001 package org.apache.turbine.modules.screens; 002 003 /* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022 023 import org.apache.turbine.pipeline.PipelineData; 024 import org.apache.turbine.services.velocity.TurbineVelocity; 025 import org.apache.turbine.util.RunData; 026 027 import org.apache.velocity.context.Context; 028 029 /** 030 * VelocitySecureScreen 031 * 032 * Always performs a Security Check that you've defined before 033 * executing the doBuildTemplate(). You should extend this class and 034 * add the specific security check needed. If you have a number of 035 * screens that need to perform the same check, you could make a base 036 * screen by extending this class and implementing the isAuthorized(). 037 * Then each screen that needs to perform the same check could extend 038 * your base screen. 039 * 040 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 041 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 042 * @version $Id: VelocitySecureScreen.java 938645 2010-04-27 20:57:51Z tv $ 043 */ 044 public abstract class VelocitySecureScreen 045 extends VelocityScreen 046 { 047 /** 048 * Implement this to add information to the context. 049 * 050 * @deprecated Use PipelineData version instead. 051 * @param data Turbine information. 052 * @param context Context for web pages. 053 * @exception Exception, a generic exception. 054 */ 055 protected abstract void doBuildTemplate(RunData data, 056 Context context) 057 throws Exception; 058 059 /** 060 * Implement this to add information to the context. 061 * 062 * @param data Turbine information. 063 * @param context Context for web pages. 064 * @exception Exception, a generic exception. 065 */ 066 protected void doBuildTemplate(PipelineData pipelineData, 067 Context context) 068 throws Exception 069 { 070 RunData data = getRunData(pipelineData); 071 doBuildTemplate(data); 072 } 073 074 075 /** 076 * This method overrides the method in VelocityScreen to 077 * perform a security check first. 078 * 079 * @deprecated Use PipelineData version instead. 080 * @param data Turbine information. 081 * @exception Exception, a generic exception. 082 */ 083 protected void doBuildTemplate(RunData data) 084 throws Exception 085 { 086 if (isAuthorized(data)) 087 { 088 doBuildTemplate(data, TurbineVelocity.getContext(data)); 089 } 090 } 091 092 /** 093 * This method overrides the method in VelocityScreen to 094 * perform a security check first. 095 * 096 * @param data Turbine information. 097 * @exception Exception, a generic exception. 098 */ 099 protected void doBuildTemplate(PipelineData pipelineData) 100 throws Exception 101 { 102 if (isAuthorized(pipelineData)) 103 { 104 doBuildTemplate(pipelineData, TurbineVelocity.getContext(pipelineData)); 105 } 106 } 107 108 109 110 /** 111 * Implement this method to perform the security check needed. 112 * You should set the template in this method that you want the 113 * user to be sent to if they're unauthorized. 114 * 115 * @deprecated Use PipelineData version instead. 116 * @param data Turbine information. 117 * @return True if the user is authorized to access the screen. 118 * @exception Exception, a generic exception. 119 */ 120 protected abstract boolean isAuthorized(RunData data) 121 throws Exception; 122 123 /** 124 * Implement this method to perform the security check needed. 125 * You should set the template in this method that you want the 126 * user to be sent to if they're unauthorized. See the 127 * VelocitySecurityCheck utility. 128 * 129 * @param data Turbine information. 130 * @return True if the user is authorized to access the screen. 131 * @exception Exception, a generic exception. 132 */ 133 protected boolean isAuthorized(PipelineData pipelineData) 134 throws Exception 135 { 136 RunData data = getRunData(pipelineData); 137 return isAuthorized(data); 138 } 139 140 141 142 }