Coverage report

  %line %branch
org.apache.turbine.modules.actions.AccessController
0% 
0% 

 1  
 package org.apache.turbine.modules.actions;
 2  
 
 3  
 /*
 4  
  * Copyright 2001-2005 The Apache Software Foundation.
 5  
  *
 6  
  * Licensed under the Apache License, Version 2.0 (the "License")
 7  
  * you may not use this file except in compliance with the License.
 8  
  * You may obtain a copy of the License at
 9  
  *
 10  
  *     http://www.apache.org/licenses/LICENSE-2.0
 11  
  *
 12  
  * Unless required by applicable law or agreed to in writing, software
 13  
  * distributed under the License is distributed on an "AS IS" BASIS,
 14  
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15  
  * See the License for the specific language governing permissions and
 16  
  * limitations under the License.
 17  
  */
 18  
 
 19  
 import org.apache.commons.logging.Log;
 20  
 import org.apache.commons.logging.LogFactory;
 21  
 
 22  
 import org.apache.turbine.modules.Action;
 23  
 import org.apache.turbine.services.security.TurbineSecurity;
 24  
 import org.apache.turbine.util.RunData;
 25  
 import org.apache.turbine.util.security.AccessControlList;
 26  
 import org.apache.turbine.util.security.TurbineSecurityException;
 27  
 
 28  
 import org.apache.turbine.om.security.User;
 29  
 
 30  
 /**
 31  
  * This action doPerforms an Access Control List and places it into
 32  
  * the RunData object, so it is easily available to modules.  The ACL
 33  
  * is also placed into the session.  Modules can null out the ACL to
 34  
  * force it to be rebuilt based on more information.
 35  
  *
 36  
  * <p>
 37  
  *
 38  
  * Turbine uses a User-Role-Permission arrangement for access control.
 39  
  * Users are assigned Roles.  Roles are assigned Permissions.  Turbine
 40  
  * modules then check the Permission required for an action or
 41  
  * information with the set of Permissions currently associated with
 42  
  * the session (which are dependent on the user associated with the
 43  
  * session.)
 44  
  *
 45  
  * <p>
 46  
  *
 47  
  * The criteria for assigning Roles/Permissions is application
 48  
  * dependent, in some cases an application may change a User's Roles
 49  
  * during the session.  To achieve flexibility, the ACL takes an
 50  
  * Object parameter, which the application can use to doPerform the
 51  
  * ACL.
 52  
  *
 53  
  * <p>
 54  
  *
 55  
  * This action is special in that it should only be executed by the
 56  
  * Turbine servlet.
 57  
  *
 58  
  * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
 59  
  * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
 60  
  * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a>
 61  
  * @version $Id: AccessController.java 264148 2005-08-29 14:21:04Z henning $
 62  
  */
 63  0
 public class AccessController
 64  
         extends Action
 65  
 {
 66  
 
 67  
     /** Logging */
 68  0
     private static Log log = LogFactory.getLog(AccessController.class);
 69  
 
 70  
     /**
 71  
      * If there is a user and the user is logged in, doPerform will
 72  
      * set the RunData ACL.  The list is first sought from the current
 73  
      * session, otherwise it is loaded through
 74  
      * <code>TurbineSecurity.getACL()</code> and added to the current
 75  
      * session.
 76  
      *
 77  
      * @see org.apache.turbine.services.security.TurbineSecurity
 78  
      * @param data Turbine information.
 79  
      * @exception TurbineSecurityException problem with the security service.
 80  
      */
 81  
     public void doPerform(RunData data)
 82  
             throws TurbineSecurityException
 83  
     {
 84  0
         User user = data.getUser();
 85  
 
 86  0
         if (!TurbineSecurity.isAnonymousUser(user)
 87  
             && user.hasLoggedIn())
 88  
         {
 89  0
             log.debug("Fetching ACL for " + user.getName());
 90  0
             AccessControlList acl = (AccessControlList)
 91  
                     data.getSession().getAttribute(
 92  
                             AccessControlList.SESSION_KEY);
 93  0
             if (acl == null)
 94  
             {
 95  0
                 log.debug("No ACL found in Session, building fresh ACL");
 96  0
                 acl = TurbineSecurity.getACL(user);
 97  0
                 data.getSession().setAttribute(
 98  
                         AccessControlList.SESSION_KEY, acl);
 99  
 
 100  0
                 log.debug("ACL is " + acl);
 101  
             }
 102  0
             data.setACL(acl);
 103  
         }
 104  0
     }
 105  
 }

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.