1 package org.apache.turbine.modules.screens;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22
23 import org.apache.turbine.pipeline.PipelineData;
24 import org.apache.velocity.context.Context;
25
26 /**
27 * VelocitySecureScreen
28 *
29 * Always performs a Security Check that you've defined before
30 * executing the doBuildTemplate(). You should extend this class and
31 * add the specific security check needed. If you have a number of
32 * screens that need to perform the same check, you could make a base
33 * screen by extending this class and implementing the isAuthorized().
34 * Then each screen that needs to perform the same check could extend
35 * your base screen.
36 *
37 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
38 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
39 * @version $Id: VelocitySecureScreen.java 1773378 2016-12-09 13:19:59Z tv $
40 */
41 public abstract class VelocitySecureScreen
42 extends VelocityScreen
43 {
44 /**
45 * Implement this to add information to the context.
46 *
47 * @param pipelineData Turbine information.
48 * @param context Context for web pages.
49 * @throws Exception a generic exception.
50 */
51 @Override
52 protected abstract void doBuildTemplate(PipelineData pipelineData,
53 Context context)
54 throws Exception;
55
56 /**
57 * This method overrides the method in VelocityScreen to
58 * perform a security check first.
59 *
60 * @param pipelineData Turbine information.
61 * @throws Exception a generic exception.
62 */
63 @Override
64 protected void doBuildTemplate(PipelineData pipelineData)
65 throws Exception
66 {
67 if (isAuthorized(pipelineData))
68 {
69 doBuildTemplate(pipelineData, velocity.getContext(pipelineData));
70 }
71 }
72
73 /**
74 * Implement this method to perform the security check needed.
75 * You should set the template in this method that you want the
76 * user to be sent to if they're unauthorized. See the
77 * VelocitySecurityCheck utility.
78 *
79 * @param pipelineData Turbine information.
80 * @return True if the user is authorized to access the screen.
81 * @throws Exception a generic exception.
82 */
83 protected abstract boolean isAuthorized(PipelineData pipelineData)
84 throws Exception;
85 }