1 package org.apache.turbine.modules.screens; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 22 23 import org.apache.turbine.pipeline.PipelineData; 24 import org.apache.turbine.services.velocity.TurbineVelocity; 25 import org.apache.velocity.context.Context; 26 27 /** 28 * VelocitySecureScreen 29 * 30 * Always performs a Security Check that you've defined before 31 * executing the doBuildTemplate(). You should extend this class and 32 * add the specific security check needed. If you have a number of 33 * screens that need to perform the same check, you could make a base 34 * screen by extending this class and implementing the isAuthorized(). 35 * Then each screen that needs to perform the same check could extend 36 * your base screen. 37 * 38 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 39 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 40 * @version $Id: VelocitySecureScreen.java 1706239 2015-10-01 13:18:35Z tv $ 41 */ 42 public abstract class VelocitySecureScreen 43 extends VelocityScreen 44 { 45 /** 46 * Implement this to add information to the context. 47 * 48 * @param pipelineData Turbine information. 49 * @param context Context for web pages. 50 * @exception Exception, a generic exception. 51 */ 52 @Override 53 protected abstract void doBuildTemplate(PipelineData pipelineData, 54 Context context) 55 throws Exception; 56 57 /** 58 * This method overrides the method in VelocityScreen to 59 * perform a security check first. 60 * 61 * @param pipelineData Turbine information. 62 * @exception Exception, a generic exception. 63 */ 64 @Override 65 protected void doBuildTemplate(PipelineData pipelineData) 66 throws Exception 67 { 68 if (isAuthorized(pipelineData)) 69 { 70 doBuildTemplate(pipelineData, TurbineVelocity.getContext(pipelineData)); 71 } 72 } 73 74 /** 75 * Implement this method to perform the security check needed. 76 * You should set the template in this method that you want the 77 * user to be sent to if they're unauthorized. See the 78 * VelocitySecurityCheck utility. 79 * 80 * @param pipelineData Turbine information. 81 * @return True if the user is authorized to access the screen. 82 * @exception Exception, a generic exception. 83 */ 84 protected abstract boolean isAuthorized(PipelineData pipelineData) 85 throws Exception; 86 }