1 package org.apache.turbine.modules.screens; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 22 23 import org.apache.turbine.pipeline.PipelineData; 24 import org.apache.turbine.services.velocity.TurbineVelocity; 25 import org.apache.turbine.util.RunData; 26 27 import org.apache.velocity.context.Context; 28 29 /** 30 * VelocitySecureScreen 31 * 32 * Always performs a Security Check that you've defined before 33 * executing the doBuildTemplate(). You should extend this class and 34 * add the specific security check needed. If you have a number of 35 * screens that need to perform the same check, you could make a base 36 * screen by extending this class and implementing the isAuthorized(). 37 * Then each screen that needs to perform the same check could extend 38 * your base screen. 39 * 40 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 41 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 42 * @version $Id: VelocitySecureScreen.java 938645 2010-04-27 20:57:51Z tv $ 43 */ 44 public abstract class VelocitySecureScreen 45 extends VelocityScreen 46 { 47 /** 48 * Implement this to add information to the context. 49 * 50 * @deprecated Use PipelineData version instead. 51 * @param data Turbine information. 52 * @param context Context for web pages. 53 * @exception Exception, a generic exception. 54 */ 55 protected abstract void doBuildTemplate(RunData data, 56 Context context) 57 throws Exception; 58 59 /** 60 * Implement this to add information to the context. 61 * 62 * @param data Turbine information. 63 * @param context Context for web pages. 64 * @exception Exception, a generic exception. 65 */ 66 protected void doBuildTemplate(PipelineData pipelineData, 67 Context context) 68 throws Exception 69 { 70 RunData data = getRunData(pipelineData); 71 doBuildTemplate(data); 72 } 73 74 75 /** 76 * This method overrides the method in VelocityScreen to 77 * perform a security check first. 78 * 79 * @deprecated Use PipelineData version instead. 80 * @param data Turbine information. 81 * @exception Exception, a generic exception. 82 */ 83 protected void doBuildTemplate(RunData data) 84 throws Exception 85 { 86 if (isAuthorized(data)) 87 { 88 doBuildTemplate(data, TurbineVelocity.getContext(data)); 89 } 90 } 91 92 /** 93 * This method overrides the method in VelocityScreen to 94 * perform a security check first. 95 * 96 * @param data Turbine information. 97 * @exception Exception, a generic exception. 98 */ 99 protected void doBuildTemplate(PipelineData pipelineData) 100 throws Exception 101 { 102 if (isAuthorized(pipelineData)) 103 { 104 doBuildTemplate(pipelineData, TurbineVelocity.getContext(pipelineData)); 105 } 106 } 107 108 109 110 /** 111 * Implement this method to perform the security check needed. 112 * You should set the template in this method that you want the 113 * user to be sent to if they're unauthorized. 114 * 115 * @deprecated Use PipelineData version instead. 116 * @param data Turbine information. 117 * @return True if the user is authorized to access the screen. 118 * @exception Exception, a generic exception. 119 */ 120 protected abstract boolean isAuthorized(RunData data) 121 throws Exception; 122 123 /** 124 * Implement this method to perform the security check needed. 125 * You should set the template in this method that you want the 126 * user to be sent to if they're unauthorized. See the 127 * VelocitySecurityCheck utility. 128 * 129 * @param data Turbine information. 130 * @return True if the user is authorized to access the screen. 131 * @exception Exception, a generic exception. 132 */ 133 protected boolean isAuthorized(PipelineData pipelineData) 134 throws Exception 135 { 136 RunData data = getRunData(pipelineData); 137 return isAuthorized(data); 138 } 139 140 141 142 }