AccessController


1   package org.apache.turbine.modules.actions;
2   
3   /* ====================================================================
4    * The Apache Software License, Version 1.1
5    *
6    * Copyright (c) 2001 The Apache Software Foundation.  All rights
7    * reserved.
8    *
9    * Redistribution and use in source and binary forms, with or without
10   * modification, are permitted provided that the following conditions
11   * are met:
12   *
13   * 1. Redistributions of source code must retain the above copyright
14   *    notice, this list of conditions and the following disclaimer.
15   *
16   * 2. Redistributions in binary form must reproduce the above copyright
17   *    notice, this list of conditions and the following disclaimer in
18   *    the documentation and/or other materials provided with the
19   *    distribution.
20   *
21   * 3. The end-user documentation included with the redistribution,
22   *    if any, must include the following acknowledgment:
23   *       "This product includes software developed by the
24   *        Apache Software Foundation (http://www.apache.org/)."
25   *    Alternately, this acknowledgment may appear in the software itself,
26   *    if and wherever such third-party acknowledgments normally appear.
27   *
28   * 4. The names "Apache" and "Apache Software Foundation" and
29   *    "Apache Turbine" must not be used to endorse or promote products
30   *    derived from this software without prior written permission. For
31   *    written permission, please contact apache@apache.org.
32   *
33   * 5. Products derived from this software may not be called "Apache",
34   *    "Apache Turbine", nor may "Apache" appear in their name, without
35   *    prior written permission of the Apache Software Foundation.
36   *
37   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48   * SUCH DAMAGE.
49   * ====================================================================
50   *
51   * This software consists of voluntary contributions made by many
52   * individuals on behalf of the Apache Software Foundation.  For more
53   * information on the Apache Software Foundation, please see
54   * <http://www.apache.org/>.
55   */
56  
57  import org.apache.turbine.RunData;
58  import org.apache.turbine.modules.Action;
59  import org.apache.fulcrum.security.TurbineSecurity;
60  import org.apache.fulcrum.security.util.AccessControlList;
61  
62  /**
63   * This action doPerforms an Access Control List and places it into
64   * the RunData object, so it is easily available to modules.  The ACL
65   * is also placed into the session.  Modules can null out the ACL to
66   * force it to be rebuilt based on more information.
67   *
68   * <p>
69   *
70   * Turbine uses a User-Role-Permission arrangement for access control.
71   * Users are assigned Roles.  Roles are assigned Permissions.  Turbine
72   * modules then check the Permission required for an action or
73   * information with the set of Permissions currently associated with
74   * the session (which are dependent on the user associated with the
75   * session.)
76   *
77   * <p>
78   *
79   * The criteria for assigning Roles/Permissions is application
80   * dependent, in some cases an application may change a User's Roles
81   * during the session.  To achieve flexibility, the ACL takes an
82   * Object parameter, which the application can use to doPerform the
83   * ACL.
84   *
85   * <p>
86   *
87   * This action is special in that it should only be executed by the
88   * Turbine servlet.
89   *
90   * @author <a HREF="mailto:jmcnally@collab.net">John D. McNally</a>
91   * @author <a HREF="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
92   * @version $Id: AccessController.java,v 1.5 2002/04/09 17:29:34 jtaylor Exp $
93   */
94  public class AccessController
95      extends Action
96  {
97      /**
98       * If there is a user and the user is logged in, doPerform will
99       * set the RunData ACL.  The list is first sought from the current
100      * session, otherwise it is loaded through
101      * <code>TurbineSecurity.getACL()</code> and added to the current
102      * session.
103      *
104      * @param data Run-time information.
105      * @exception Exception Not expected -- something went very wrong.
106      * @see org.apache.fulcrum.security.TurbineSecurity
107      */
108     public void doPerform( RunData data )
109         throws Exception  
110     {
111         if (data.getUser() != null && data.getUser().hasLoggedIn())
112         {
113             AccessControlList acl = data.getACLFromSession();
114             if (acl == null)
115             {
116                 acl = TurbineSecurity.getACL(data.getUser());
117             }
118             data.setACL(acl);
119         }
120     }
121 }
122
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags