001package org.apache.turbine.modules.screens;
002
003/*
004 * Licensed to the Apache Software Foundation (ASF) under one
005 * or more contributor license agreements.  See the NOTICE file
006 * distributed with this work for additional information
007 * regarding copyright ownership.  The ASF licenses this file
008 * to you under the Apache License, Version 2.0 (the
009 * "License"); you may not use this file except in compliance
010 * with the License.  You may obtain a copy of the License at
011 *
012 *   http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing,
015 * software distributed under the License is distributed on an
016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017 * KIND, either express or implied.  See the License for the
018 * specific language governing permissions and limitations
019 * under the License.
020 */
021
022
023import org.apache.turbine.pipeline.PipelineData;
024import org.apache.turbine.services.velocity.TurbineVelocity;
025import org.apache.velocity.context.Context;
026
027/**
028 * VelocitySecureScreen
029 *
030 * Always performs a Security Check that you've defined before
031 * executing the doBuildTemplate().  You should extend this class and
032 * add the specific security check needed.  If you have a number of
033 * screens that need to perform the same check, you could make a base
034 * screen by extending this class and implementing the isAuthorized().
035 * Then each screen that needs to perform the same check could extend
036 * your base screen.
037 *
038 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
039 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
040 * @version $Id: VelocitySecureScreen.java 1706239 2015-10-01 13:18:35Z tv $
041 */
042public abstract class VelocitySecureScreen
043        extends VelocityScreen
044{
045    /**
046     * Implement this to add information to the context.
047     *
048     * @param pipelineData Turbine information.
049     * @param context Context for web pages.
050     * @exception Exception, a generic exception.
051     */
052    @Override
053    protected abstract void doBuildTemplate(PipelineData pipelineData,
054                                            Context context)
055            throws Exception;
056
057    /**
058     * This method overrides the method in VelocityScreen to
059     * perform a security check first.
060     *
061     * @param pipelineData Turbine information.
062     * @exception Exception, a generic exception.
063     */
064    @Override
065    protected void doBuildTemplate(PipelineData pipelineData)
066        throws Exception
067    {
068        if (isAuthorized(pipelineData))
069        {
070            doBuildTemplate(pipelineData, TurbineVelocity.getContext(pipelineData));
071        }
072    }
073
074    /**
075     * Implement this method to perform the security check needed.
076     * You should set the template in this method that you want the
077     * user to be sent to if they're unauthorized.  See the
078     * VelocitySecurityCheck utility.
079     *
080     * @param pipelineData Turbine information.
081     * @return True if the user is authorized to access the screen.
082     * @exception Exception, a generic exception.
083     */
084    protected abstract boolean isAuthorized(PipelineData pipelineData)
085            throws Exception;
086}