1 package org.apache.turbine.modules.actions;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import org.apache.commons.logging.Log;
20 import org.apache.commons.logging.LogFactory;
21
22 import org.apache.turbine.modules.Action;
23 import org.apache.turbine.services.security.TurbineSecurity;
24 import org.apache.turbine.util.RunData;
25 import org.apache.turbine.util.security.AccessControlList;
26 import org.apache.turbine.util.security.TurbineSecurityException;
27
28 import org.apache.turbine.om.security.User;
29
30 /***
31 * This action doPerforms an Access Control List and places it into
32 * the RunData object, so it is easily available to modules. The ACL
33 * is also placed into the session. Modules can null out the ACL to
34 * force it to be rebuilt based on more information.
35 *
36 * <p>
37 *
38 * Turbine uses a User-Role-Permission arrangement for access control.
39 * Users are assigned Roles. Roles are assigned Permissions. Turbine
40 * modules then check the Permission required for an action or
41 * information with the set of Permissions currently associated with
42 * the session (which are dependent on the user associated with the
43 * session.)
44 *
45 * <p>
46 *
47 * The criteria for assigning Roles/Permissions is application
48 * dependent, in some cases an application may change a User's Roles
49 * during the session. To achieve flexibility, the ACL takes an
50 * Object parameter, which the application can use to doPerform the
51 * ACL.
52 *
53 * <p>
54 *
55 * This action is special in that it should only be executed by the
56 * Turbine servlet.
57 *
58 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
59 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
60 * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a>
61 * @version $Id: AccessController.java 264148 2005-08-29 14:21:04Z henning $
62 */
63 public class AccessController
64 extends Action
65 {
66
67 /*** Logging */
68 private static Log log = LogFactory.getLog(AccessController.class);
69
70 /***
71 * If there is a user and the user is logged in, doPerform will
72 * set the RunData ACL. The list is first sought from the current
73 * session, otherwise it is loaded through
74 * <code>TurbineSecurity.getACL()</code> and added to the current
75 * session.
76 *
77 * @see org.apache.turbine.services.security.TurbineSecurity
78 * @param data Turbine information.
79 * @exception TurbineSecurityException problem with the security service.
80 */
81 public void doPerform(RunData data)
82 throws TurbineSecurityException
83 {
84 User user = data.getUser();
85
86 if (!TurbineSecurity.isAnonymousUser(user)
87 && user.hasLoggedIn())
88 {
89 log.debug("Fetching ACL for " + user.getName());
90 AccessControlList acl = (AccessControlList)
91 data.getSession().getAttribute(
92 AccessControlList.SESSION_KEY);
93 if (acl == null)
94 {
95 log.debug("No ACL found in Session, building fresh ACL");
96 acl = TurbineSecurity.getACL(user);
97 data.getSession().setAttribute(
98 AccessControlList.SESSION_KEY, acl);
99
100 log.debug("ACL is " + acl);
101 }
102 data.setACL(acl);
103 }
104 }
105 }