View Javadoc

1   package org.apache.turbine.modules.screens;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  
23  import org.apache.turbine.pipeline.PipelineData;
24  import org.apache.turbine.services.velocity.TurbineVelocity;
25  import org.apache.turbine.util.RunData;
26  
27  import org.apache.velocity.context.Context;
28  
29  /**
30   * VelocitySecureScreen
31   *
32   * Always performs a Security Check that you've defined before
33   * executing the doBuildTemplate().  You should extend this class and
34   * add the specific security check needed.  If you have a number of
35   * screens that need to perform the same check, you could make a base
36   * screen by extending this class and implementing the isAuthorized().
37   * Then each screen that needs to perform the same check could extend
38   * your base screen.
39   *
40   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
41   * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
42   * @version $Id: VelocitySecureScreen.java 938645 2010-04-27 20:57:51Z tv $
43   */
44  public abstract class VelocitySecureScreen
45          extends VelocityScreen
46  {
47      /**
48       * Implement this to add information to the context.
49       *
50       * @deprecated Use PipelineData version instead.
51       * @param data Turbine information.
52       * @param context Context for web pages.
53       * @exception Exception, a generic exception.
54       */
55      protected abstract void doBuildTemplate(RunData data,
56                                              Context context)
57              throws Exception;
58  
59      /**
60       * Implement this to add information to the context.
61       *
62       * @param data Turbine information.
63       * @param context Context for web pages.
64       * @exception Exception, a generic exception.
65       */
66      protected void doBuildTemplate(PipelineData pipelineData,
67                                              Context context)
68              throws Exception
69      {
70          RunData data = getRunData(pipelineData);
71          doBuildTemplate(data);
72      }
73  
74  
75      /**
76       * This method overrides the method in VelocityScreen to
77       * perform a security check first.
78       *
79       * @deprecated Use PipelineData version instead.
80       * @param data Turbine information.
81       * @exception Exception, a generic exception.
82       */
83      protected void doBuildTemplate(RunData data)
84          throws Exception
85      {
86          if (isAuthorized(data))
87          {
88              doBuildTemplate(data, TurbineVelocity.getContext(data));
89          }
90      }
91  
92      /**
93       * This method overrides the method in VelocityScreen to
94       * perform a security check first.
95       *
96       * @param data Turbine information.
97       * @exception Exception, a generic exception.
98       */
99      protected void doBuildTemplate(PipelineData pipelineData)
100         throws Exception
101     {
102         if (isAuthorized(pipelineData))
103         {
104             doBuildTemplate(pipelineData, TurbineVelocity.getContext(pipelineData));
105         }
106     }
107 
108 
109 
110     /**
111      * Implement this method to perform the security check needed.
112      * You should set the template in this method that you want the
113      * user to be sent to if they're unauthorized.
114      *
115      * @deprecated Use PipelineData version instead.
116      * @param data Turbine information.
117      * @return True if the user is authorized to access the screen.
118      * @exception Exception, a generic exception.
119      */
120     protected abstract boolean isAuthorized(RunData data)
121             throws Exception;
122 
123     /**
124      * Implement this method to perform the security check needed.
125      * You should set the template in this method that you want the
126      * user to be sent to if they're unauthorized.  See the
127      * VelocitySecurityCheck utility.
128      *
129      * @param data Turbine information.
130      * @return True if the user is authorized to access the screen.
131      * @exception Exception, a generic exception.
132      */
133     protected boolean isAuthorized(PipelineData pipelineData)
134     throws Exception
135     {
136         RunData data = getRunData(pipelineData);
137         return isAuthorized(data);
138     }
139 
140 
141 
142 }