VelocitySecureScreen xref

View Javadoc

1   package org.apache.turbine.modules.screens;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.turbine.services.velocity.TurbineVelocity;
23  import org.apache.turbine.util.RunData;
24  
25  import org.apache.velocity.context.Context;
26  
27  /***
28   * VelocitySecureScreen
29   *
30   * Always performs a Security Check that you've defined before
31   * executing the doBuildTemplate().  You should extend this class and
32   * add the specific security check needed.  If you have a number of
33   * screens that need to perform the same check, you could make a base
34   * screen by extending this class and implementing the isAuthorized().
35   * Then each screen that needs to perform the same check could extend
36   * your base screen.
37   *
38   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
39   * @version $Id: VelocitySecureScreen.java 536036 2007-05-08 00:44:53Z seade $
40   */
41  public abstract class VelocitySecureScreen
42          extends VelocityScreen
43  {
44      /***
45       * Implement this to add information to the context.
46       *
47       * @param data Turbine information.
48       * @param context Context for web pages.
49       * @exception Exception, a generic exception.
50       */
51      protected abstract void doBuildTemplate(RunData data,
52                                              Context context)
53              throws Exception;
54  
55      /***
56       * This method overrides the method in VelocityScreen to
57       * perform a security check first.
58       *
59       * @param data Turbine information.
60       * @exception Exception, a generic exception.
61       */
62      protected void doBuildTemplate(RunData data)
63          throws Exception
64      {
65          if (isAuthorized(data))
66          {
67              doBuildTemplate(data, TurbineVelocity.getContext(data));
68          }
69      }
70  
71      /***
72       * Implement this method to perform the security check needed.
73       * You should set the template in this method that you want the
74       * user to be sent to if they're unauthorized.
75       *
76       * @param data Turbine information.
77       * @return True if the user is authorized to access the screen.
78       * @exception Exception, a generic exception.
79       */
80      protected abstract boolean isAuthorized(RunData data)
81              throws Exception;
82  }