View Javadoc
1   package org.apache.turbine.modules.actions;
2   
3   import org.apache.fulcrum.security.acl.AccessControlList;
4   import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
5   import org.apache.fulcrum.security.util.FulcrumSecurityException;
6   import org.apache.logging.log4j.LogManager;
7   
8   /*
9    * Licensed to the Apache Software Foundation (ASF) under one
10   * or more contributor license agreements.  See the NOTICE file
11   * distributed with this work for additional information
12   * regarding copyright ownership.  The ASF licenses this file
13   * to you under the Apache License, Version 2.0 (the
14   * "License"); you may not use this file except in compliance
15   * with the License.  You may obtain a copy of the License at
16   *
17   *   http://www.apache.org/licenses/LICENSE-2.0
18   *
19   * Unless required by applicable law or agreed to in writing,
20   * software distributed under the License is distributed on an
21   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
22   * KIND, either express or implied.  See the License for the
23   * specific language governing permissions and limitations
24   * under the License.
25   */
26  
27  import org.apache.logging.log4j.Logger;
28  import org.apache.turbine.Turbine;
29  import org.apache.turbine.TurbineConstants;
30  import org.apache.turbine.annotation.TurbineService;
31  import org.apache.turbine.modules.Action;
32  import org.apache.turbine.om.security.User;
33  import org.apache.turbine.pipeline.PipelineData;
34  import org.apache.turbine.services.security.SecurityService;
35  import org.apache.turbine.util.RunData;
36  
37  /**
38   * This action doPerforms an Access Control List and places it into
39   * the RunData object, so it is easily available to modules.  The ACL
40   * is also placed into the session.  Modules can null out the ACL to
41   * force it to be rebuilt based on more information.
42   *
43   * <p>
44   *
45   * Turbine uses a User-Role-Permission arrangement for access control.
46   * Users are assigned Roles.  Roles are assigned Permissions.  Turbine
47   * modules then check the Permission required for an action or
48   * information with the set of Permissions currently associated with
49   * the session (which are dependent on the user associated with the
50   * session.)
51   *
52   * <p>
53   *
54   * The criteria for assigning Roles/Permissions is application
55   * dependent, in some cases an application may change a User's Roles
56   * during the session.  To achieve flexibility, the ACL takes an
57   * Object parameter, which the application can use to doPerform the
58   * ACL.
59   *
60   * <p>
61   *
62   * This action is special in that it should only be executed by the
63   * Turbine servlet.
64   *
65   * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
66   * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
67   * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a>
68   * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
69   * @version $Id$
70   */
71  public class AccessController implements Action
72  {
73      /** Logging */
74      private static final Logger log = LogManager.getLogger(AccessController.class);
75  
76      /** Injected service instance */
77      @TurbineService
78      private SecurityService security;
79  
80      /**
81       * If there is a user and the user is logged in, doPerform will
82       * set the RunData ACL.  The list is first sought from the current
83       * session, otherwise it is loaded through
84       * <code>link {@link SecurityService#getACL(User)}</code> and added to the current
85       * session.
86       *
87       * @param pipelineData Turbine information.
88       * @throws FulcrumSecurityException problem with the security service.
89       */
90      @Override
91      public void doPerform(PipelineData pipelineData)
92      	throws FulcrumSecurityException
93      {
94          RunData data = pipelineData.getRunData();
95          User user = data.getUser();
96  
97          if (!security.isAnonymousUser(user)
98              && user.hasLoggedIn())
99          {
100             log.debug("Fetching ACL for {}", user::getName);
101             AccessControlList acl = (AccessControlList)
102                     data.getSession().getAttribute(
103                             TurbineConstants.ACL_SESSION_KEY);
104             if (acl == null)
105             {
106                 log.debug("No ACL found in Session, building fresh ACL");
107                 acl = security.getACL(user);
108                 data.getSession().setAttribute(
109                         TurbineConstants.ACL_SESSION_KEY, acl);
110 
111                 log.debug("ACL is {}", acl);
112             }
113             data.setACL(acl);
114         }
115 
116         // Comply with Turbine 4.0 standards
117         pipelineData.get(Turbine.class).put(TurbineAccessControlList.class, data.getACL());
118     }
119 }