View Javadoc

1   package org.apache.turbine.modules.actions;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  
23  import org.apache.turbine.pipeline.PipelineData;
24  import org.apache.turbine.util.RunData;
25  import org.apache.velocity.context.Context;
26  
27  /**
28   * VelocitySecure action.
29   *
30   * Always performs a Security Check that you've defined before
31   * executing the doBuildtemplate().  You should extend this class and
32   * add the specific security check needed.  If you have a number of
33   * screens that need to perform the same check, you could make a base
34   * screen by extending this class and implementing the isAuthorized().
35   * Then each action that needs to perform the same check could extend
36   * your base action.
37   *
38   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
39   * @author <a href="mailto:jon@latchkey.com">Jon S. Stevens</a>
40   * @author <a href="mailto:jvanzyl@periapt.com">Jason van Zyl</a>
41   * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
42   * @version $Id: VelocitySecureAction.java 1066529 2011-02-02 17:01:46Z ludwig $
43   */
44  public abstract class VelocitySecureAction extends VelocityAction
45  {
46      /**
47       * Implement this to add information to the context.
48       *
49       * @deprecated Use the PipelineData version instead.
50       * @param data Turbine information.
51       * @param context Context for web pages.
52       * @throws Exception a generic exception.
53       */
54      @Deprecated
55      @Override
56      public abstract void doPerform(RunData data, Context context)
57              throws Exception;
58  
59      /**
60       * Implement this to add information to the context.
61       * Should revert to abstract when RunData has gone.
62       * @param data Turbine information.
63       * @param context Context for web pages.
64       * @throws Exception a generic exception.
65       */
66      @Override
67      public void doPerform(PipelineData pipelineData, Context context)
68              throws Exception
69      {
70          RunData data = getRunData(pipelineData);
71          doPerform(data, context);
72      }
73  
74  
75      /**
76       * This method overrides the method in WebMacroSiteAction to
77       * perform a security check first.
78       *
79       * @deprecated Use PipelineData version instead.
80       * @param data Turbine information.
81       * @throws Exception a generic exception.
82       */
83      @Deprecated
84      @Override
85      protected void perform(RunData data) throws Exception
86      {
87          if (isAuthorized(data))
88          {
89              super.perform(data);
90          }
91      }
92  
93      /**
94       * This method overrides the method in WebMacroSiteAction to
95       * perform a security check first.
96       *
97       * @param data Turbine information.
98       * @throws Exception a generic exception.
99       */
100     @Override
101     protected void perform(PipelineData pipelineData) throws Exception
102     {
103         if (isAuthorized(pipelineData))
104         {
105             super.perform(pipelineData);
106         }
107     }
108 
109 
110 
111 
112     /**
113      * Implement this method to perform the security check needed.
114      * You should set the template in this method that you want the
115      * user to be sent to if they're unauthorized.
116      *
117      * @deprecated Use PipelineData version instead.
118      * @param data Turbine information.
119      * @return True if the user is authorized to access the screen.
120      * @throws Exception a generic exception.
121      */
122     @Deprecated
123     protected abstract boolean isAuthorized(RunData data)
124             throws Exception;
125 
126     /**
127      * Implement this method to perform the security check needed.
128      * You should set the template in this method that you want the
129      * user to be sent to if they're unauthorized.
130      * Should revert to abstract when RunData has gone.
131      * @param data Turbine information.
132      * @return True if the user is authorized to access the screen.
133      * @throws Exception a generic exception.
134      */
135     protected boolean isAuthorized(PipelineData pipelineData)
136             throws Exception
137     {
138         RunData data = getRunData(pipelineData);
139         return isAuthorized(data);
140     }
141 
142 }