1 package org.apache.turbine.modules.screens;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22
23 import org.apache.turbine.pipeline.PipelineData;
24 import org.apache.turbine.services.velocity.TurbineVelocity;
25 import org.apache.turbine.util.RunData;
26
27 import org.apache.velocity.context.Context;
28
29 /**
30 * VelocitySecureScreen
31 *
32 * Always performs a Security Check that you've defined before
33 * executing the doBuildTemplate(). You should extend this class and
34 * add the specific security check needed. If you have a number of
35 * screens that need to perform the same check, you could make a base
36 * screen by extending this class and implementing the isAuthorized().
37 * Then each screen that needs to perform the same check could extend
38 * your base screen.
39 *
40 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
41 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
42 * @version $Id: VelocitySecureScreen.java 938645 2010-04-27 20:57:51Z tv $
43 */
44 public abstract class VelocitySecureScreen
45 extends VelocityScreen
46 {
47 /**
48 * Implement this to add information to the context.
49 *
50 * @deprecated Use PipelineData version instead.
51 * @param data Turbine information.
52 * @param context Context for web pages.
53 * @exception Exception, a generic exception.
54 */
55 protected abstract void doBuildTemplate(RunData data,
56 Context context)
57 throws Exception;
58
59 /**
60 * Implement this to add information to the context.
61 *
62 * @param data Turbine information.
63 * @param context Context for web pages.
64 * @exception Exception, a generic exception.
65 */
66 protected void doBuildTemplate(PipelineData pipelineData,
67 Context context)
68 throws Exception
69 {
70 RunData data = getRunData(pipelineData);
71 doBuildTemplate(data);
72 }
73
74
75 /**
76 * This method overrides the method in VelocityScreen to
77 * perform a security check first.
78 *
79 * @deprecated Use PipelineData version instead.
80 * @param data Turbine information.
81 * @exception Exception, a generic exception.
82 */
83 protected void doBuildTemplate(RunData data)
84 throws Exception
85 {
86 if (isAuthorized(data))
87 {
88 doBuildTemplate(data, TurbineVelocity.getContext(data));
89 }
90 }
91
92 /**
93 * This method overrides the method in VelocityScreen to
94 * perform a security check first.
95 *
96 * @param data Turbine information.
97 * @exception Exception, a generic exception.
98 */
99 protected void doBuildTemplate(PipelineData pipelineData)
100 throws Exception
101 {
102 if (isAuthorized(pipelineData))
103 {
104 doBuildTemplate(pipelineData, TurbineVelocity.getContext(pipelineData));
105 }
106 }
107
108
109
110 /**
111 * Implement this method to perform the security check needed.
112 * You should set the template in this method that you want the
113 * user to be sent to if they're unauthorized.
114 *
115 * @deprecated Use PipelineData version instead.
116 * @param data Turbine information.
117 * @return True if the user is authorized to access the screen.
118 * @exception Exception, a generic exception.
119 */
120 protected abstract boolean isAuthorized(RunData data)
121 throws Exception;
122
123 /**
124 * Implement this method to perform the security check needed.
125 * You should set the template in this method that you want the
126 * user to be sent to if they're unauthorized. See the
127 * VelocitySecurityCheck utility.
128 *
129 * @param data Turbine information.
130 * @return True if the user is authorized to access the screen.
131 * @exception Exception, a generic exception.
132 */
133 protected boolean isAuthorized(PipelineData pipelineData)
134 throws Exception
135 {
136 RunData data = getRunData(pipelineData);
137 return isAuthorized(data);
138 }
139
140
141
142 }