001 package org.apache.turbine.modules.screens; 002 003 /* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022 import org.apache.turbine.pipeline.PipelineData; 023 import org.apache.turbine.util.RunData; 024 025 /** 026 * An extension to JSONScreen that performs a Security Check before invoking 027 * doBuildTemplate(). You should extend this class and add the specific 028 * security check needed. If you have a number of screens that need to perform 029 * the same check, you could make a base screen by extending this class and 030 * implementing the isAuthorized(). Then each screen that needs to perform the 031 * same check could extend your base screen. 032 * 033 * <p>Typically you would extend this class and override the doOutput() method 034 * to use TurbineJsonRpc to register the POJOs that will provide the functions 035 * you are making available via JSON-RPC. Use JSONScreen if you <p>do not</b> 036 * need the user to be logged in prior to executing the functions you provide. 037 * 038 * <p>Here is an example from a superclass: 039 * <code> 040 * public void doOutput(RunData data) throws Exception 041 * { 042 * User user = data.getUser(); 043 * 044 * MySecureJsonFunctions myFunctions 045 * = new MySecureJsonFunctions(user.getName()); 046 * 047 * // Session specific 048 * TurbineJsonRpc.registerObject(data.getSession(), "myFunctions", myFunctions); 049 * 050 * // Global 051 * //TurbineJsonRpc.registerObjectGlobal("testGlobal", testObject); 052 * 053 * super.doOutput(data); 054 * } 055 * </code> 056 * 057 * <p>The class MyFunctions would be something like: 058 * <code> 059 * public class MySecureJsonFunctions 060 * { 061 * private final String name; 062 * 063 * public MySecureJsonFunctions(String name) 064 * { 065 * this.name = name; 066 * } 067 * 068 * private String getName(String clientParameter) 069 * { 070 * return "Client " + clientParameter + " says Hello World to " + name; 071 * } 072 * } 073 * </code> 074 * 075 * @author <a href="mailto:seade@policypoint.net">Scott Eade</a> 076 * @version $Id: JSONSecureScreen.java 958672 2010-06-28 18:42:04Z tv $ 077 */ 078 public abstract class JSONSecureScreen extends JSONScreen 079 { 080 /** 081 * This method overrides the method in JSONScreen to perform a security 082 * check prior to producing the output. 083 * 084 * @param data Turbine information. 085 * @exception Exception, a generic exception. 086 * @deprecated Use PipelineData version instead. 087 */ 088 protected void doOutput(RunData data) throws Exception 089 { 090 if (isAuthorized(data)) 091 { 092 super.doOutput(data); 093 } 094 } 095 096 /** 097 * Override this method to perform the necessary security checks. 098 * 099 * @param data Turbine information. 100 * @return <code>true</code> if the user is authorized to access the screen. 101 * @exception Exception A generic exception. 102 * @deprecated Use PipelineData version instead. 103 */ 104 protected abstract boolean isAuthorized(RunData data) 105 throws Exception; 106 107 /** 108 * This method overrides the method in JSONScreen to perform a security 109 * check prior to producing the output. 110 * 111 * @param pipelineData Turbine information. 112 * @exception Exception, a generic exception. 113 */ 114 protected void doOutput(PipelineData pipelineData) throws Exception 115 { 116 if (isAuthorized(pipelineData)) 117 { 118 super.doOutput(pipelineData); 119 } 120 } 121 122 /** 123 * Override this method to perform the necessary security checks. 124 * 125 * @param pipelineData Turbine information. 126 * @return <code>true</code> if the user is authorized to access the screen. 127 * @exception Exception A generic exception. 128 */ 129 protected abstract boolean isAuthorized(PipelineData pipelineData) 130 throws Exception; 131 }