Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
AccessController |
|
| 2.5;2,5 |
1 | package org.apache.turbine.modules.actions; | |
2 | ||
3 | /* | |
4 | * Licensed to the Apache Software Foundation (ASF) under one | |
5 | * or more contributor license agreements. See the NOTICE file | |
6 | * distributed with this work for additional information | |
7 | * regarding copyright ownership. The ASF licenses this file | |
8 | * to you under the Apache License, Version 2.0 (the | |
9 | * "License"); you may not use this file except in compliance | |
10 | * with the License. You may obtain a copy of the License at | |
11 | * | |
12 | * http://www.apache.org/licenses/LICENSE-2.0 | |
13 | * | |
14 | * Unless required by applicable law or agreed to in writing, | |
15 | * software distributed under the License is distributed on an | |
16 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
17 | * KIND, either express or implied. See the License for the | |
18 | * specific language governing permissions and limitations | |
19 | * under the License. | |
20 | */ | |
21 | ||
22 | import org.apache.commons.logging.Log; | |
23 | import org.apache.commons.logging.LogFactory; | |
24 | ||
25 | import org.apache.turbine.modules.Action; | |
26 | import org.apache.turbine.services.security.TurbineSecurity; | |
27 | import org.apache.turbine.util.RunData; | |
28 | import org.apache.turbine.util.security.AccessControlList; | |
29 | import org.apache.turbine.util.security.TurbineSecurityException; | |
30 | ||
31 | import org.apache.turbine.om.security.User; | |
32 | import org.apache.turbine.pipeline.PipelineData; | |
33 | ||
34 | /** | |
35 | * This action doPerforms an Access Control List and places it into | |
36 | * the RunData object, so it is easily available to modules. The ACL | |
37 | * is also placed into the session. Modules can null out the ACL to | |
38 | * force it to be rebuilt based on more information. | |
39 | * | |
40 | * <p> | |
41 | * | |
42 | * Turbine uses a User-Role-Permission arrangement for access control. | |
43 | * Users are assigned Roles. Roles are assigned Permissions. Turbine | |
44 | * modules then check the Permission required for an action or | |
45 | * information with the set of Permissions currently associated with | |
46 | * the session (which are dependent on the user associated with the | |
47 | * session.) | |
48 | * | |
49 | * <p> | |
50 | * | |
51 | * The criteria for assigning Roles/Permissions is application | |
52 | * dependent, in some cases an application may change a User's Roles | |
53 | * during the session. To achieve flexibility, the ACL takes an | |
54 | * Object parameter, which the application can use to doPerform the | |
55 | * ACL. | |
56 | * | |
57 | * <p> | |
58 | * | |
59 | * This action is special in that it should only be executed by the | |
60 | * Turbine servlet. | |
61 | * | |
62 | * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a> | |
63 | * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> | |
64 | * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a> | |
65 | * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> | |
66 | * @version $Id: AccessController.java 1066529 2011-02-02 17:01:46Z ludwig $ | |
67 | */ | |
68 | 4 | public class AccessController |
69 | extends Action | |
70 | { | |
71 | ||
72 | /** Logging */ | |
73 | 4 | private static Log log = LogFactory.getLog(AccessController.class); |
74 | ||
75 | /** | |
76 | * If there is a user and the user is logged in, doPerform will | |
77 | * set the RunData ACL. The list is first sought from the current | |
78 | * session, otherwise it is loaded through | |
79 | * <code>TurbineSecurity.getACL()</code> and added to the current | |
80 | * session. | |
81 | * @deprecated Use PipelineData version instead. | |
82 | * @see org.apache.turbine.services.security.TurbineSecurity | |
83 | * @param data Turbine information. | |
84 | * @exception TurbineSecurityException problem with the security service. | |
85 | */ | |
86 | @Deprecated | |
87 | @Override | |
88 | public void doPerform(RunData data) | |
89 | throws TurbineSecurityException | |
90 | { | |
91 | 4 | User user = data.getUser(); |
92 | ||
93 | 4 | if (!TurbineSecurity.isAnonymousUser(user) |
94 | && user.hasLoggedIn()) | |
95 | { | |
96 | 2 | log.debug("Fetching ACL for " + user.getName()); |
97 | 2 | AccessControlList acl = (AccessControlList) |
98 | data.getSession().getAttribute( | |
99 | AccessControlList.SESSION_KEY); | |
100 | 2 | if (acl == null) |
101 | { | |
102 | 2 | log.debug("No ACL found in Session, building fresh ACL"); |
103 | 2 | acl = TurbineSecurity.getACL(user); |
104 | 2 | data.getSession().setAttribute( |
105 | AccessControlList.SESSION_KEY, acl); | |
106 | ||
107 | 2 | log.debug("ACL is " + acl); |
108 | } | |
109 | 2 | data.setACL(acl); |
110 | } | |
111 | 4 | } |
112 | ||
113 | /** | |
114 | * If there is a user and the user is logged in, doPerform will | |
115 | * set the RunData ACL. The list is first sought from the current | |
116 | * session, otherwise it is loaded through | |
117 | * <code>TurbineSecurity.getACL()</code> and added to the current | |
118 | * session. | |
119 | * | |
120 | * @see org.apache.turbine.services.security.TurbineSecurity | |
121 | * @param data Turbine information. | |
122 | * @exception TurbineSecurityException problem with the security service. | |
123 | */ | |
124 | @Override | |
125 | public void doPerform(PipelineData pipelineData) | |
126 | throws TurbineSecurityException | |
127 | { | |
128 | 4 | RunData data = getRunData(pipelineData); |
129 | 4 | doPerform(data); |
130 | 4 | } |
131 | } |