001 package org.apache.turbine.modules.actions; 002 003 /* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022 023 import org.apache.turbine.pipeline.PipelineData; 024 import org.apache.turbine.util.RunData; 025 import org.apache.velocity.context.Context; 026 027 /** 028 * VelocitySecure action. 029 * 030 * Always performs a Security Check that you've defined before 031 * executing the doBuildtemplate(). You should extend this class and 032 * add the specific security check needed. If you have a number of 033 * screens that need to perform the same check, you could make a base 034 * screen by extending this class and implementing the isAuthorized(). 035 * Then each action that needs to perform the same check could extend 036 * your base action. 037 * 038 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 039 * @author <a href="mailto:jon@latchkey.com">Jon S. Stevens</a> 040 * @author <a href="mailto:jvanzyl@periapt.com">Jason van Zyl</a> 041 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 042 * @version $Id: VelocitySecureAction.java 1066529 2011-02-02 17:01:46Z ludwig $ 043 */ 044 public abstract class VelocitySecureAction extends VelocityAction 045 { 046 /** 047 * Implement this to add information to the context. 048 * 049 * @deprecated Use the PipelineData version instead. 050 * @param data Turbine information. 051 * @param context Context for web pages. 052 * @throws Exception a generic exception. 053 */ 054 @Deprecated 055 @Override 056 public abstract void doPerform(RunData data, Context context) 057 throws Exception; 058 059 /** 060 * Implement this to add information to the context. 061 * Should revert to abstract when RunData has gone. 062 * @param data Turbine information. 063 * @param context Context for web pages. 064 * @throws Exception a generic exception. 065 */ 066 @Override 067 public void doPerform(PipelineData pipelineData, Context context) 068 throws Exception 069 { 070 RunData data = getRunData(pipelineData); 071 doPerform(data, context); 072 } 073 074 075 /** 076 * This method overrides the method in WebMacroSiteAction to 077 * perform a security check first. 078 * 079 * @deprecated Use PipelineData version instead. 080 * @param data Turbine information. 081 * @throws Exception a generic exception. 082 */ 083 @Deprecated 084 @Override 085 protected void perform(RunData data) throws Exception 086 { 087 if (isAuthorized(data)) 088 { 089 super.perform(data); 090 } 091 } 092 093 /** 094 * This method overrides the method in WebMacroSiteAction to 095 * perform a security check first. 096 * 097 * @param data Turbine information. 098 * @throws Exception a generic exception. 099 */ 100 @Override 101 protected void perform(PipelineData pipelineData) throws Exception 102 { 103 if (isAuthorized(pipelineData)) 104 { 105 super.perform(pipelineData); 106 } 107 } 108 109 110 111 112 /** 113 * Implement this method to perform the security check needed. 114 * You should set the template in this method that you want the 115 * user to be sent to if they're unauthorized. 116 * 117 * @deprecated Use PipelineData version instead. 118 * @param data Turbine information. 119 * @return True if the user is authorized to access the screen. 120 * @throws Exception a generic exception. 121 */ 122 @Deprecated 123 protected abstract boolean isAuthorized(RunData data) 124 throws Exception; 125 126 /** 127 * Implement this method to perform the security check needed. 128 * You should set the template in this method that you want the 129 * user to be sent to if they're unauthorized. 130 * Should revert to abstract when RunData has gone. 131 * @param data Turbine information. 132 * @return True if the user is authorized to access the screen. 133 * @throws Exception a generic exception. 134 */ 135 protected boolean isAuthorized(PipelineData pipelineData) 136 throws Exception 137 { 138 RunData data = getRunData(pipelineData); 139 return isAuthorized(data); 140 } 141 142 }