1 package org.apache.turbine.modules.actions; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 22 23 import org.apache.turbine.pipeline.PipelineData; 24 import org.apache.turbine.util.RunData; 25 import org.apache.velocity.context.Context; 26 27 /** 28 * VelocitySecure action. 29 * 30 * Always performs a Security Check that you've defined before 31 * executing the doBuildtemplate(). You should extend this class and 32 * add the specific security check needed. If you have a number of 33 * screens that need to perform the same check, you could make a base 34 * screen by extending this class and implementing the isAuthorized(). 35 * Then each action that needs to perform the same check could extend 36 * your base action. 37 * 38 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 39 * @author <a href="mailto:jon@latchkey.com">Jon S. Stevens</a> 40 * @author <a href="mailto:jvanzyl@periapt.com">Jason van Zyl</a> 41 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 42 * @version $Id: VelocitySecureAction.java 1066529 2011-02-02 17:01:46Z ludwig $ 43 */ 44 public abstract class VelocitySecureAction extends VelocityAction 45 { 46 /** 47 * Implement this to add information to the context. 48 * 49 * @deprecated Use the PipelineData version instead. 50 * @param data Turbine information. 51 * @param context Context for web pages. 52 * @throws Exception a generic exception. 53 */ 54 @Deprecated 55 @Override 56 public abstract void doPerform(RunData data, Context context) 57 throws Exception; 58 59 /** 60 * Implement this to add information to the context. 61 * Should revert to abstract when RunData has gone. 62 * @param data Turbine information. 63 * @param context Context for web pages. 64 * @throws Exception a generic exception. 65 */ 66 @Override 67 public void doPerform(PipelineData pipelineData, Context context) 68 throws Exception 69 { 70 RunData data = getRunData(pipelineData); 71 doPerform(data, context); 72 } 73 74 75 /** 76 * This method overrides the method in WebMacroSiteAction to 77 * perform a security check first. 78 * 79 * @deprecated Use PipelineData version instead. 80 * @param data Turbine information. 81 * @throws Exception a generic exception. 82 */ 83 @Deprecated 84 @Override 85 protected void perform(RunData data) throws Exception 86 { 87 if (isAuthorized(data)) 88 { 89 super.perform(data); 90 } 91 } 92 93 /** 94 * This method overrides the method in WebMacroSiteAction to 95 * perform a security check first. 96 * 97 * @param data Turbine information. 98 * @throws Exception a generic exception. 99 */ 100 @Override 101 protected void perform(PipelineData pipelineData) throws Exception 102 { 103 if (isAuthorized(pipelineData)) 104 { 105 super.perform(pipelineData); 106 } 107 } 108 109 110 111 112 /** 113 * Implement this method to perform the security check needed. 114 * You should set the template in this method that you want the 115 * user to be sent to if they're unauthorized. 116 * 117 * @deprecated Use PipelineData version instead. 118 * @param data Turbine information. 119 * @return True if the user is authorized to access the screen. 120 * @throws Exception a generic exception. 121 */ 122 @Deprecated 123 protected abstract boolean isAuthorized(RunData data) 124 throws Exception; 125 126 /** 127 * Implement this method to perform the security check needed. 128 * You should set the template in this method that you want the 129 * user to be sent to if they're unauthorized. 130 * Should revert to abstract when RunData has gone. 131 * @param data Turbine information. 132 * @return True if the user is authorized to access the screen. 133 * @throws Exception a generic exception. 134 */ 135 protected boolean isAuthorized(PipelineData pipelineData) 136 throws Exception 137 { 138 RunData data = getRunData(pipelineData); 139 return isAuthorized(data); 140 } 141 142 }