAnonymousUser(user)
94 && user.hasLoggedIn())
95 {
96 log.debug("Fetching ACL for " + user.getName());
97 AccessControlList acl = (AccessControlList)
98 data.getSession().getAttribute(
99 AccessControlList.SESSION_KEY);
100 if (acl == null)
101 {
102 log.debug("No ACL found in Session, building fresh ACL");
103 acl = TurbineSecurity.getACL(user);
104 data.getSession().setAttribute(
105 AccessControlList.SESSION_KEY, acl);
106
107 log.debug("ACL is " + acl);
108 }
109 data.setACL(acl);
110 }
111 }
112
113 /**
114 * If there is a user and the user is logged in, doPerform will
115 * set the RunData ACL. The list is first sought from the current
116 * session, otherwise it is loaded through
117 * <code>TurbineSecurity.getACL()</code> and added to the current
118 * session.
119 *
120 * @see org.apache.turbine.services.security.TurbineSecurity
121 * @param data Turbine information.
122 * @exception TurbineSecurityException problem with the security service.
123 */
124 @Override
125 public void doPerform(PipelineData pipelineData)
126 throws TurbineSecurityException
127 {
128 RunData data = getRunData(pipelineData);
129 doPerform(data);
130 }
131 }