001 package org.apache.turbine.modules.screens;
002
003 /*
004 * Licensed to the Apache Software Foundation (ASF) under one
005 * or more contributor license agreements. See the NOTICE file
006 * distributed with this work for additional information
007 * regarding copyright ownership. The ASF licenses this file
008 * to you under the Apache License, Version 2.0 (the
009 * "License"); you may not use this file except in compliance
010 * with the License. You may obtain a copy of the License at
011 *
012 * http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing,
015 * software distributed under the License is distributed on an
016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017 * KIND, either express or implied. See the License for the
018 * specific language governing permissions and limitations
019 * under the License.
020 */
021
022
023 import org.apache.turbine.pipeline.PipelineData;
024 import org.apache.turbine.services.velocity.TurbineVelocity;
025 import org.apache.turbine.util.RunData;
026
027 import org.apache.velocity.context.Context;
028
029 /**
030 * VelocitySecureScreen
031 *
032 * Always performs a Security Check that you've defined before
033 * executing the doBuildTemplate(). You should extend this class and
034 * add the specific security check needed. If you have a number of
035 * screens that need to perform the same check, you could make a base
036 * screen by extending this class and implementing the isAuthorized().
037 * Then each screen that needs to perform the same check could extend
038 * your base screen.
039 *
040 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
041 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
042 * @version $Id: VelocitySecureScreen.java 938645 2010-04-27 20:57:51Z tv $
043 */
044 public abstract class VelocitySecureScreen
045 extends VelocityScreen
046 {
047 /**
048 * Implement this to add information to the context.
049 *
050 * @deprecated Use PipelineData version instead.
051 * @param data Turbine information.
052 * @param context Context for web pages.
053 * @exception Exception, a generic exception.
054 */
055 protected abstract void doBuildTemplate(RunData data,
056 Context context)
057 throws Exception;
058
059 /**
060 * Implement this to add information to the context.
061 *
062 * @param data Turbine information.
063 * @param context Context for web pages.
064 * @exception Exception, a generic exception.
065 */
066 protected void doBuildTemplate(PipelineData pipelineData,
067 Context context)
068 throws Exception
069 {
070 RunData data = getRunData(pipelineData);
071 doBuildTemplate(data);
072 }
073
074
075 /**
076 * This method overrides the method in VelocityScreen to
077 * perform a security check first.
078 *
079 * @deprecated Use PipelineData version instead.
080 * @param data Turbine information.
081 * @exception Exception, a generic exception.
082 */
083 protected void doBuildTemplate(RunData data)
084 throws Exception
085 {
086 if (isAuthorized(data))
087 {
088 doBuildTemplate(data, TurbineVelocity.getContext(data));
089 }
090 }
091
092 /**
093 * This method overrides the method in VelocityScreen to
094 * perform a security check first.
095 *
096 * @param data Turbine information.
097 * @exception Exception, a generic exception.
098 */
099 protected void doBuildTemplate(PipelineData pipelineData)
100 throws Exception
101 {
102 if (isAuthorized(pipelineData))
103 {
104 doBuildTemplate(pipelineData, TurbineVelocity.getContext(pipelineData));
105 }
106 }
107
108
109
110 /**
111 * Implement this method to perform the security check needed.
112 * You should set the template in this method that you want the
113 * user to be sent to if they're unauthorized.
114 *
115 * @deprecated Use PipelineData version instead.
116 * @param data Turbine information.
117 * @return True if the user is authorized to access the screen.
118 * @exception Exception, a generic exception.
119 */
120 protected abstract boolean isAuthorized(RunData data)
121 throws Exception;
122
123 /**
124 * Implement this method to perform the security check needed.
125 * You should set the template in this method that you want the
126 * user to be sent to if they're unauthorized. See the
127 * VelocitySecurityCheck utility.
128 *
129 * @param data Turbine information.
130 * @return True if the user is authorized to access the screen.
131 * @exception Exception, a generic exception.
132 */
133 protected boolean isAuthorized(PipelineData pipelineData)
134 throws Exception
135 {
136 RunData data = getRunData(pipelineData);
137 return isAuthorized(data);
138 }
139
140
141
142 }