View Javadoc
1   package org.apache.turbine.modules.screens;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.turbine.pipeline.PipelineData;
23  
24  /**
25   * An extension to JSONScreen that performs a Security Check before invoking
26   * doBuildTemplate().  You should extend this class and add the specific
27   * security check needed.  If you have a number of screens that need to perform
28   * the same check, you could make a base screen by extending this class and
29   * implementing the isAuthorized().  Then each screen that needs to perform the
30   * same check could extend your base screen.
31   *
32   * <p>Typically you would extend this class and override the doOutput() method
33   * to use TurbineJsonRpc to register the POJOs that will provide the functions
34   * you are making available via JSON-RPC.  Use JSONScreen if you <b>do not</b>
35   * need the user to be logged in prior to executing the functions you provide.</p>
36   *
37   * <p>Here is an example from a superclass:
38   * <code>
39   * public void doOutput(PipelineData data) throws Exception
40   * {
41   *     User user = data.getUser();
42   *
43   *     MySecureJsonFunctions myFunctions
44   *             = new MySecureJsonFunctions(user.getName());
45   *
46   *     // Session specific
47   *     TurbineJsonRpc.registerObject(data.getSession(), "myFunctions", myFunctions);
48   *
49   *     // Global
50   *     //TurbineJsonRpc.registerObjectGlobal("testGlobal", testObject);
51   *
52   *     super.doOutput(data);
53   * }
54   * </code></p>
55   *
56   * <p>The class MyFunctions would be something like:
57   * <code>
58   * public class MySecureJsonFunctions
59   * {
60   *     private final String name;
61   *
62   *     public MySecureJsonFunctions(String name)
63   *     {
64   *         this.name = name;
65   *     }
66   *
67   *     private String getName(String clientParameter)
68   *     {
69   *         return "Client " + clientParameter + " says Hello World to " + name;
70   *     }
71   * }
72   * </code></p>
73   *
74   * @author <a href="mailto:seade@policypoint.net">Scott Eade</a>
75   * @version $Id$
76   */
77  public abstract class JSONSecureScreen extends JSONScreen
78  {
79      /**
80       * This method overrides the method in JSONScreen to perform a security
81       * check prior to producing the output.
82       *
83       * @param pipelineData Turbine information.
84       * @throws Exception a generic exception.
85       */
86      @Override
87      protected void doOutput(PipelineData pipelineData) throws Exception
88      {
89          if (isAuthorized(pipelineData))
90          {
91              super.doOutput(pipelineData);
92          }
93      }
94  
95      /**
96       * Override this method to perform the necessary security checks.
97       *
98       * @param pipelineData Turbine information.
99       * @return <code>true</code> if the user is authorized to access the screen.
100      * @throws Exception A generic exception.
101      */
102     protected abstract boolean isAuthorized(PipelineData pipelineData)
103             throws Exception;
104 }