1 package org.apache.turbine.modules.actions;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24
25 import org.apache.turbine.modules.Action;
26 import org.apache.turbine.services.security.TurbineSecurity;
27 import org.apache.turbine.util.RunData;
28 import org.apache.turbine.util.security.AccessControlList;
29 import org.apache.turbine.util.security.TurbineSecurityException;
30
31 import org.apache.turbine.om.security.User;
32
33 /***
34 * This action doPerforms an Access Control List and places it into
35 * the RunData object, so it is easily available to modules. The ACL
36 * is also placed into the session. Modules can null out the ACL to
37 * force it to be rebuilt based on more information.
38 *
39 * <p>
40 *
41 * Turbine uses a User-Role-Permission arrangement for access control.
42 * Users are assigned Roles. Roles are assigned Permissions. Turbine
43 * modules then check the Permission required for an action or
44 * information with the set of Permissions currently associated with
45 * the session (which are dependent on the user associated with the
46 * session.)
47 *
48 * <p>
49 *
50 * The criteria for assigning Roles/Permissions is application
51 * dependent, in some cases an application may change a User's Roles
52 * during the session. To achieve flexibility, the ACL takes an
53 * Object parameter, which the application can use to doPerform the
54 * ACL.
55 *
56 * <p>
57 *
58 * This action is special in that it should only be executed by the
59 * Turbine servlet.
60 *
61 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
62 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
63 * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a>
64 * @version $Id: AccessController.java 534527 2007-05-02 16:10:59Z tv $
65 */
66 public class AccessController
67 extends Action
68 {
69
70 /*** Logging */
71 private static Log log = LogFactory.getLog(AccessController.class);
72
73 /***
74 * If there is a user and the user is logged in, doPerform will
75 * set the RunData ACL. The list is first sought from the current
76 * session, otherwise it is loaded through
77 * <code>TurbineSecurity.getACL()</code> and added to the current
78 * session.
79 *
80 * @see org.apache.turbine.services.security.TurbineSecurity
81 * @param data Turbine information.
82 * @exception TurbineSecurityException problem with the security service.
83 */
84 public void doPerform(RunData data)
85 throws TurbineSecurityException
86 {
87 User user = data.getUser();
88
89 if (!TurbineSecurity.isAnonymousUser(user)
90 && user.hasLoggedIn())
91 {
92 log.debug("Fetching ACL for " + user.getName());
93 AccessControlList acl = (AccessControlList)
94 data.getSession().getAttribute(
95 AccessControlList.SESSION_KEY);
96 if (acl == null)
97 {
98 log.debug("No ACL found in Session, building fresh ACL");
99 acl = TurbineSecurity.getACL(user);
100 data.getSession().setAttribute(
101 AccessControlList.SESSION_KEY, acl);
102
103 log.debug("ACL is " + acl);
104 }
105 data.setACL(acl);
106 }
107 }
108 }