View Javadoc
1   package org.apache.turbine.modules.screens;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import java.lang.reflect.Method;
23  
24  import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
25  import org.apache.turbine.annotation.AnnotationProcessor;
26  import org.apache.turbine.annotation.AnnotationProcessor.ConditionType;
27  import org.apache.turbine.annotation.TurbineRequiredRole;
28  import org.apache.turbine.pipeline.PipelineData;
29  import org.apache.turbine.util.RunData;
30  
31  public class PlainJSONSecureAnnotatedScreen extends PlainJSONScreen
32  {
33  
34      /**
35       * This method overrides the method in JSONScreen to perform a security
36       * check prior to producing the output.
37       *
38       * @param pipelineData Turbine information.
39       * @throws Exception a generic exception.
40       */
41      @Override
42      public void doOutput(PipelineData pipelineData) throws Exception
43      {
44          if (isAuthorized(pipelineData))
45          {
46              super.doOutput(pipelineData);
47          }
48      }
49  
50      /**
51       * Use this method to perform the necessary security check with Turbine annotations {@link TurbineRequiredRole} in
52       * a newly overridden {@link #doOutput(PipelineData)} method.
53       *
54       * @param pipelineData Turbine information.
55       * @return <code>true</code> if the user is authorized to access the screen, by default it is required ACL is populated.
56       * If {@link TurbineRequiredRole} is not set, it is allowed by default
57       * @throws Exception A generic exception.
58       */
59      protected boolean isAuthorized(PipelineData pipelineData) throws Exception {
60          RunData data = pipelineData.getRunData();
61          Method[] methods = getClass().getMethods();
62          for (Method m : methods) {
63              if (m.getName().equals( "doOutput" )) {
64                  if ((TurbineAccessControlList)data.getACL() == null) return false;
65                  return AnnotationProcessor.isAuthorized( m, (TurbineAccessControlList)data.getACL(), ConditionType.ANY );
66              }
67          }
68          return false;
69      }
70  }