001    package org.apache.turbine.modules.actions;
002    
003    /*
004     * Licensed to the Apache Software Foundation (ASF) under one
005     * or more contributor license agreements.  See the NOTICE file
006     * distributed with this work for additional information
007     * regarding copyright ownership.  The ASF licenses this file
008     * to you under the Apache License, Version 2.0 (the
009     * "License"); you may not use this file except in compliance
010     * with the License.  You may obtain a copy of the License at
011     *
012     *   http://www.apache.org/licenses/LICENSE-2.0
013     *
014     * Unless required by applicable law or agreed to in writing,
015     * software distributed under the License is distributed on an
016     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017     * KIND, either express or implied.  See the License for the
018     * specific language governing permissions and limitations
019     * under the License.
020     */
021    
022    
023    import org.apache.turbine.pipeline.PipelineData;
024    import org.apache.turbine.util.RunData;
025    import org.apache.velocity.context.Context;
026    
027    /**
028     * VelocitySecure action.
029     *
030     * Always performs a Security Check that you've defined before
031     * executing the doBuildtemplate().  You should extend this class and
032     * add the specific security check needed.  If you have a number of
033     * screens that need to perform the same check, you could make a base
034     * screen by extending this class and implementing the isAuthorized().
035     * Then each action that needs to perform the same check could extend
036     * your base action.
037     *
038     * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
039     * @author <a href="mailto:jon@latchkey.com">Jon S. Stevens</a>
040     * @author <a href="mailto:jvanzyl@periapt.com">Jason van Zyl</a>
041     * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
042     * @version $Id: VelocitySecureAction.java 1066529 2011-02-02 17:01:46Z ludwig $
043     */
044    public abstract class VelocitySecureAction extends VelocityAction
045    {
046        /**
047         * Implement this to add information to the context.
048         *
049         * @deprecated Use the PipelineData version instead.
050         * @param data Turbine information.
051         * @param context Context for web pages.
052         * @throws Exception a generic exception.
053         */
054        @Deprecated
055        @Override
056        public abstract void doPerform(RunData data, Context context)
057                throws Exception;
058    
059        /**
060         * Implement this to add information to the context.
061         * Should revert to abstract when RunData has gone.
062         * @param data Turbine information.
063         * @param context Context for web pages.
064         * @throws Exception a generic exception.
065         */
066        @Override
067        public void doPerform(PipelineData pipelineData, Context context)
068                throws Exception
069        {
070            RunData data = getRunData(pipelineData);
071            doPerform(data, context);
072        }
073    
074    
075        /**
076         * This method overrides the method in WebMacroSiteAction to
077         * perform a security check first.
078         *
079         * @deprecated Use PipelineData version instead.
080         * @param data Turbine information.
081         * @throws Exception a generic exception.
082         */
083        @Deprecated
084        @Override
085        protected void perform(RunData data) throws Exception
086        {
087            if (isAuthorized(data))
088            {
089                super.perform(data);
090            }
091        }
092    
093        /**
094         * This method overrides the method in WebMacroSiteAction to
095         * perform a security check first.
096         *
097         * @param data Turbine information.
098         * @throws Exception a generic exception.
099         */
100        @Override
101        protected void perform(PipelineData pipelineData) throws Exception
102        {
103            if (isAuthorized(pipelineData))
104            {
105                super.perform(pipelineData);
106            }
107        }
108    
109    
110    
111    
112        /**
113         * Implement this method to perform the security check needed.
114         * You should set the template in this method that you want the
115         * user to be sent to if they're unauthorized.
116         *
117         * @deprecated Use PipelineData version instead.
118         * @param data Turbine information.
119         * @return True if the user is authorized to access the screen.
120         * @throws Exception a generic exception.
121         */
122        @Deprecated
123        protected abstract boolean isAuthorized(RunData data)
124                throws Exception;
125    
126        /**
127         * Implement this method to perform the security check needed.
128         * You should set the template in this method that you want the
129         * user to be sent to if they're unauthorized.
130         * Should revert to abstract when RunData has gone.
131         * @param data Turbine information.
132         * @return True if the user is authorized to access the screen.
133         * @throws Exception a generic exception.
134         */
135        protected boolean isAuthorized(PipelineData pipelineData)
136                throws Exception
137        {
138            RunData data = getRunData(pipelineData);
139            return isAuthorized(data);
140        }
141    
142    }