1 package org.apache.turbine.modules.screens;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22 import org.apache.turbine.pipeline.PipelineData;
23 import org.apache.turbine.util.RunData;
24
25 /**
26 * An extension to JSONScreen that performs a Security Check before invoking
27 * doBuildTemplate(). You should extend this class and add the specific
28 * security check needed. If you have a number of screens that need to perform
29 * the same check, you could make a base screen by extending this class and
30 * implementing the isAuthorized(). Then each screen that needs to perform the
31 * same check could extend your base screen.
32 *
33 * <p>Typically you would extend this class and override the doOutput() method
34 * to use TurbineJsonRpc to register the POJOs that will provide the functions
35 * you are making available via JSON-RPC. Use JSONScreen if you <p>do not</b>
36 * need the user to be logged in prior to executing the functions you provide.
37 *
38 * <p>Here is an example from a superclass:
39 * <code>
40 * public void doOutput(RunData data) throws Exception
41 * {
42 * User user = data.getUser();
43 *
44 * MySecureJsonFunctions myFunctions
45 * = new MySecureJsonFunctions(user.getName());
46 *
47 * // Session specific
48 * TurbineJsonRpc.registerObject(data.getSession(), "myFunctions", myFunctions);
49 *
50 * // Global
51 * //TurbineJsonRpc.registerObjectGlobal("testGlobal", testObject);
52 *
53 * super.doOutput(data);
54 * }
55 * </code>
56 *
57 * <p>The class MyFunctions would be something like:
58 * <code>
59 * public class MySecureJsonFunctions
60 * {
61 * private final String name;
62 *
63 * public MySecureJsonFunctions(String name)
64 * {
65 * this.name = name;
66 * }
67 *
68 * private String getName(String clientParameter)
69 * {
70 * return "Client " + clientParameter + " says Hello World to " + name;
71 * }
72 * }
73 * </code>
74 *
75 * @author <a href="mailto:seade@policypoint.net">Scott Eade</a>
76 * @version $Id: JSONSecureScreen.java 958672 2010-06-28 18:42:04Z tv $
77 */
78 public abstract class JSONSecureScreen extends JSONScreen
79 {
80 /**
81 * This method overrides the method in JSONScreen to perform a security
82 * check prior to producing the output.
83 *
84 * @param data Turbine information.
85 * @exception Exception, a generic exception.
86 * @deprecated Use PipelineData version instead.
87 */
88 protected void doOutput(RunData data) throws Exception
89 {
90 if (isAuthorized(data))
91 {
92 super.doOutput(data);
93 }
94 }
95
96 /**
97 * Override this method to perform the necessary security checks.
98 *
99 * @param data Turbine information.
100 * @return <code>true</code> if the user is authorized to access the screen.
101 * @exception Exception A generic exception.
102 * @deprecated Use PipelineData version instead.
103 */
104 protected abstract boolean isAuthorized(RunData data)
105 throws Exception;
106
107 /**
108 * This method overrides the method in JSONScreen to perform a security
109 * check prior to producing the output.
110 *
111 * @param pipelineData Turbine information.
112 * @exception Exception, a generic exception.
113 */
114 protected void doOutput(PipelineData pipelineData) throws Exception
115 {
116 if (isAuthorized(pipelineData))
117 {
118 super.doOutput(pipelineData);
119 }
120 }
121
122 /**
123 * Override this method to perform the necessary security checks.
124 *
125 * @param pipelineData Turbine information.
126 * @return <code>true</code> if the user is authorized to access the screen.
127 * @exception Exception A generic exception.
128 */
129 protected abstract boolean isAuthorized(PipelineData pipelineData)
130 throws Exception;
131 }