001    package org.apache.turbine.modules.screens;
002    
003    /*
004     * Licensed to the Apache Software Foundation (ASF) under one
005     * or more contributor license agreements.  See the NOTICE file
006     * distributed with this work for additional information
007     * regarding copyright ownership.  The ASF licenses this file
008     * to you under the Apache License, Version 2.0 (the
009     * "License"); you may not use this file except in compliance
010     * with the License.  You may obtain a copy of the License at
011     *
012     *   http://www.apache.org/licenses/LICENSE-2.0
013     *
014     * Unless required by applicable law or agreed to in writing,
015     * software distributed under the License is distributed on an
016     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017     * KIND, either express or implied.  See the License for the
018     * specific language governing permissions and limitations
019     * under the License.
020     */
021    
022    
023    import org.apache.turbine.pipeline.PipelineData;
024    import org.apache.turbine.services.velocity.TurbineVelocity;
025    import org.apache.turbine.util.RunData;
026    
027    import org.apache.velocity.context.Context;
028    
029    /**
030     * VelocitySecureScreen
031     *
032     * Always performs a Security Check that you've defined before
033     * executing the doBuildTemplate().  You should extend this class and
034     * add the specific security check needed.  If you have a number of
035     * screens that need to perform the same check, you could make a base
036     * screen by extending this class and implementing the isAuthorized().
037     * Then each screen that needs to perform the same check could extend
038     * your base screen.
039     *
040     * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
041     * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
042     * @version $Id: VelocitySecureScreen.java 938645 2010-04-27 20:57:51Z tv $
043     */
044    public abstract class VelocitySecureScreen
045            extends VelocityScreen
046    {
047        /**
048         * Implement this to add information to the context.
049         *
050         * @deprecated Use PipelineData version instead.
051         * @param data Turbine information.
052         * @param context Context for web pages.
053         * @exception Exception, a generic exception.
054         */
055        protected abstract void doBuildTemplate(RunData data,
056                                                Context context)
057                throws Exception;
058    
059        /**
060         * Implement this to add information to the context.
061         *
062         * @param data Turbine information.
063         * @param context Context for web pages.
064         * @exception Exception, a generic exception.
065         */
066        protected void doBuildTemplate(PipelineData pipelineData,
067                                                Context context)
068                throws Exception
069        {
070            RunData data = getRunData(pipelineData);
071            doBuildTemplate(data);
072        }
073    
074    
075        /**
076         * This method overrides the method in VelocityScreen to
077         * perform a security check first.
078         *
079         * @deprecated Use PipelineData version instead.
080         * @param data Turbine information.
081         * @exception Exception, a generic exception.
082         */
083        protected void doBuildTemplate(RunData data)
084            throws Exception
085        {
086            if (isAuthorized(data))
087            {
088                doBuildTemplate(data, TurbineVelocity.getContext(data));
089            }
090        }
091    
092        /**
093         * This method overrides the method in VelocityScreen to
094         * perform a security check first.
095         *
096         * @param data Turbine information.
097         * @exception Exception, a generic exception.
098         */
099        protected void doBuildTemplate(PipelineData pipelineData)
100            throws Exception
101        {
102            if (isAuthorized(pipelineData))
103            {
104                doBuildTemplate(pipelineData, TurbineVelocity.getContext(pipelineData));
105            }
106        }
107    
108    
109    
110        /**
111         * Implement this method to perform the security check needed.
112         * You should set the template in this method that you want the
113         * user to be sent to if they're unauthorized.
114         *
115         * @deprecated Use PipelineData version instead.
116         * @param data Turbine information.
117         * @return True if the user is authorized to access the screen.
118         * @exception Exception, a generic exception.
119         */
120        protected abstract boolean isAuthorized(RunData data)
121                throws Exception;
122    
123        /**
124         * Implement this method to perform the security check needed.
125         * You should set the template in this method that you want the
126         * user to be sent to if they're unauthorized.  See the
127         * VelocitySecurityCheck utility.
128         *
129         * @param data Turbine information.
130         * @return True if the user is authorized to access the screen.
131         * @exception Exception, a generic exception.
132         */
133        protected boolean isAuthorized(PipelineData pipelineData)
134        throws Exception
135        {
136            RunData data = getRunData(pipelineData);
137            return isAuthorized(data);
138        }
139    
140    
141    
142    }