View Javadoc
1   package org.apache.turbine.modules.screens;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  
23  import org.apache.turbine.pipeline.PipelineData;
24  import org.apache.velocity.context.Context;
25  
26  /**
27   * VelocitySecureScreen
28   *
29   * Always performs a Security Check that you've defined before
30   * executing the doBuildTemplate().  You should extend this class and
31   * add the specific security check needed.  If you have a number of
32   * screens that need to perform the same check, you could make a base
33   * screen by extending this class and implementing the isAuthorized().
34   * Then each screen that needs to perform the same check could extend
35   * your base screen.
36   *
37   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
38   * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
39   * @version $Id$
40   */
41  public abstract class VelocitySecureScreen
42          extends VelocityScreen
43  {
44      /**
45       * Implement this to add information to the context.
46       *
47       * @param pipelineData Turbine information.
48       * @param context Context for web pages.
49       * @throws Exception a generic exception.
50       */
51      @Override
52      protected abstract void doBuildTemplate(PipelineData pipelineData,
53                                              Context context)
54              throws Exception;
55  
56      /**
57       * This method overrides the method in VelocityScreen to
58       * perform a security check first.
59       *
60       * @param pipelineData Turbine information.
61       * @throws Exception a generic exception.
62       */
63      @Override
64      protected void doBuildTemplate(PipelineData pipelineData)
65          throws Exception
66      {
67          if (isAuthorized(pipelineData))
68          {
69              doBuildTemplate(pipelineData, velocity.getContext(pipelineData));
70          }
71      }
72  
73      /**
74       * Implement this method to perform the security check needed.
75       * You should set the template in this method that you want the
76       * user to be sent to if they're unauthorized.  See the
77       * VelocitySecurityCheck utility.
78       *
79       * @param pipelineData Turbine information.
80       * @return True if the user is authorized to access the screen.
81       * @throws Exception a generic exception.
82       */
83      protected abstract boolean isAuthorized(PipelineData pipelineData)
84              throws Exception;
85  }