1 package org.apache.turbine.modules.actions;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24 import org.apache.fulcrum.security.acl.AccessControlList;
25 import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
26 import org.apache.fulcrum.security.util.FulcrumSecurityException;
27 import org.apache.turbine.Turbine;
28 import org.apache.turbine.TurbineConstants;
29 import org.apache.turbine.annotation.TurbineService;
30 import org.apache.turbine.modules.Action;
31 import org.apache.turbine.om.security.User;
32 import org.apache.turbine.pipeline.PipelineData;
33 import org.apache.turbine.services.security.SecurityService;
34 import org.apache.turbine.util.RunData;
35
36 /**
37 * This action doPerforms an Access Control List and places it into
38 * the RunData object, so it is easily available to modules. The ACL
39 * is also placed into the session. Modules can null out the ACL to
40 * force it to be rebuilt based on more information.
41 *
42 * <p>
43 *
44 * Turbine uses a User-Role-Permission arrangement for access control.
45 * Users are assigned Roles. Roles are assigned Permissions. Turbine
46 * modules then check the Permission required for an action or
47 * information with the set of Permissions currently associated with
48 * the session (which are dependent on the user associated with the
49 * session.)
50 *
51 * <p>
52 *
53 * The criteria for assigning Roles/Permissions is application
54 * dependent, in some cases an application may change a User's Roles
55 * during the session. To achieve flexibility, the ACL takes an
56 * Object parameter, which the application can use to doPerform the
57 * ACL.
58 *
59 * <p>
60 *
61 * This action is special in that it should only be executed by the
62 * Turbine servlet.
63 *
64 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
65 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
66 * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a>
67 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
68 * @version $Id: AccessController.java 1819127 2017-12-23 09:32:08Z gk $
69 */
70 public class AccessController
71 extends Action
72 {
73
74 /** Logging */
75 private static Log log = LogFactory.getLog(AccessController.class);
76
77 /** Injected service instance */
78 @TurbineService
79 private SecurityService security;
80
81 /**
82 * If there is a user and the user is logged in, doPerform will
83 * set the RunData ACL. The list is first sought from the current
84 * session, otherwise it is loaded through
85 * <code>link {@link SecurityService#getACL(User)}</code> and added to the current
86 * session.
87 *
88 * @param pipelineData Turbine information.
89 * @throws FulcrumSecurityException problem with the security service.
90 */
91 @Override
92 public void doPerform(PipelineData pipelineData)
93 throws FulcrumSecurityException
94 {
95 RunData data = getRunData(pipelineData);
96 User user = data.getUser();
97
98 if (!security.isAnonymousUser(user)
99 && user.hasLoggedIn())
100 {
101 log.debug("Fetching ACL for " + user.getName());
102 AccessControlList acl = (AccessControlList)
103 data.getSession().getAttribute(
104 TurbineConstants.ACL_SESSION_KEY);
105 if (acl == null)
106 {
107 log.debug("No ACL found in Session, building fresh ACL");
108 acl = security.getACL(user);
109 data.getSession().setAttribute(
110 TurbineConstants.ACL_SESSION_KEY, acl);
111
112 log.debug("ACL is " + acl);
113 }
114 data.setACL(acl);
115 }
116
117 // Comply with Turbine 4.0 standards
118 pipelineData.get(Turbine.class).put(TurbineAccessControlList.class, data.getACL());
119 }
120 }