001package org.apache.turbine.modules.actions; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022 023import org.apache.turbine.pipeline.PipelineData; 024 025/** 026 * VelocitySecure action. 027 * 028 * Always performs a Security Check that you've defined before 029 * executing the doPerform(). You should extend this class and 030 * add the specific security check needed. If you have a number of 031 * actions that need to perform the same check, you could make a base 032 * action by extending this class and implementing the isAuthorized(). 033 * Then each action that needs to perform the same check could extend 034 * your base action. 035 * 036 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 037 * @author <a href="mailto:jon@latchkey.com">Jon S. Stevens</a> 038 * @author <a href="mailto:jvanzyl@periapt.com">Jason van Zyl</a> 039 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a> 040 * @version $Id$ 041 */ 042public abstract class VelocitySecureAction extends VelocityAction 043{ 044 /** 045 * This method overrides the method in VelocityAction to 046 * perform a security check first. 047 * 048 * @param pipelineData Turbine information. 049 * @throws Exception a generic exception. 050 */ 051 @Override 052 public void perform(PipelineData pipelineData) throws Exception 053 { 054 if (isAuthorized(pipelineData)) 055 { 056 super.perform(pipelineData); 057 } 058 } 059 060 /** 061 * Implement this method to perform the security check needed. 062 * You should set the template in this method that you want the 063 * user to be sent to if they're unauthorized. 064 * 065 * @param pipelineData Turbine information. 066 * @return True if the user is authorized to access the screen. 067 * @throws Exception a generic exception. 068 */ 069 protected abstract boolean isAuthorized(PipelineData pipelineData) throws Exception; 070}