org.apache.turbine.modules.screens
Class JSONSecureScreen

java.lang.Object
  extended by org.apache.turbine.modules.Assembler
      extended by org.apache.turbine.modules.Screen
          extended by org.apache.turbine.modules.screens.RawScreen
              extended by org.apache.turbine.modules.screens.JSONScreen
                  extended by org.apache.turbine.modules.screens.JSONSecureScreen

public abstract class JSONSecureScreen
extends JSONScreen

An extension to JSONScreen that performs a Security Check before invoking doBuildTemplate(). You should extend this class and add the specific security check needed. If you have a number of screens that need to perform the same check, you could make a base screen by extending this class and implementing the isAuthorized(). Then each screen that needs to perform the same check could extend your base screen.

Typically you would extend this class and override the doOutput() method to use TurbineJsonRpc to register the POJOs that will provide the functions you are making available via JSON-RPC. Use JSONScreen if you

do not need the user to be logged in prior to executing the functions you provide.

Here is an example from a superclass: public void doOutput(RunData data) throws Exception { User user = data.getUser(); MySecureJsonFunctions myFunctions = new MySecureJsonFunctions(user.getName()); // Session specific TurbineJsonRpc.registerObject(data.getSession(), "myFunctions", myFunctions); // Global //TurbineJsonRpc.registerObjectGlobal("testGlobal", testObject); super.doOutput(data); }

The class MyFunctions would be something like: public class MySecureJsonFunctions { private final String name; public MySecureJsonFunctions(String name) { this.name = name; } private String getName(String clientParameter) { return "Client " + clientParameter + " says Hello World to " + name; } }

Version:
$Id: JSONSecureScreen.java 958672 2010-06-28 18:42:04Z tv $
Author:
Scott Eade

Field Summary
 
Fields inherited from class org.apache.turbine.modules.screens.JSONScreen
BUFFER_SIZE, JSONRPC_CONTENT_TYPE
 
Fields inherited from class org.apache.turbine.modules.Screen
CACHE_SIZE_DEFAULT, CACHE_SIZE_KEY, NAME, PREFIX
 
Constructor Summary
JSONSecureScreen()
           
 
Method Summary
protected  void doOutput(PipelineData pipelineData)
          This method overrides the method in JSONScreen to perform a security check prior to producing the output.
protected  void doOutput(RunData data)
          Deprecated. Use PipelineData version instead.
protected abstract  boolean isAuthorized(PipelineData pipelineData)
          Override this method to perform the necessary security checks.
protected abstract  boolean isAuthorized(RunData data)
          Deprecated. Use PipelineData version instead.
 
Methods inherited from class org.apache.turbine.modules.screens.JSONScreen
getContentType, getContentType
 
Methods inherited from class org.apache.turbine.modules.screens.RawScreen
doBuild, doBuild, getLayout, getLayout
 
Methods inherited from class org.apache.turbine.modules.Screen
build, build, getPrefix, prepareText, prepareTextMinimum, setLayout, setLayout
 
Methods inherited from class org.apache.turbine.modules.Assembler
getRunData
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JSONSecureScreen

public JSONSecureScreen()
Method Detail

doOutput

protected void doOutput(RunData data)
                 throws Exception
Deprecated. Use PipelineData version instead.

This method overrides the method in JSONScreen to perform a security check prior to producing the output.

Overrides:
doOutput in class JSONScreen
Parameters:
data - Turbine information.
Throws:
Exception, - a generic exception.
Exception

isAuthorized

protected abstract boolean isAuthorized(RunData data)
                                 throws Exception
Deprecated. Use PipelineData version instead.

Override this method to perform the necessary security checks.

Parameters:
data - Turbine information.
Returns:
true if the user is authorized to access the screen.
Throws:
Exception - A generic exception.

doOutput

protected void doOutput(PipelineData pipelineData)
                 throws Exception
This method overrides the method in JSONScreen to perform a security check prior to producing the output.

Overrides:
doOutput in class RawScreen
Parameters:
pipelineData - Turbine information.
Throws:
Exception, - a generic exception.
Exception

isAuthorized

protected abstract boolean isAuthorized(PipelineData pipelineData)
                                 throws Exception
Override this method to perform the necessary security checks.

Parameters:
pipelineData - Turbine information.
Returns:
true if the user is authorized to access the screen.
Throws:
Exception - A generic exception.


Copyright © 2000-2011 The Apache Software Foundation. All Rights Reserved.