001 package org.apache.turbine.modules.actions;
002
003 /*
004 * Licensed to the Apache Software Foundation (ASF) under one
005 * or more contributor license agreements. See the NOTICE file
006 * distributed with this work for additional information
007 * regarding copyright ownership. The ASF licenses this file
008 * to you under the Apache License, Version 2.0 (the
009 * "License"); you may not use this file except in compliance
010 * with the License. You may obtain a copy of the License at
011 *
012 * http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing,
015 * software distributed under the License is distributed on an
016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017 * KIND, either express or implied. See the License for the
018 * specific language governing permissions and limitations
019 * under the License.
020 */
021
022 import org.apache.commons.logging.Log;
023 import org.apache.commons.logging.LogFactory;
024
025 import org.apache.turbine.modules.Action;
026 import org.apache.turbine.services.security.TurbineSecurity;
027 import org.apache.turbine.util.RunData;
028 import org.apache.turbine.util.security.AccessControlList;
029 import org.apache.turbine.util.security.TurbineSecurityException;
030
031 import org.apache.turbine.om.security.User;
032 import org.apache.turbine.pipeline.PipelineData;
033
034 /**
035 * This action doPerforms an Access Control List and places it into
036 * the RunData object, so it is easily available to modules. The ACL
037 * is also placed into the session. Modules can null out the ACL to
038 * force it to be rebuilt based on more information.
039 *
040 * <p>
041 *
042 * Turbine uses a User-Role-Permission arrangement for access control.
043 * Users are assigned Roles. Roles are assigned Permissions. Turbine
044 * modules then check the Permission required for an action or
045 * information with the set of Permissions currently associated with
046 * the session (which are dependent on the user associated with the
047 * session.)
048 *
049 * <p>
050 *
051 * The criteria for assigning Roles/Permissions is application
052 * dependent, in some cases an application may change a User's Roles
053 * during the session. To achieve flexibility, the ACL takes an
054 * Object parameter, which the application can use to doPerform the
055 * ACL.
056 *
057 * <p>
058 *
059 * This action is special in that it should only be executed by the
060 * Turbine servlet.
061 *
062 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
063 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
064 * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a>
065 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
066 * @version $Id: AccessController.java 1066529 2011-02-02 17:01:46Z ludwig $
067 */
068 public class AccessController
069 extends Action
070 {
071
072 /** Logging */
073 private static Log log = LogFactory.getLog(AccessController.class);
074
075 /**
076 * If there is a user and the user is logged in, doPerform will
077 * set the RunData ACL. The list is first sought from the current
078 * session, otherwise it is loaded through
079 * <code>TurbineSecurity.getACL()</code> and added to the current
080 * session.
081 * @deprecated Use PipelineData version instead.
082 * @see org.apache.turbine.services.security.TurbineSecurity
083 * @param data Turbine information.
084 * @exception TurbineSecurityException problem with the security service.
085 */
086 @Deprecated
087 @Override
088 public void doPerform(RunData data)
089 throws TurbineSecurityException
090 {
091 User user = data.getUser();
092
093 if (!TurbineSecurity.isAnonymousUser(user)
094 && user.hasLoggedIn())
095 {
096 log.debug("Fetching ACL for " + user.getName());
097 AccessControlList acl = (AccessControlList)
098 data.getSession().getAttribute(
099 AccessControlList.SESSION_KEY);
100 if (acl == null)
101 {
102 log.debug("No ACL found in Session, building fresh ACL");
103 acl = TurbineSecurity.getACL(user);
104 data.getSession().setAttribute(
105 AccessControlList.SESSION_KEY, acl);
106
107 log.debug("ACL is " + acl);
108 }
109 data.setACL(acl);
110 }
111 }
112
113 /**
114 * If there is a user and the user is logged in, doPerform will
115 * set the RunData ACL. The list is first sought from the current
116 * session, otherwise it is loaded through
117 * <code>TurbineSecurity.getACL()</code> and added to the current
118 * session.
119 *
120 * @see org.apache.turbine.services.security.TurbineSecurity
121 * @param data Turbine information.
122 * @exception TurbineSecurityException problem with the security service.
123 */
124 @Override
125 public void doPerform(PipelineData pipelineData)
126 throws TurbineSecurityException
127 {
128 RunData data = getRunData(pipelineData);
129 doPerform(data);
130 }
131 }