Pow2ACL site - Pow2ACL features list

Java API

Pow2ACL package provides a simple API for Java developers.

ACL JSP tag library

Pow2ACL provides a JSP ACL tag library useful to test ACL assertions directly into JSP pages. Examples:

hasUserPermission

    <acl:hasUserPermission permission="DBAadmin" group="admin">
      <a href="deleteTable.jsp">delete table</a>
    </acl:hasUserPermission>

    <acl:hasUserPermission permission="DBAadmin" value="false">
      <a href="login.jsp">login</a>
    </acl:hasUserPermission>

    <acl:hasUserPermission permission="DBAadmin" group="admin" value="false">
      <a href="login.jsp">login</a>
    </acl:hasUserPermission>

isUserInRole

    <acl:isUserInRole role="admin" value="false">
      <a href="login.jsp">login as administrator</a>
    </acl:isUserInRole>

    <acl:isUserInRole role="admin">
      <a href="admin/index.jsp">admin store items</a>
    </acl:isUserInRole>

    <acl:isUserInRole role="admin" group="administrator">
      <a href="admin/index.jsp">admin store items</a>
    </acl:isUserInRole>

isUserInGroup

    <acl:isUserInGroup group="guest">
	  <b>restricted area!</b>.
      You must register to access this content.<br>
      <a href="register.jsp">go to registration form</a>
    </acl:isUserInGroup>

    <acl:isUserInGroup group="member" value="false">
      <b>restricted area!</b>.
      You must register to access this content.<br>
      <a href="register.jsp">go to registration form</a>
    </acl:isUserInGroup>

isUserAuthenticated

    <acl:isUserAuthenticated/>
      <a href="userAccount.jsp">user account</a>
    </acl:isUserAuthenticated>

    <acl:isUserAuthenticated value="false"/>
      <a href="register.jsp">register</a>
    </acl:isUserAuthenticated>

Integration with Apache's Struts framework

Pow2ACL can be integrated with Struts applications using the ACL action classes provided by the com.pow2.acl.struts.action package.

Action servlet class	`ACLActionServlet` is the action servlet class that must be specified into web.xml configuration file of the web application. It manages all the incoming instances of the application action classes. If the application action class is an `ACLDispatcherAction` subclass, `ACLActionServlet` executes its methods: `validateSession` `validatePermissions` If both methods return `true` , `ACLActionServlet` executes the business logic of the processed action class.
ACLDispatcherAction	`ACLDispatcherAction` is a dispatch abstract class; provides the `validatePermissions` abstract method. The `ACLDispatcherAction` subclasses should implement the method above writing the appropriate ACL business rule.
ACLRoleAction	`ACLRoleAction` is an `ACLDispatcherAction` subclass that implements the `validatePermissions` method and provides the user roles check.
ACLActionMapping	`ACLActionMapping` is a Struts' `ActionMapping` subclass; it's used to declare the group and role attributes of the `ACLRoleAction` action elements defined into the `struts-config.xml` file.

Here's how to define of the Struts' Action servlet into the the web.xml configuration file; see the servlet-class and mapping attributes and their values:

  <!-- ===================================================================== -->
  <!-- Struts toolkit configuration                                          -->
  <!-- ===================================================================== -->

  <!--  Action Servlet Configuration -->
  <!--  Notes:
     -
     -  1)
     -  the servlet-class attribute value should be:
     -
     -  com.pow2.acl.struts.action.ACLActionServlet
     -
     -  2)
     -  to use the pow2ACL attributes extension, you should define the
     -  "mapping" init-param and set its value to:
     -
     -  com.pow2.acl.struts.action.ACLActionMapping
     -
     -  This value is the full qualified name of the ACLActionMapping bean class
     -  that extends the original ActionMapping class, and adds the support
     -  for "role" and "group" attributes.
     -
     -->

  <servlet>
    <servlet-name>action</servlet-name>

    <!-- servlet-class>org.apache.struts.action.ActionServlet</servlet-class -->
    <servlet-class>com.pow2.acl.struts.action.ACLActionServlet</servlet-class>


    <init-param>
      <param-name>application</param-name>
      <param-value>resources</param-value>
    </init-param>
    <init-param>
      <param-name>config</param-name>
      <param-value>/WEB-INF/struts-config.xml</param-value>
    </init-param>

    <!-- the debugging detail level for this servlet,
         which controls how much information is logged. -->
    <init-param>
      <param-name>debug</param-name>
      <param-value>2</param-value>
    </init-param>

    <!-- The debugging detail level for the Digester we utilize in initMapping(),
         which logs to System.out instead of the servlet log. -->
    <init-param>
      <param-name>detail</param-name>
      <param-value>0</param-value>
    </init-param>

    <init-param>
      <param-name>nocache</param-name>
      <param-value>false</param-value>
    </init-param>
    <init-param>
      <param-name>validate</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>validating</param-name>
      <param-value>true</param-value>
    </init-param>

    <!--
       -  defines the ActionMapping class for the ACL system
       -->
    <init-param>
      <param-name>mapping</param-name>
      <param-value>com.pow2.acl.struts.action.ACLActionMapping</param-value>
    </init-param>

    <load-on-startup>3</load-on-startup>
  </servlet>

Here's how to configure an ACLRoleAction element into the struts-config.xml , enabling both the session and user's role validation:

  <!--
       -  ACLdispatcher action
       -
       -  ACldispatcher is a dispatcher action class
       -  that provides ACL role and group validation
       -  versus the com.pow2.user.User object stored into the session context.
       -
       -  ACLdispatcher redirects to the destination resource only if:
       -
       -  a) the current session provides a valid User reference (session validation);
       -  b) the current User object owns the role and belongs to the group
       -     specified by the "role"
       -     and "group" action properties.
       -
       -  The ACLdispatcher target resource can be specified by:
       -
       -  1) the URL "fwd" parameter value;
       -  2) the "parameter" property of this action elment;
       -->
    <action path  = "/ACLdispatcher"
            type     = "com.pow2.acl.struts.action.ACLRoleAction"
            scope    = "request"
            validate = "false">

      <!-- enable the session validation -->
      <set-property property="validateSession" value="true"/>

      <!-- enable the permissions validation -->
      <set-property property="validatePermissions" value="true"/>

      <!-- specify the group and the role to check -->
      <set-property property="role"  value="admin"/>
      <set-property property="group" value=""/>
    </action>

Web interface for the ACL data management

The ACL database can be managed by the ACL backoffice web interface. See the screenshots page.

Cactus ntegration unit tests

The Pow2ACL package provides a suite of regression tests that uses the Jakarta Cactus framework to execute the tests into the live servlet container.

Features list

Java API

ACL JSP tag library

Integration with Apache's Struts framework

Web interface for the ACL data management

Cactus ntegration unit tests