Differences between revisions 11 and 12
Revision 11 as of 2017-11-16 10:20:48
Size: 14062
Revision 12 as of 2017-11-22 10:56:03
Size: 14042
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:

Line 33: Line 35:

Line 63: Line 67:
== T U R B I N E 4.0 ==
''' R E L E A S E'''
= 4.0M2 -> 4.0 =

2.3.2 -> 2.4M1

2.4.M1 -> 4.0M1

Major changes

  • The following services have been removed:
    • Excalibur component service replace by Fulcrum Yaafi
  • The following services have been replaced by Fulcrum components:
    • cache service
    • crypto service
    • factory service
    • intake service
    • localization service
    • mime service
    • pool service
    • upload service (optional)
    • xmlrpc service (optional)
    • xslt service (optional)
  • A new parser service has been introduced
  • org.apache.turbine.util.pool.Recyclable is replaced by org.apache.fulcrum.pool.Recyclable

  • org.apache.turbine.util.parser.CookieParser is replaced by org.apache.fulcrum.parser.CookieParser

  • org.apache.turbine.util.parser.ParameterParser is replaced by org.apache.fulcrum.parser.ParameterParser

  • org.apache.turbine.util.pool.Recyclable is replaced by org.apache.fulcrum.pool.Recyclable

  • org.apache.turbine.services.pool.TurbinePool is replaced by org.apache.fulcrum.pool.PoolService

  • Some util classes removed (db,mail,parser,pool,upload)
  • RunData now extends PipelineData

4.0M1 -> 4.0M2

Major changes

  • The security service has been replaced with the Fulcrum Security Components, so that
    • org.apache.turbine.om.security.Group is replaced by org.apache.fulcrum.security.entity.Group

    • org.apache.turbine.om.security.Role is replaced by org.apache.fulcrum.security.entity.Role

    • org.apache.turbine.om.security.Permission is replaced by org.apache.fulcrum.security.entity.Permission

    • org.apache.turbine.util.security.GroupSet is replaced by org.apache.fulcrum.security.util.GroupSet

    • org.apache.turbine.util.security.RoleSet is replaced by org.apache.fulcrum.security.util.RoleSet

    • org.apache.turbine.util.security.PermissionSet is replaced by org.apache.fulcrum.security.util.PermissionSet

    • org.apache.turbine.util.security.AccessControlList is replaced by org.apache.fulcrum.security.acl.AccessControlList

    • org.apache.turbine.util.security.DataBackendException is replaced by org.apache.fulcrum.security.util.DataBackendException

    • org.apache.turbine.util.security.EntityExistsException is replaced by org.apache.fulcrum.security.util.EntityExistsException

    • org.apache.turbine.util.security.PasswordMismatchException is replaced by org.apache.fulcrum.security.util.PasswordMismatchException

    • org.apache.turbine.util.security.UnknownEntityException is replaced by org.apache.fulcrum.security.util.UnknownEntityException

    • org.apache.turbine.util.security.TurbineSecurityException is replaced by org.apache.fulcrum.security.util.FulcrumSecurityException

  • The default Torque-based scheduler service has been deprecated. The replacement is the Fulcrum Quartz Service.
    • org.apache.turbine.services.schedule.JobEntry is now an interface and no longer depends on org.apache.torque.om.Persistent

    • several implementations exist for different schedulers
    • the SchedulerService contains a factory method for new jobs

  • All deprecated RunData-related module methods have been removed.

    • Modules that depend on RunData should be derived from LegacyVelocityAction, LegacyVelocitySecureAction, LegacyVelocityScreen and LegacyVelocitySecureScreen, respectively

  • Turbine now supports several annotations to simplify using Turbine services, loaders and configurations in screens, actions, valves etc.

4.0M2 -> 4.0

Discussions and Howtos

Turbine 4 Entity User Data Model, Facts and Discussion, Fulcrum Security

Updated content from Turbine developer mailing list discussion (Fri, 08 Jul 2016 11:11:50 GMT).


Security/Authentication is now separated and moved into Fulcrum Security. To get a better understanding...

... I started with a user model as an example and sketching the situations with some (pseudo) code. User instantiation is the first place, where a new user model comes into place - may be a good starting point.

To get a new user instance in

  1. Turbine-4-M1
  2. Turbine-4-M2, Turbine-4

consider this (pseudocode) examples in

  1.   org.apache.turbine.services.security.TurbineSecurity.getUserInstance()  {
        return getService().getUserInstance()

    where service could be e.g. org.apache.turbine.services.security.BaseSecurityService and the userInstance looks like

     return (org.apache.turbine.om.security.User) getUserClass().newInstance(); 

    The userClass / userInstance is configured in Turbine configuration e.g. setting

     services.SecurityService.user.class= org.apache.turbine.om.security.TurbineUser 
    which is the default user class.

    The contract interface is  org.apache.turbine.om.security.User.

  2. As configured by default
     services.SecurityService.user.manager = org.apache.turbine.services.security.DefaultUserManager 

    the method getUserInstance has a wrapped user instance:

       TurbineUser u = umDelegate.getUserInstance(); (1)
       return wrap(u); (2)
    • (1) umDelegate object implements
      • org.apache.fulcrum.security.model.turbine.TurbineUserManager (e.g. org.apache.fulcrum.security.torque.turbine.TorqueTurbineUserManagerImpl. Configuration is in Fulcrum roleConfiguration.xml. <role name="org.apache.fulcrum.security.UserManager" default-class="<umDelegate>">.

      The userInstance delegates further e.g. in

      org.apache.fulcrum.security.spi.AbstractUserManager.getUserInstance() and may look like this

        return T user = (T) Class.forName(getClassName()).newInstance(); 

      where the className is configured in Fulcrum XML configuration (componentConfiguration.xml.)

       <userManager><className>, which becomes the userDelegate in DefaultUserImpl (2) Since Turbine 4.0 wrap code looks like

        return (U) getUserWrapper(user); 
      It just wraps the user object to keep the contract, by default

      org.apache.turbine.om.security.DefaultUserImpl is an implementation of org.apache.turbine.om.security.User and wraps the userDelegate org.apache.fulcrum.security.model.turbine.entity.TurbineUser as configured in Fulcrum componentConfiguration.xml.

      The contract interface is <T extends org.apache.turbine.om.security.User>.


This is may be the most interesting part to understand, as the same User interface has been broken up and the semantics changed a little bit.

  1. - ( org.apache.turbine.om.security.TurbineUser is a class).

    org.apache.turbine.om.security.User (properties: password,  email, firstName, lastName, confirmed, createDate, loggedin, accessCounter, perm, temp, updateLastLogin, tempStorage,permStorage)

    • -> org.apache.turbine.om.security.SecurityEntity (properties: name, id, idAsObject)

      • -> ..

  2. org.apache.turbine.om.security.User (properties: confirmed, createDate, loggedin, accessCounter, perm, temp, updateLastLogin, tempStorage,permStorage)

    • -> org.apache.fulcrum.security.model.turbine.entity.TurbineUser (-)

      • -> org.apache.fulcrum.security.entity.ExtendedUser (properties: email, firstName, lastName, objectData)..

        • -> org.apache.fulcrum.security.entity.User (property: password)

          • -> org.apache.fulcrum.security.entity.SecurityEntity (properties: name,id)

        -> org.apache.fulcrum.security.model.turbine.entity.TurbineUserGroupRoleEntity (properties: userGroupRoleSet, add-/removeUserGroupRoleSet)

      -> ..

As a result there is now NO TurbineUser class any more (except occasionally a ORM generated class), but instead a new interface (in a different package) with some additional methods (cft. TurbineUserGroupRoleEntity) is present. This makes sense as the TurbineUser is now a special case in Fulcrum Security.

Default classes

  1. org.apache.turbine.om.security.TurbineUser implements org.apache.turbine.om.security.User 

  2. org.apache.turbine.om.security.DefaultUserImpl implements org.apache.turbine.om.security.User 

More Delegates

  1. -
  2. org.apache.fulcrum.security.model.turbine.entity.impl.TurbineUserImpl (properties: email, firstName, lastName, password, objectData) Interfaces

    -> org.apache.fulcrum.security.model.turbine.entity.TurbineUser

    • Extended classes
      • -> org.apache.fulcrum.security.model.turbine.entity.impl.AbstractTurbineSecurityEntityImpl

        • -> org.apache.fulcrum.security.entity.impl.SecurityEntityImpl (properties: equals, hashCode, toString) Interfaces

          • -> org.apache.fulcrum.security.entity.SecurityEntity (properties: id, name)


Moved properties

  • Email, FirstName, LastName, Password

The getter/setter for email, firstName, lastName, password moved from org.apache.turbine.om.security.User to the new interface org.apache.fulcrum.security.model.turbine.entity.TurbineUser.

Password is now in an interface org.apache.fulcrum.security.entity.User of its own, the other setter/getter methods are in org.apache.fulcrum.security.entity.ExtendedUser.

  • Name and Id

    1. org.apache.turbine.om.security.SecurityEntity

    2. org.apache.fulcrum.security.entity.SecurityEntity

    The id getter/setter methods expect now an Object, while in Turbine M1 version an int primitive type was expected. The old version had a special accessor idAsObject, which is now removed.

The new model properties entityId and entityName correspond probably to id and name in some way..

Old and New

  • Turbine Interface: org.apache.turbine.om.security.User.

    Old implementation class: org.apache.turbine.om.security.TurbineUser.

    New implementation class: org.apache.turbine.om.security.DefaultUserImpl.

    New extracted Fulcrum interface: org.apache.fulcrum.security.model.turbine.entity.TurbineUser.

    New (example) implementation class: org.apache.fulcrum.security.model.turbine.entity.impl.TurbineUserImpl.

    Another implementation class is org.apache.fulcrum.security.torque.turbine.TorqueAbstractTurbineUser, which provides some extra methods (delete, databaseName, entityId, entityName, update, retrieveAttachedObjects, cft. org.apache.fulcrum.security.torque.TorqueAbstractSecurityEntity).


  • org.apache.fulcrum.security.entity.ExtendedUser contains org.apache.fulcrum.security.entity.User (password only getter/setter property).


Building Torque ORM with

<table name="turbine_user" idMethod="native" baseClass="<baseClass>" interface="org.apache.fulcrum.security.model.turbine.entity.TurbineUser">

could be done using as base class, but it´s NOT required. Example options for baseClass e.g.:

  • org.apache.fulcrum.security.model.turbine.entity.impl.TurbineUserImpl

  • org.apache.fulcrum.security.torque.security.TorqueAbstractSecurityEntity

  • org.apache.fulcrum.security.torque.turbine.TorqueAbstractTurbineUser

In this example the generated class in this case is just named TurbineUser by default.

SecurityService, UserManager

Both could be found in Turbine and Fulcrum. As said in [http://turbine.apache.org/turbine/turbine-4.0-M2/services/security-service.html] Fulcrum Managers are just delegates and should/could only be used from Turbine services in Turbine context.

More Examples

org.apache.turbine.services.security.SecurityService (userInstance, getUser..)

org.apache.turbine.services.security.UserManager (userInstance, authenticate

org.apache.fulcrum.security.SecurityService (userManager, ..)

org.apache.fulcrum.security.UserManager (userInstance, authenticate

How to handle extra columns in Turbine user table with Fulcrum Security


If you have to map colums other than firstName, lastName, email, password to a table you have to implement your own wrapper and set in TR.properties. PermStorage is by default considered in Fulcrum just "as is", i.e. it is saved only in objectData.


Fulcrum user: Turbine userDelegate: Fulcrum <userManager><className> componentConfiguration.xml

Turbine wrapper optional if you have additional columns:

Turbine wrapper:


in TR.properties.


Fulcrum security package just saves the permStorage in objectData by default.

(Pseudo) Code example


DefaultUserManager store(User user) 

calls Fulcrum e.g. TorqueAbstractUserManager

 saveUser(User user) 

 TorqueAbstractSecurityEntity u = (TorqueAbstractSecurityEntity)user;

u is the Fulcrum user class, which the user can set (the userDelegate).

If this user has additional properties they are not set, as permStorage is saved only in objectData by default.

Turbine4/Turbine4.0M1/Diff (last edited 2017-11-22 10:56:03 by GeorgKallidis)