1 package org.apache.turbine.modules.actions;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22
23 import org.apache.turbine.pipeline.PipelineData;
24 import org.apache.turbine.util.RunData;
25 import org.apache.velocity.context.Context;
26
27 /**
28 * VelocitySecure action.
29 *
30 * Always performs a Security Check that you've defined before
31 * executing the doBuildtemplate(). You should extend this class and
32 * add the specific security check needed. If you have a number of
33 * screens that need to perform the same check, you could make a base
34 * screen by extending this class and implementing the isAuthorized().
35 * Then each action that needs to perform the same check could extend
36 * your base action.
37 *
38 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
39 * @author <a href="mailto:jon@latchkey.com">Jon S. Stevens</a>
40 * @author <a href="mailto:jvanzyl@periapt.com">Jason van Zyl</a>
41 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
42 * @version $Id: VelocitySecureAction.java 1066529 2011-02-02 17:01:46Z ludwig $
43 */
44 public abstract class VelocitySecureAction extends VelocityAction
45 {
46 /**
47 * Implement this to add information to the context.
48 *
49 * @deprecated Use the PipelineData version instead.
50 * @param data Turbine information.
51 * @param context Context for web pages.
52 * @throws Exception a generic exception.
53 */
54 @Deprecated
55 @Override
56 public abstract void doPerform(RunData data, Context context)
57 throws Exception;
58
59 /**
60 * Implement this to add information to the context.
61 * Should revert to abstract when RunData has gone.
62 * @param data Turbine information.
63 * @param context Context for web pages.
64 * @throws Exception a generic exception.
65 */
66 @Override
67 public void doPerform(PipelineData pipelineData, Context context)
68 throws Exception
69 {
70 RunData data = getRunData(pipelineData);
71 doPerform(data, context);
72 }
73
74
75 /**
76 * This method overrides the method in WebMacroSiteAction to
77 * perform a security check first.
78 *
79 * @deprecated Use PipelineData version instead.
80 * @param data Turbine information.
81 * @throws Exception a generic exception.
82 */
83 @Deprecated
84 @Override
85 protected void perform(RunData data) throws Exception
86 {
87 if (isAuthorized(data))
88 {
89 super.perform(data);
90 }
91 }
92
93 /**
94 * This method overrides the method in WebMacroSiteAction to
95 * perform a security check first.
96 *
97 * @param data Turbine information.
98 * @throws Exception a generic exception.
99 */
100 @Override
101 protected void perform(PipelineData pipelineData) throws Exception
102 {
103 if (isAuthorized(pipelineData))
104 {
105 super.perform(pipelineData);
106 }
107 }
108
109
110
111
112 /**
113 * Implement this method to perform the security check needed.
114 * You should set the template in this method that you want the
115 * user to be sent to if they're unauthorized.
116 *
117 * @deprecated Use PipelineData version instead.
118 * @param data Turbine information.
119 * @return True if the user is authorized to access the screen.
120 * @throws Exception a generic exception.
121 */
122 @Deprecated
123 protected abstract boolean isAuthorized(RunData data)
124 throws Exception;
125
126 /**
127 * Implement this method to perform the security check needed.
128 * You should set the template in this method that you want the
129 * user to be sent to if they're unauthorized.
130 * Should revert to abstract when RunData has gone.
131 * @param data Turbine information.
132 * @return True if the user is authorized to access the screen.
133 * @throws Exception a generic exception.
134 */
135 protected boolean isAuthorized(PipelineData pipelineData)
136 throws Exception
137 {
138 RunData data = getRunData(pipelineData);
139 return isAuthorized(data);
140 }
141
142 }