001: package org.apache.turbine.modules.screens;
002:
003: /*
004: * Licensed to the Apache Software Foundation (ASF) under one
005: * or more contributor license agreements. See the NOTICE file
006: * distributed with this work for additional information
007: * regarding copyright ownership. The ASF licenses this file
008: * to you under the Apache License, Version 2.0 (the
009: * "License"); you may not use this file except in compliance
010: * with the License. You may obtain a copy of the License at
011: *
012: * http://www.apache.org/licenses/LICENSE-2.0
013: *
014: * Unless required by applicable law or agreed to in writing,
015: * software distributed under the License is distributed on an
016: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017: * KIND, either express or implied. See the License for the
018: * specific language governing permissions and limitations
019: * under the License.
020: */
021:
022: import org.apache.turbine.modules.screens.JSONScreen;
023: import org.apache.turbine.util.RunData;
024:
025: /**
026: * An extension to JSONScreen that performs a Security Check before invoking
027: * doBuildTemplate(). You should extend this class and add the specific
028: * security check needed. If you have a number of screens that need to perform
029: * the same check, you could make a base screen by extending this class and
030: * implementing the isAuthorized(). Then each screen that needs to perform the
031: * same check could extend your base screen.
032: *
033: * <p>Typically you would extend this class and override the doOutput() method
034: * to use TurbineJsonRpc to register the POJOs that will provide the functions
035: * you are making available via JSON-RPC. Use JSONScreen if you <p>do not</b>
036: * need the user to be logged in prior to executing the functions you provide.
037: *
038: * <p>Here is an example from a superclass:
039: * <code>
040: * public void doOutput(RunData data) throws Exception
041: * {
042: * User user = data.getUser();
043: *
044: * MySecureJsonFunctions myFunctions
045: * = new MySecureJsonFunctions(user.getName());
046: *
047: * // Session specific
048: * TurbineJsonRpc.registerObject(data.getSession(), "myFunctions", myFunctions);
049: *
050: * // Global
051: * //TurbineJsonRpc.registerObjectGlobal("testGlobal", testObject);
052: *
053: * super.doOutput(data);
054: * }
055: * </code>
056: *
057: * <p>The class MyFunctions would be something like:
058: * <code>
059: * public class MySecureJsonFunctions
060: * {
061: * private final String name;
062: *
063: * public MySecureJsonFunctions(String name)
064: * {
065: * this.name = name;
066: * }
067: *
068: * private String getName(String clientParameter)
069: * {
070: * return "Client " + clientParameter + " says Hello World to " + name;
071: * }
072: * }
073: * </code>
074: *
075: * @author <a href="mailto:seade@policypoint.net">Scott Eade</a>
076: * @version $Id$
077: */
078: public abstract class JSONSecureScreen extends JSONScreen {
079: /**
080: * This method overrides the method in JSONScreen to perform a security
081: * check prior to producing the output.
082: *
083: * @param data Turbine information.
084: * @exception Exception, a generic exception.
085: */
086: protected void doOutput(RunData data) throws Exception {
087: if (isAuthorized(data)) {
088: super .doOutput(data);
089: }
090: }
091:
092: /**
093: * Override this method to perform the necessary security checks.
094: *
095: * @param data Turbine information.
096: * @return <code>true</code> if the user is authorized to access the screen.
097: * @exception Exception A generic exception.
098: */
099: protected abstract boolean isAuthorized(RunData data)
100: throws Exception;
101: }
|