1 package org.apache.turbine.modules.screens;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22
23 import org.apache.turbine.pipeline.PipelineData;
24 import org.apache.turbine.services.velocity.TurbineVelocity;
25 import org.apache.velocity.context.Context;
26
27 /**
28 * VelocitySecureScreen
29 *
30 * Always performs a Security Check that you've defined before
31 * executing the doBuildTemplate(). You should extend this class and
32 * add the specific security check needed. If you have a number of
33 * screens that need to perform the same check, you could make a base
34 * screen by extending this class and implementing the isAuthorized().
35 * Then each screen that needs to perform the same check could extend
36 * your base screen.
37 *
38 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
39 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
40 * @version $Id: VelocitySecureScreen.java 1706239 2015-10-01 13:18:35Z tv $
41 */
42 public abstract class VelocitySecureScreen
43 extends VelocityScreen
44 {
45 /**
46 * Implement this to add information to the context.
47 *
48 * @param pipelineData Turbine information.
49 * @param context Context for web pages.
50 * @exception Exception, a generic exception.
51 */
52 @Override
53 protected abstract void doBuildTemplate(PipelineData pipelineData,
54 Context context)
55 throws Exception;
56
57 /**
58 * This method overrides the method in VelocityScreen to
59 * perform a security check first.
60 *
61 * @param pipelineData Turbine information.
62 * @exception Exception, a generic exception.
63 */
64 @Override
65 protected void doBuildTemplate(PipelineData pipelineData)
66 throws Exception
67 {
68 if (isAuthorized(pipelineData))
69 {
70 doBuildTemplate(pipelineData, TurbineVelocity.getContext(pipelineData));
71 }
72 }
73
74 /**
75 * Implement this method to perform the security check needed.
76 * You should set the template in this method that you want the
77 * user to be sent to if they're unauthorized. See the
78 * VelocitySecurityCheck utility.
79 *
80 * @param pipelineData Turbine information.
81 * @return True if the user is authorized to access the screen.
82 * @exception Exception, a generic exception.
83 */
84 protected abstract boolean isAuthorized(PipelineData pipelineData)
85 throws Exception;
86 }