View Javadoc
1   package org.apache.turbine.modules.actions;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.commons.logging.Log;
23  import org.apache.commons.logging.LogFactory;
24  import org.apache.fulcrum.security.acl.AccessControlList;
25  import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
26  import org.apache.fulcrum.security.util.FulcrumSecurityException;
27  import org.apache.turbine.Turbine;
28  import org.apache.turbine.TurbineConstants;
29  import org.apache.turbine.annotation.TurbineService;
30  import org.apache.turbine.modules.Action;
31  import org.apache.turbine.om.security.User;
32  import org.apache.turbine.pipeline.PipelineData;
33  import org.apache.turbine.services.security.SecurityService;
34  import org.apache.turbine.util.RunData;
35  
36  /**
37   * This action doPerforms an Access Control List and places it into
38   * the RunData object, so it is easily available to modules.  The ACL
39   * is also placed into the session.  Modules can null out the ACL to
40   * force it to be rebuilt based on more information.
41   *
42   * <p>
43   *
44   * Turbine uses a User-Role-Permission arrangement for access control.
45   * Users are assigned Roles.  Roles are assigned Permissions.  Turbine
46   * modules then check the Permission required for an action or
47   * information with the set of Permissions currently associated with
48   * the session (which are dependent on the user associated with the
49   * session.)
50   *
51   * <p>
52   *
53   * The criteria for assigning Roles/Permissions is application
54   * dependent, in some cases an application may change a User's Roles
55   * during the session.  To achieve flexibility, the ACL takes an
56   * Object parameter, which the application can use to doPerform the
57   * ACL.
58   *
59   * <p>
60   *
61   * This action is special in that it should only be executed by the
62   * Turbine servlet.
63   *
64   * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
65   * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
66   * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a>
67   * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
68   * @version $Id: AccessController.java 1819127 2017-12-23 09:32:08Z gk $
69   */
70  public class AccessController
71          extends Action
72  {
73  
74      /** Logging */
75      private static Log log = LogFactory.getLog(AccessController.class);
76  
77      /** Injected service instance */
78      @TurbineService
79      private SecurityService security;
80  
81      /**
82       * If there is a user and the user is logged in, doPerform will
83       * set the RunData ACL.  The list is first sought from the current
84       * session, otherwise it is loaded through
85       * <code>link {@link SecurityService#getACL(User)}</code> and added to the current
86       * session.
87       *
88       * @param pipelineData Turbine information.
89       * @throws FulcrumSecurityException problem with the security service.
90       */
91      @Override
92      public void doPerform(PipelineData pipelineData)
93      	throws FulcrumSecurityException
94      {
95          RunData data = getRunData(pipelineData);
96          User user = data.getUser();
97  
98          if (!security.isAnonymousUser(user)
99              && user.hasLoggedIn())
100         {
101             log.debug("Fetching ACL for " + user.getName());
102             AccessControlList acl = (AccessControlList)
103                     data.getSession().getAttribute(
104                             TurbineConstants.ACL_SESSION_KEY);
105             if (acl == null)
106             {
107                 log.debug("No ACL found in Session, building fresh ACL");
108                 acl = security.getACL(user);
109                 data.getSession().setAttribute(
110                         TurbineConstants.ACL_SESSION_KEY, acl);
111 
112                 log.debug("ACL is " + acl);
113             }
114             data.setACL(acl);
115         }
116 
117         // Comply with Turbine 4.0 standards
118         pipelineData.get(Turbine.class).put(TurbineAccessControlList.class, data.getACL());
119     }
120 }