Built by Maven

Security Service

The Security Service is for authenticating users and assigning them roles and permissions in groups.

Turbine uses the Fulcrum Security API to provide security features to applications. In the Fulcrum repository, implementations exist for Hibernate, Torque and NTLM.

Configuration

# -------------------------------------------------------------------
#
#  S E R V I C E S
#
# -------------------------------------------------------------------
# Classes for Turbine Services should be defined here.
# Format: services.[name].classname=[implementing class]
#
# To specify properties of a service use the following syntax:
# service.[name].[property]=[value]

#
# Here you specify, which Security Service is used. This example
# uses the Fulcrum Security Service. There is no default.

services.SecurityService.classname=org.apache.turbine.services.security.DefaultSecurityService
.
.
.

# -------------------------------------------------------------------
#
#  S E C U R I T Y  S E R V I C E
#
# -------------------------------------------------------------------

#
# This is the class that implements the UserManager interface to
# manage User objects. Default is the PassiveUserManager.
#
# Override this setting if you want your User information stored
# on a different medium (LDAP directory is a good example).
#
# Adjust this setting if you change the Setting of the SecurityService class (see above).

# Default: org.apache.turbine.services.security.passive.PassiveUserManager
services.SecurityService.user.manager = org.apache.turbine.services.security.DefaultUserManager

# Default: org.apache.turbine.om.security.DefaultUserImpl
#services.SecurityService.wrapper.class =

User Manager

To access user specific data and information, each Security Service must provide an UserManager class. It is service specific and must be configured in TurbineResource.properties with the service.SecurityService.user.manager property. The UserManager allows access to various properties of an Turbine User object, can change password, authenticate users to the Security service and manages the Turbine user objects. If you have have additional columns in the User (e.g. TurbineUser) table, you get them handled properly (persisting and reading) this way: - create a non default wrapper.class. This class should extend DefaultUserImpl and override or add the required properties. - best practice would be to provide an interface to communicate on same standards between this wrapper.class and the backend ORM-class (e.g generated TurbineTorqueUser class). Otherwise you could use your ORM class. The ORM class is e.g. fetched from the default implementation of the Fulcrum User Manager (org.apache.fulcrum.security.UserManager) (as configured in componentConfiguration.xml userManager->className) and the Turbine User Manager gets it by fetching it first from the Fulcrum User Manager (= umDelegate) and then setting this class as userDelegate in the wrapper class.

Using Fulcrum Security

The actual implementations for the different Fulcrum services that define the behavior of the security service are configured in the files roleConfiguration.xml and componentConfiguration.xml. All of them can be extended and/or modified to meet your requirements. The following example shows the sections for the Torque implementation, using the Turbine security model.

Dependencies

Turbine 4.0 does not depend on a particular Fulcrum Security implementation. To use the Torque-flavor, you need to specify the dependency explicitly in your POM: 

<dependency>
  <groupId>org.apache.fulcrum</groupId>
  <artifactId>fulcrum-security-torque</artifactId>
  <version>1.1.0</version>
</dependency>

roleConfiguration.xml

<role
    name="org.apache.torque.avalon.Torque"
    shorthand="torqueService"
    default-class="org.apache.torque.avalon.TorqueComponent"
    early-init="true" />
<role
    name="org.apache.fulcrum.security.SecurityService"
    shorthand="securityService"
    default-class="org.apache.fulcrum.security.BaseSecurityService"/>
<role
    name="org.apache.fulcrum.security.UserManager"
    shorthand="userManager"
    early-init="true"
    default-class="org.apache.fulcrum.security.torque.turbine.TorqueTurbineUserManagerImpl"/>
<role
    name="org.apache.fulcrum.security.GroupManager"
    shorthand="groupManager"
    default-class="org.apache.fulcrum.security.torque.turbine.TorqueTurbineGroupManagerImpl"/>
<role
    name="org.apache.fulcrum.security.RoleManager"
    shorthand="roleManager"
    default-class="org.apache.fulcrum.security.torque.turbine.TorqueTurbineRoleManagerImpl"/>
<role
    name="org.apache.fulcrum.security.PermissionManager"
    shorthand="permissionManager"
    default-class="org.apache.fulcrum.security.torque.turbine.TorqueTurbinePermissionManagerImpl"/>
<role
    name="org.apache.fulcrum.security.ModelManager"
    shorthand="modelManager"
    default-class="org.apache.fulcrum.security.torque.turbine.TorqueTurbineModelManagerImpl"/>
<role
    name="org.apache.fulcrum.security.authenticator.Authenticator"
    shorthand="authenticator"
    default-class="org.apache.fulcrum.security.authenticator.TextMatchAuthenticator"/>
<role
    name="org.apache.fulcrum.security.model.ACLFactory"
    shorthand="aclFactory"
    default-class="org.apache.fulcrum.security.model.turbine.TurbineACLFactory"/>

componentConfiguration.xml

<securityService/>
<authenticator/>
<modelManager/>
<aclFactory/>

<userManager>
    <className>org.apache.fulcrum.security.torque.om.TorqueTurbineUser</className>
</userManager>
<groupManager>
    <className>org.apache.fulcrum.security.torque.om.TorqueTurbineGroup</className>
</groupManager>
<roleManager>
    <className>org.apache.fulcrum.security.torque.om.TorqueTurbineRole</className>
</roleManager>
<permissionManager>
    <className>org.apache.fulcrum.security.torque.om.TorqueTurbinePermission</className>
</permissionManager>

<torqueService>
    <configfile>WEB-INF/conf/Torque.properties</configfile>
</torqueService>