001package org.apache.turbine.modules.screens; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022 023import org.apache.turbine.pipeline.PipelineData; 024import org.apache.turbine.services.velocity.TurbineVelocity; 025import org.apache.velocity.context.Context; 026 027/** 028 * VelocitySecureScreen 029 * 030 * Always performs a Security Check that you've defined before 031 * executing the doBuildTemplate(). You should extend this class and 032 * add the specific security check needed. If you have a number of 033 * screens that need to perform the same check, you could make a base 034 * screen by extending this class and implementing the isAuthorized(). 035 * Then each screen that needs to perform the same check could extend 036 * your base screen. 037 * 038 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 039 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 040 * @version $Id: VelocitySecureScreen.java 1706239 2015-10-01 13:18:35Z tv $ 041 */ 042public abstract class VelocitySecureScreen 043 extends VelocityScreen 044{ 045 /** 046 * Implement this to add information to the context. 047 * 048 * @param pipelineData Turbine information. 049 * @param context Context for web pages. 050 * @exception Exception, a generic exception. 051 */ 052 @Override 053 protected abstract void doBuildTemplate(PipelineData pipelineData, 054 Context context) 055 throws Exception; 056 057 /** 058 * This method overrides the method in VelocityScreen to 059 * perform a security check first. 060 * 061 * @param pipelineData Turbine information. 062 * @exception Exception, a generic exception. 063 */ 064 @Override 065 protected void doBuildTemplate(PipelineData pipelineData) 066 throws Exception 067 { 068 if (isAuthorized(pipelineData)) 069 { 070 doBuildTemplate(pipelineData, TurbineVelocity.getContext(pipelineData)); 071 } 072 } 073 074 /** 075 * Implement this method to perform the security check needed. 076 * You should set the template in this method that you want the 077 * user to be sent to if they're unauthorized. See the 078 * VelocitySecurityCheck utility. 079 * 080 * @param pipelineData Turbine information. 081 * @return True if the user is authorized to access the screen. 082 * @exception Exception, a generic exception. 083 */ 084 protected abstract boolean isAuthorized(PipelineData pipelineData) 085 throws Exception; 086}