View Javadoc

1   package org.apache.turbine.modules.screens;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  
23  import org.apache.turbine.pipeline.PipelineData;
24  import org.apache.turbine.services.velocity.TurbineVelocity;
25  import org.apache.velocity.context.Context;
26  
27  /**
28   * VelocitySecureScreen
29   *
30   * Always performs a Security Check that you've defined before
31   * executing the doBuildTemplate().  You should extend this class and
32   * add the specific security check needed.  If you have a number of
33   * screens that need to perform the same check, you could make a base
34   * screen by extending this class and implementing the isAuthorized().
35   * Then each screen that needs to perform the same check could extend
36   * your base screen.
37   *
38   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
39   * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
40   * @version $Id: VelocitySecureScreen.java 1706239 2015-10-01 13:18:35Z tv $
41   */
42  public abstract class VelocitySecureScreen
43          extends VelocityScreen
44  {
45      /**
46       * Implement this to add information to the context.
47       *
48       * @param pipelineData Turbine information.
49       * @param context Context for web pages.
50       * @exception Exception, a generic exception.
51       */
52      @Override
53      protected abstract void doBuildTemplate(PipelineData pipelineData,
54                                              Context context)
55              throws Exception;
56  
57      /**
58       * This method overrides the method in VelocityScreen to
59       * perform a security check first.
60       *
61       * @param pipelineData Turbine information.
62       * @exception Exception, a generic exception.
63       */
64      @Override
65      protected void doBuildTemplate(PipelineData pipelineData)
66          throws Exception
67      {
68          if (isAuthorized(pipelineData))
69          {
70              doBuildTemplate(pipelineData, TurbineVelocity.getContext(pipelineData));
71          }
72      }
73  
74      /**
75       * Implement this method to perform the security check needed.
76       * You should set the template in this method that you want the
77       * user to be sent to if they're unauthorized.  See the
78       * VelocitySecurityCheck utility.
79       *
80       * @param pipelineData Turbine information.
81       * @return True if the user is authorized to access the screen.
82       * @exception Exception, a generic exception.
83       */
84      protected abstract boolean isAuthorized(PipelineData pipelineData)
85              throws Exception;
86  }