%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.turbine.modules.actions.AccessController |
|
|
1 | package org.apache.turbine.modules.actions; |
|
2 | ||
3 | /* |
|
4 | * Copyright 2001-2005 The Apache Software Foundation. |
|
5 | * |
|
6 | * Licensed under the Apache License, Version 2.0 (the "License") |
|
7 | * you may not use this file except in compliance with the License. |
|
8 | * You may obtain a copy of the License at |
|
9 | * |
|
10 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
11 | * |
|
12 | * Unless required by applicable law or agreed to in writing, software |
|
13 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15 | * See the License for the specific language governing permissions and |
|
16 | * limitations under the License. |
|
17 | */ |
|
18 | ||
19 | import org.apache.commons.logging.Log; |
|
20 | import org.apache.commons.logging.LogFactory; |
|
21 | ||
22 | import org.apache.turbine.modules.Action; |
|
23 | import org.apache.turbine.services.security.TurbineSecurity; |
|
24 | import org.apache.turbine.util.RunData; |
|
25 | import org.apache.turbine.util.security.AccessControlList; |
|
26 | import org.apache.turbine.util.security.TurbineSecurityException; |
|
27 | ||
28 | import org.apache.turbine.om.security.User; |
|
29 | ||
30 | /** |
|
31 | * This action doPerforms an Access Control List and places it into |
|
32 | * the RunData object, so it is easily available to modules. The ACL |
|
33 | * is also placed into the session. Modules can null out the ACL to |
|
34 | * force it to be rebuilt based on more information. |
|
35 | * |
|
36 | * <p> |
|
37 | * |
|
38 | * Turbine uses a User-Role-Permission arrangement for access control. |
|
39 | * Users are assigned Roles. Roles are assigned Permissions. Turbine |
|
40 | * modules then check the Permission required for an action or |
|
41 | * information with the set of Permissions currently associated with |
|
42 | * the session (which are dependent on the user associated with the |
|
43 | * session.) |
|
44 | * |
|
45 | * <p> |
|
46 | * |
|
47 | * The criteria for assigning Roles/Permissions is application |
|
48 | * dependent, in some cases an application may change a User's Roles |
|
49 | * during the session. To achieve flexibility, the ACL takes an |
|
50 | * Object parameter, which the application can use to doPerform the |
|
51 | * ACL. |
|
52 | * |
|
53 | * <p> |
|
54 | * |
|
55 | * This action is special in that it should only be executed by the |
|
56 | * Turbine servlet. |
|
57 | * |
|
58 | * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a> |
|
59 | * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> |
|
60 | * @author <a href="quintonm@bellsouth.net">Quinton McCombs</a> |
|
61 | * @version $Id: AccessController.java 264148 2005-08-29 14:21:04Z henning $ |
|
62 | */ |
|
63 | 0 | public class AccessController |
64 | extends Action |
|
65 | { |
|
66 | ||
67 | /** Logging */ |
|
68 | 0 | private static Log log = LogFactory.getLog(AccessController.class); |
69 | ||
70 | /** |
|
71 | * If there is a user and the user is logged in, doPerform will |
|
72 | * set the RunData ACL. The list is first sought from the current |
|
73 | * session, otherwise it is loaded through |
|
74 | * <code>TurbineSecurity.getACL()</code> and added to the current |
|
75 | * session. |
|
76 | * |
|
77 | * @see org.apache.turbine.services.security.TurbineSecurity |
|
78 | * @param data Turbine information. |
|
79 | * @exception TurbineSecurityException problem with the security service. |
|
80 | */ |
|
81 | public void doPerform(RunData data) |
|
82 | throws TurbineSecurityException |
|
83 | { |
|
84 | 0 | User user = data.getUser(); |
85 | ||
86 | 0 | if (!TurbineSecurity.isAnonymousUser(user) |
87 | && user.hasLoggedIn()) |
|
88 | { |
|
89 | 0 | log.debug("Fetching ACL for " + user.getName()); |
90 | 0 | AccessControlList acl = (AccessControlList) |
91 | data.getSession().getAttribute( |
|
92 | AccessControlList.SESSION_KEY); |
|
93 | 0 | if (acl == null) |
94 | { |
|
95 | 0 | log.debug("No ACL found in Session, building fresh ACL"); |
96 | 0 | acl = TurbineSecurity.getACL(user); |
97 | 0 | data.getSession().setAttribute( |
98 | AccessControlList.SESSION_KEY, acl); |
|
99 | ||
100 | 0 | log.debug("ACL is " + acl); |
101 | } |
|
102 | 0 | data.setACL(acl); |
103 | } |
|
104 | 0 | } |
105 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |