001 package org.apache.turbine.modules.actions;
002
003 /*
004 * Licensed to the Apache Software Foundation (ASF) under one
005 * or more contributor license agreements. See the NOTICE file
006 * distributed with this work for additional information
007 * regarding copyright ownership. The ASF licenses this file
008 * to you under the Apache License, Version 2.0 (the
009 * "License"); you may not use this file except in compliance
010 * with the License. You may obtain a copy of the License at
011 *
012 * http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing,
015 * software distributed under the License is distributed on an
016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017 * KIND, either express or implied. See the License for the
018 * specific language governing permissions and limitations
019 * under the License.
020 */
021
022
023 import org.apache.turbine.pipeline.PipelineData;
024 import org.apache.turbine.util.RunData;
025 import org.apache.velocity.context.Context;
026
027 /**
028 * VelocitySecure action.
029 *
030 * Always performs a Security Check that you've defined before
031 * executing the doBuildtemplate(). You should extend this class and
032 * add the specific security check needed. If you have a number of
033 * screens that need to perform the same check, you could make a base
034 * screen by extending this class and implementing the isAuthorized().
035 * Then each action that needs to perform the same check could extend
036 * your base action.
037 *
038 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
039 * @author <a href="mailto:jon@latchkey.com">Jon S. Stevens</a>
040 * @author <a href="mailto:jvanzyl@periapt.com">Jason van Zyl</a>
041 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
042 * @version $Id: VelocitySecureAction.java 1066529 2011-02-02 17:01:46Z ludwig $
043 */
044 public abstract class VelocitySecureAction extends VelocityAction
045 {
046 /**
047 * Implement this to add information to the context.
048 *
049 * @deprecated Use the PipelineData version instead.
050 * @param data Turbine information.
051 * @param context Context for web pages.
052 * @throws Exception a generic exception.
053 */
054 @Deprecated
055 @Override
056 public abstract void doPerform(RunData data, Context context)
057 throws Exception;
058
059 /**
060 * Implement this to add information to the context.
061 * Should revert to abstract when RunData has gone.
062 * @param data Turbine information.
063 * @param context Context for web pages.
064 * @throws Exception a generic exception.
065 */
066 @Override
067 public void doPerform(PipelineData pipelineData, Context context)
068 throws Exception
069 {
070 RunData data = getRunData(pipelineData);
071 doPerform(data, context);
072 }
073
074
075 /**
076 * This method overrides the method in WebMacroSiteAction to
077 * perform a security check first.
078 *
079 * @deprecated Use PipelineData version instead.
080 * @param data Turbine information.
081 * @throws Exception a generic exception.
082 */
083 @Deprecated
084 @Override
085 protected void perform(RunData data) throws Exception
086 {
087 if (isAuthorized(data))
088 {
089 super.perform(data);
090 }
091 }
092
093 /**
094 * This method overrides the method in WebMacroSiteAction to
095 * perform a security check first.
096 *
097 * @param data Turbine information.
098 * @throws Exception a generic exception.
099 */
100 @Override
101 protected void perform(PipelineData pipelineData) throws Exception
102 {
103 if (isAuthorized(pipelineData))
104 {
105 super.perform(pipelineData);
106 }
107 }
108
109
110
111
112 /**
113 * Implement this method to perform the security check needed.
114 * You should set the template in this method that you want the
115 * user to be sent to if they're unauthorized.
116 *
117 * @deprecated Use PipelineData version instead.
118 * @param data Turbine information.
119 * @return True if the user is authorized to access the screen.
120 * @throws Exception a generic exception.
121 */
122 @Deprecated
123 protected abstract boolean isAuthorized(RunData data)
124 throws Exception;
125
126 /**
127 * Implement this method to perform the security check needed.
128 * You should set the template in this method that you want the
129 * user to be sent to if they're unauthorized.
130 * Should revert to abstract when RunData has gone.
131 * @param data Turbine information.
132 * @return True if the user is authorized to access the screen.
133 * @throws Exception a generic exception.
134 */
135 protected boolean isAuthorized(PipelineData pipelineData)
136 throws Exception
137 {
138 RunData data = getRunData(pipelineData);
139 return isAuthorized(data);
140 }
141
142 }